Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS8100.roa
File:                     AS8100.roa (raw, json)
Hash identifier:          otdggVOB63UPGeZcSeG45errb3t2T9Kyz1+qR5txSDY=
Subject key identifier:   D3:00:E4:DB:DD:79:89:5B:21:F4:83:BC:13:99:D6:00:33:48:34:99
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       5AB0BFCA902D1221BC3BF9752270B5954AA01A54
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS8100.roa
Signing time:             Thu 27 Feb 2025 16:14:59 +0000
ROA not before:           Thu 27 Feb 2025 16:09:59 +0000
ROA not after:            Thu 26 Feb 2026 16:14:59 +0000
asID:                     8100
IP address blocks:        2a0f:9400:693b::/48 maxlen: 48
                          2a0f:9400:693f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:b0:bf:ca:90:2d:12:21:bc:3b:f9:75:22:70:b5:95:4a:a0:1a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Feb 27 16:09:59 2025 GMT
            Not After : Feb 26 16:14:59 2026 GMT
        Subject: CN=D300E4DBDD79895B21F483BC1399D60033483499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c5:9e:b9:41:77:c0:9e:5e:17:ae:89:95:a3:
                    2f:64:6f:6d:00:f3:05:5a:ec:30:24:6c:ca:43:d4:
                    46:e7:98:a9:6b:ca:9f:d8:90:2c:08:18:9b:a8:32:
                    38:23:de:d1:34:91:cb:e1:67:e3:99:03:ce:6b:74:
                    8d:c8:8e:e4:e5:d5:06:12:2f:a8:e3:d8:e8:3c:2b:
                    ac:8b:86:83:44:46:16:5a:af:c6:47:e4:03:c5:c2:
                    b4:e5:a8:5b:93:a6:c6:09:fa:34:e0:89:67:08:1c:
                    bb:aa:7f:40:31:6e:d1:8e:c9:b6:56:66:b9:1f:b6:
                    eb:0f:a9:f5:1b:69:98:bf:71:58:ce:00:0d:e2:a6:
                    c3:14:62:1d:56:95:6a:41:3f:9e:a2:61:67:fe:6d:
                    ca:37:37:43:34:d8:00:08:5e:51:23:8b:89:40:f7:
                    03:c4:7a:fe:d5:42:b9:cd:a7:5d:c8:8e:7f:91:e4:
                    79:2c:01:68:59:41:82:65:5a:dd:c1:e4:25:18:06:
                    38:a0:bc:92:27:dd:e5:9d:88:3a:c8:3b:a7:21:60:
                    05:f0:e9:d9:ff:e4:cf:f8:c3:70:35:3d:ab:53:58:
                    35:7f:18:ff:46:4c:6d:df:4a:e7:d3:92:c6:06:37:
                    57:9c:14:cf:6c:6a:7c:3a:8c:9f:bb:f0:b8:51:43:
                    53:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:00:E4:DB:DD:79:89:5B:21:F4:83:BC:13:99:D6:00:33:48:34:99
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS8100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:693b::/48
                  2a0f:9400:693f::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:7e:f5:3e:45:7b:b9:e6:9d:4a:08:8d:76:7d:15:d5:00:57:
         6e:37:9c:a2:58:24:11:b2:e7:ed:25:e8:93:21:57:f2:a7:07:
         7a:bd:d8:e3:eb:e1:8e:aa:b5:c2:00:5f:e8:41:5e:60:56:89:
         78:98:01:fa:bf:81:fe:a4:d4:7c:22:56:3d:e0:2f:cf:cc:a1:
         d8:7d:4f:d0:f3:a3:9f:8b:5c:a3:1a:e3:ed:26:0a:bf:f0:cb:
         e6:8c:7c:c2:09:31:ea:53:32:67:7b:37:18:8e:47:f8:7e:d8:
         33:a9:48:65:99:84:bf:42:fc:c5:e4:76:71:89:5b:12:ed:5a:
         59:0f:89:1d:ac:a4:44:c3:71:0a:a1:c0:f0:24:b7:ae:c6:f2:
         ab:d2:1d:63:15:42:e6:e4:87:ca:bb:bc:ee:d3:b2:f6:ff:40:
         a4:2b:f2:a4:66:c4:84:c1:15:aa:1c:01:e2:3a:fb:58:95:2b:
         d8:1a:41:e9:cb:f3:f7:78:70:cf:40:a4:be:68:4d:f4:3e:a5:
         4f:48:01:7e:a1:64:dd:97:ce:02:f0:33:a1:be:9f:06:c8:f4:
         c7:11:e2:8c:e5:9c:27:68:7b:85:43:54:1c:b5:77:70:a5:81:
         85:38:d3:c7:99:46:32:35:02:c3:9e:0f:90:41:33:c9:89:3d:
         08:22:11:2c
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUWrC/ypAtEiG8O/l1InC1lUqgGlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNTAyMjcxNjA5NTlaFw0yNjAyMjYxNjE0NTlaMDMxMTAvBgNV
BAMTKEQzMDBFNERCREQ3OTg5NUIyMUY0ODNCQzEzOTlENjAwMzM0ODM0OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOxZ65QXfAnl4XromVoy9kb20A
8wVa7DAkbMpD1EbnmKlryp/YkCwIGJuoMjgj3tE0kcvhZ+OZA85rdI3IjuTl1QYS
L6jj2Og8K6yLhoNERhZar8ZH5APFwrTlqFuTpsYJ+jTgiWcIHLuqf0AxbtGOybZW
ZrkftusPqfUbaZi/cVjOAA3ipsMUYh1WlWpBP56iYWf+bco3N0M02AAIXlEji4lA
9wPEev7VQrnNp13Ijn+R5HksAWhZQYJlWt3B5CUYBjigvJIn3eWdiDrIO6chYAXw
6dn/5M/4w3A1PatTWDV/GP9GTG3fSufTksYGN1ecFM9sanw6jJ+78LhRQ1P1AgMB
AAGjggHQMIIBzDAdBgNVHQ4EFgQU0wDk2915iVsh9IO8E5nWADNINJkwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBaBggrBgEFBQcBCwROMEwwSgYIKwYBBQUHMAuG
PnJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzgxMDAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwKwYIKwYB
BQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD5QAaTsDBwAqD5QAaT8wDQYJKoZIhvcN
AQELBQADggEBAKF+9T5Fe7nmnUoIjXZ9FdUAV243nKJYJBGy5+0l6JMhV/KnB3q9
2OPr4Y6qtcIAX+hBXmBWiXiYAfq/gf6k1HwiVj3gL8/Modh9T9Dzo5+LXKMa4+0m
Cr/wy+aMfMIJMepTMmd7NxiOR/h+2DOpSGWZhL9C/MXkdnGJWxLtWlkPiR2spETD
cQqhwPAkt67G8qvSHWMVQubkh8q7vO7Tsvb/QKQr8qRmxITBFaocAeI6+1iVK9ga
QenL8/d4cM9ApL5oTfQ+pU9IAX6hZN2XzgLwM6G+nwbI9McR4ozlnCdoe4VDVBy1
d3ClgYU408eZRjI1AsOeD5BBM8mJPQgiESw=
-----END CERTIFICATE-----