This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          DfIZ3iokQTI9cHv0HMShV8ODpEBo1kblUR+8hmC3etc=
Subject key identifier:   82:9C:59:EE:4E:A9:68:92:67:B4:9D:0F:ED:2B:73:FE:4C:59:DA:74
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2B5B0520F33038E66CB79F68B5BF90CC531450D8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS996.roa
Signing time:             Mon 10 Nov 2025 02:13:04 +0000
ROA not before:           Mon 10 Nov 2025 02:08:04 +0000
ROA not after:            Mon 09 Nov 2026 02:13:04 +0000
asID:                     996
IP address blocks:        167.148.130.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 21:22:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:5b:05:20:f3:30:38:e6:6c:b7:9f:68:b5:bf:90:cc:53:14:50:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov 10 02:08:04 2025 GMT
            Not After : Nov  9 02:13:04 2026 GMT
        Subject: CN=829C59EE4EA9689267B49D0FED2B73FE4C59DA74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c5:37:14:10:0c:7a:44:cd:5b:2e:be:13:06:
                    90:9a:25:9f:3d:3d:1c:c7:12:dd:ca:63:56:33:c9:
                    3f:91:15:66:59:ef:c5:44:17:95:0e:a0:d8:68:5e:
                    10:ff:1a:bb:b8:d9:0f:bc:3a:c8:e4:e8:a5:9b:0b:
                    bd:9f:ec:00:a8:ab:99:68:2d:d9:ae:4c:4e:0a:cf:
                    23:fd:82:06:fc:5e:c4:3d:be:74:76:ff:4f:33:52:
                    e2:b4:ec:1c:60:e8:5b:c2:18:07:52:6e:d5:c0:e4:
                    f0:f1:e0:b2:ce:60:b9:91:c9:d3:3b:0f:3f:3b:80:
                    82:d5:09:fd:f4:c4:5e:7a:7a:1e:e7:15:d5:ec:d8:
                    1b:c7:4b:11:38:3b:04:82:5a:02:b5:12:39:e9:cb:
                    da:a8:6c:f5:17:3d:60:36:01:1c:e9:9b:08:15:84:
                    f2:61:75:fb:0d:d0:d9:7a:09:35:f6:5e:1d:cd:fb:
                    88:d8:2c:96:c3:38:97:49:c1:67:5c:3b:8c:c6:0e:
                    5a:a7:c8:23:49:96:61:bc:77:d7:50:63:d8:d6:69:
                    0e:ab:06:97:94:7a:69:1c:52:68:df:39:b6:c7:46:
                    0f:18:1b:d6:63:86:f8:ce:35:8a:10:a8:06:9b:92:
                    73:c6:d8:5a:9d:ca:77:d0:52:51:14:33:43:b1:72:
                    99:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:9C:59:EE:4E:A9:68:92:67:B4:9D:0F:ED:2B:73:FE:4C:59:DA:74
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:48:63:10:ce:fc:62:3d:d8:b2:63:53:94:27:f3:3b:8c:8f:
         12:90:9b:b4:d0:6e:c4:b3:fb:08:8d:d2:3a:90:6c:3c:3b:61:
         69:7d:09:75:34:ef:98:f2:2c:89:8d:16:7a:a7:fd:e5:55:e1:
         61:1d:22:4c:91:ea:cb:ac:b9:40:87:45:b6:8a:e4:e3:1a:a0:
         a5:78:50:ae:07:be:5b:fe:84:74:5b:8d:f2:3a:4e:d7:8e:1a:
         40:da:99:a8:52:62:f3:1b:79:b7:0d:7f:15:33:65:f1:41:5e:
         67:c0:3b:d5:7c:46:17:c9:84:c5:91:4a:05:2f:7b:36:74:0d:
         8c:1e:67:28:b3:d1:29:b4:5e:76:ce:79:ec:c7:77:11:40:e5:
         b8:57:33:c9:f4:3a:86:31:7e:b2:2f:6c:cb:00:6b:e7:a2:e2:
         fb:06:fe:c3:2b:a0:98:c0:71:21:7f:d8:4a:bc:6a:df:ef:2f:
         fb:29:e5:29:a6:59:55:f9:f7:3c:72:d7:b1:04:1d:de:21:ef:
         03:cc:ba:dd:4d:ab:3e:7f:93:57:e5:3d:eb:8a:06:5e:57:b1:
         a1:1f:38:e6:65:39:0c:d7:a9:80:23:84:ee:0a:f0:88:55:9d:
         4a:7b:95:c2:f6:51:3b:96:fb:4e:d9:51:ce:ff:18:98:ab:63:
         d5:8d:d8:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUK1sFIPMwOOZst59otb+QzFMUUNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTExMTAwMjA4MDRaFw0yNjExMDkwMjEzMDRaMDMxMTAvBgNV
BAMTKDgyOUM1OUVFNEVBOTY4OTI2N0I0OUQwRkVEMkI3M0ZFNEM1OURBNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1xTcUEAx6RM1bLr4TBpCaJZ89
PRzHEt3KY1YzyT+RFWZZ78VEF5UOoNhoXhD/Gru42Q+8Osjk6KWbC72f7ACoq5lo
LdmuTE4KzyP9ggb8XsQ9vnR2/08zUuK07Bxg6FvCGAdSbtXA5PDx4LLOYLmRydM7
Dz87gILVCf30xF56eh7nFdXs2BvHSxE4OwSCWgK1Ejnpy9qobPUXPWA2ARzpmwgV
hPJhdfsN0Nl6CTX2Xh3N+4jYLJbDOJdJwWdcO4zGDlqnyCNJlmG8d9dQY9jWaQ6r
BpeUemkcUmjfObbHRg8YG9ZjhvjONYoQqAabknPG2FqdynfQUlEUM0OxcpnRAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUgpxZ7k6paJJntJ0P7Stz/kxZ2nQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBp5SCMA0G
CSqGSIb3DQEBCwUAA4IBAQApSGMQzvxiPdiyY1OUJ/M7jI8SkJu00G7Es/sIjdI6
kGw8O2FpfQl1NO+Y8iyJjRZ6p/3lVeFhHSJMkerLrLlAh0W2iuTjGqCleFCuB75b
/oR0W43yOk7XjhpA2pmoUmLzG3m3DX8VM2XxQV5nwDvVfEYXyYTFkUoFL3s2dA2M
Hmcos9EptF52znnsx3cRQOW4VzPJ9DqGMX6yL2zLAGvnouL7Bv7DK6CYwHEhf9hK
vGrf7y/7KeUppllV+fc8ctexBB3eIe8DzLrdTas+f5NX5T3rigZeV7GhHzjmZTkM
16mAI4TuCvCIVZ1Ke5XC9lE7lvtO2VHO/xiYq2PVjdi3
-----END CERTIFICATE-----