Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa
File:                     AS7979.roa (raw, json)
Hash identifier:          aoDaEoN+cqHQhfzcLnPKk0r0MB/Q9cEOxi3hTfKvZik=
Subject key identifier:   81:BA:88:2D:92:AA:5A:73:DF:30:73:9B:75:5B:DD:5B:5E:E9:AD:97
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6A46688E8E06F0B2B25762F2C954E87BDB4EB170
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa
Signing time:             Thu 07 May 2026 17:47:11 +0000
ROA not before:           Thu 07 May 2026 17:42:11 +0000
ROA not after:            Thu 06 May 2027 17:47:11 +0000
asID:                     7979
IP address blocks:        143.20.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:46:68:8e:8e:06:f0:b2:b2:57:62:f2:c9:54:e8:7b:db:4e:b1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  7 17:42:11 2026 GMT
            Not After : May  6 17:47:11 2027 GMT
        Subject: CN=81BA882D92AA5A73DF30739B755BDD5B5EE9AD97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bf:f6:97:68:c1:42:da:6b:c4:6b:60:0f:7f:
                    c5:26:9d:a2:49:7a:30:dd:76:c4:63:f2:ac:86:2a:
                    67:b4:12:79:56:ab:29:65:55:92:9d:5c:9b:14:fc:
                    e9:93:7d:02:ab:fe:fd:a6:17:3a:64:40:d8:34:1f:
                    bf:62:9b:10:fa:cb:3f:24:10:e7:b8:6a:db:ce:3b:
                    64:5c:a5:10:c4:9e:a3:b9:4f:27:a6:ef:42:8b:86:
                    89:c6:d2:d8:b1:61:46:af:7f:5c:57:f1:ca:28:2a:
                    49:d2:4d:64:b3:ea:91:b5:bd:bd:7f:2e:15:62:a4:
                    e7:e0:81:4a:7f:c6:ee:1b:3d:e3:dd:f5:27:69:c0:
                    17:31:57:74:eb:5a:03:4c:63:1e:58:14:e2:3e:c0:
                    60:02:43:0a:3d:5e:f0:af:43:7f:50:bc:c1:2e:92:
                    76:b6:ae:25:30:a8:2d:8b:5d:06:15:22:5c:95:a6:
                    29:f8:bd:16:63:dd:ad:10:1d:3b:8d:e5:bc:5d:48:
                    93:a1:03:be:e2:4c:bb:fa:4b:57:99:6a:7d:d6:52:
                    bb:78:22:b9:17:dc:5d:9e:ce:6a:f3:c5:f4:23:82:
                    fc:4e:f6:0b:c0:97:be:48:08:ae:3f:47:04:c5:67:
                    e8:4f:ee:7a:15:de:77:87:02:20:2c:da:2d:9c:63:
                    01:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:BA:88:2D:92:AA:5A:73:DF:30:73:9B:75:5B:DD:5B:5E:E9:AD:97
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:94:f2:d3:3c:99:92:0e:47:cd:a9:4a:f0:83:c4:0c:11:a2:
         ca:d2:10:f7:24:2d:5f:70:4b:b1:2c:de:59:2a:f0:6d:d8:09:
         eb:bc:f6:44:af:53:85:3f:f9:8e:61:c6:6d:94:f3:0e:db:28:
         e0:5f:18:62:e0:df:62:d2:cd:70:b8:df:11:d2:cb:cd:27:81:
         91:87:c4:8b:68:62:9a:31:35:92:38:d5:20:5b:93:2b:0f:99:
         4c:a4:5a:82:77:11:2e:72:1f:e5:13:d8:6e:08:30:fe:5c:b1:
         31:5a:fb:c5:e2:a0:4b:21:32:0d:59:c9:3c:cd:ce:d4:e9:fe:
         75:f8:09:4c:81:c6:95:54:db:bd:8d:c6:f4:f4:ff:48:f0:c8:
         0c:d1:a0:9a:93:14:57:df:c5:0d:19:85:21:a3:8d:df:f8:15:
         e1:51:8e:26:7f:98:33:07:bf:92:2b:2d:9c:50:b5:29:e4:c2:
         97:11:9e:4c:cf:a5:ae:99:ce:78:12:11:0f:9e:75:de:09:e7:
         2b:62:ab:c1:f0:5d:bb:50:a5:cb:c5:c7:ab:ce:29:40:a9:a3:
         ad:f8:f8:22:cd:05:1e:ed:74:df:2e:71:2f:0f:71:08:da:1b:
         67:e5:aa:1c:59:2a:44:23:03:d5:57:01:be:e1:81:80:05:31:
         66:3a:04:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUakZojo4G8LKyV2LyyVToe9tOsXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDcxNzQyMTFaFw0yNzA1MDYxNzQ3MTFaMDMxMTAvBgNV
BAMTKDgxQkE4ODJEOTJBQTVBNzNERjMwNzM5Qjc1NUJERDVCNUVFOUFEOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhv/aXaMFC2mvEa2APf8UmnaJJ
ejDddsRj8qyGKme0EnlWqyllVZKdXJsU/OmTfQKr/v2mFzpkQNg0H79imxD6yz8k
EOe4atvOO2RcpRDEnqO5Tyem70KLhonG0tixYUavf1xX8cooKknSTWSz6pG1vb1/
LhVipOfggUp/xu4bPePd9SdpwBcxV3TrWgNMYx5YFOI+wGACQwo9XvCvQ39QvMEu
kna2riUwqC2LXQYVIlyVpin4vRZj3a0QHTuN5bxdSJOhA77iTLv6S1eZan3WUrt4
IrkX3F2ezmrzxfQjgvxO9gvAl75ICK4/RwTFZ+hP7noV3neHAiAs2i2cYwF3AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUgbqILZKqWnPfMHObdVvdW17prZcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNzk3OS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UcTAN
BgkqhkiG9w0BAQsFAAOCAQEAlZTy0zyZkg5HzalK8IPEDBGiytIQ9yQtX3BLsSze
WSrwbdgJ67z2RK9ThT/5jmHGbZTzDtso4F8YYuDfYtLNcLjfEdLLzSeBkYfEi2hi
mjE1kjjVIFuTKw+ZTKRagncRLnIf5RPYbggw/lyxMVr7xeKgSyEyDVnJPM3O1On+
dfgJTIHGlVTbvY3G9PT/SPDIDNGgmpMUV9/FDRmFIaON3/gV4VGOJn+YMwe/kist
nFC1KeTClxGeTM+lrpnOeBIRD5513gnnK2KrwfBdu1Cly8XHq84pQKmjrfj4Is0F
Hu103y5xLw9xCNobZ+WqHFkqRCMD1VcBvuGBgAUxZjoEfw==
-----END CERTIFICATE-----