Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa
File:                     AS7979.roa (raw, json)
Hash identifier:          YfGqN0hexz69isKJBUv02z26yjAxnbOWwIySLNdrspg=
Subject key identifier:   67:D2:FF:47:18:31:BE:D8:91:07:17:68:ED:D8:B7:6C:89:7C:9A:98
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       61B10469228C35FB4F2E2249F2A0CFCB450568CF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     7979
IP address blocks:        143.20.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:b1:04:69:22:8c:35:fb:4f:2e:22:49:f2:a0:cf:cb:45:05:68:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=67D2FF471831BED891071768EDD8B76C897C9A98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:57:89:38:83:84:d3:cc:46:ee:19:dd:cd:d0:
                    1d:2b:15:3f:46:42:ad:f3:1d:3a:1a:08:d9:db:c8:
                    71:e4:d9:77:01:6b:10:67:e8:58:7b:88:7c:e6:45:
                    b7:f7:f2:4d:19:b8:c0:d4:96:64:b4:54:fc:b3:50:
                    5e:98:0d:f6:ca:bf:b9:2a:ce:c9:d7:2d:6b:d5:89:
                    af:3f:93:dc:f1:44:55:10:37:5b:b5:f0:35:e5:4a:
                    a0:68:f5:a9:0d:52:c3:5b:ad:cb:ab:71:62:79:a1:
                    af:e3:9a:55:c4:f4:f1:d7:89:dc:9c:3b:fb:d3:b0:
                    e5:2b:db:51:af:32:6c:bc:0c:54:28:3a:60:9d:03:
                    75:1b:cf:ae:8e:a0:fb:a0:4b:44:d4:8a:f4:72:68:
                    d2:2a:c2:08:94:45:32:dd:78:97:38:ed:ba:92:d6:
                    ce:92:82:60:e1:24:92:d6:37:5a:55:09:ba:01:bb:
                    57:ea:18:ed:c7:fb:32:e6:1b:29:39:49:6e:a4:1f:
                    da:28:f4:93:08:19:23:b4:e6:43:3c:23:28:b3:96:
                    ac:97:8e:30:3d:71:e0:fb:d8:f0:71:7a:09:b7:fa:
                    c3:3c:c6:f7:a5:21:94:a1:67:bb:b8:b2:0d:f9:7e:
                    11:3e:5c:ff:05:a5:1e:39:7f:96:b7:e6:0f:4c:c7:
                    47:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D2:FF:47:18:31:BE:D8:91:07:17:68:ED:D8:B7:6C:89:7C:9A:98
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS7979.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:55:93:5f:c1:b1:08:9e:d4:64:1d:68:ad:8d:a5:15:76:f2:
         60:51:c0:90:48:32:34:17:1b:c6:fa:4c:f4:1e:99:23:17:d1:
         57:ac:b6:89:8c:0c:7f:9d:04:c7:38:67:d0:aa:87:6e:a6:89:
         59:21:36:6c:4f:b3:9f:21:8c:0a:c7:80:76:3c:07:d7:d7:12:
         f8:0f:8e:4b:a0:9d:a6:94:c7:af:18:ce:b4:b2:89:28:80:6a:
         13:01:66:61:28:7b:7a:0e:b2:77:07:6b:d1:8b:6b:c9:4b:fe:
         ba:fa:ee:0f:7a:f7:57:be:bb:7a:6b:c7:b1:a3:bd:b3:48:5b:
         c3:fb:97:2e:d5:eb:c5:12:71:31:88:4f:d2:36:c4:eb:cc:aa:
         3f:3c:75:6c:b4:d9:c8:90:3f:1c:05:6d:6a:12:4c:4f:e8:51:
         11:5e:1e:fc:3f:6b:42:fc:47:98:da:9e:43:d5:cf:7c:3c:39:
         d2:f7:b7:28:ad:69:62:5d:0d:12:0e:02:e3:ef:54:1b:50:31:
         d5:e1:9f:3d:8d:d6:7c:8c:4d:e7:ae:54:c7:3f:20:71:f0:51:
         ea:7c:68:a6:3c:a8:9b:04:b0:16:48:29:83:36:0e:94:a4:9d:
         62:8b:a1:2b:6f:77:50:06:f0:38:13:53:1f:7e:24:df:e7:77:
         2b:27:ad:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUYbEEaSKMNftPLiJJ8qDPy0UFaM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKDY3RDJGRjQ3MTgzMUJFRDg5MTA3MTc2OEVERDhCNzZDODk3QzlBOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuV4k4g4TTzEbuGd3N0B0rFT9G
Qq3zHToaCNnbyHHk2XcBaxBn6Fh7iHzmRbf38k0ZuMDUlmS0VPyzUF6YDfbKv7kq
zsnXLWvVia8/k9zxRFUQN1u18DXlSqBo9akNUsNbrcurcWJ5oa/jmlXE9PHXidyc
O/vTsOUr21GvMmy8DFQoOmCdA3Ubz66OoPugS0TUivRyaNIqwgiURTLdeJc47bqS
1s6SgmDhJJLWN1pVCboBu1fqGO3H+zLmGyk5SW6kH9oo9JMIGSO05kM8IyizlqyX
jjA9ceD72PBxegm3+sM8xvelIZShZ7u4sg35fhE+XP8FpR45f5a35g9Mx0dPAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUZ9L/RxgxvtiRBxdo7di3bIl8mpgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNzk3OS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UcTAN
BgkqhkiG9w0BAQsFAAOCAQEASVWTX8GxCJ7UZB1orY2lFXbyYFHAkEgyNBcbxvpM
9B6ZIxfRV6y2iYwMf50Exzhn0KqHbqaJWSE2bE+znyGMCseAdjwH19cS+A+OS6Cd
ppTHrxjOtLKJKIBqEwFmYSh7eg6ydwdr0YtryUv+uvruD3r3V767emvHsaO9s0hb
w/uXLtXrxRJxMYhP0jbE68yqPzx1bLTZyJA/HAVtahJMT+hREV4e/D9rQvxHmNqe
Q9XPfDw50ve3KK1pYl0NEg4C4+9UG1Ax1eGfPY3WfIxN565Uxz8gcfBR6nxopjyo
mwSwFkgpgzYOlKSdYouhK293UAbwOBNTH34k3+d3KyetGg==
-----END CERTIFICATE-----