This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa
File:                     AS132825.roa (raw, json)
Hash identifier:          cS+hepBg1YIPjRezI3sZjCI6mz/w3XbRrTjUzJ47HHk=
Subject key identifier:   8F:24:AD:48:A2:A1:91:A8:B9:B9:40:7B:4A:B4:39:40:6F:EB:52:CE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       687FF050857AF5069F0067A063954BA6DC755902
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa
Signing time:             Wed 03 Dec 2025 08:55:13 +0000
ROA not before:           Wed 03 Dec 2025 08:50:13 +0000
ROA not after:            Wed 02 Dec 2026 08:55:13 +0000
asID:                     132825
IP address blocks:        181.215.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:42:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:7f:f0:50:85:7a:f5:06:9f:00:67:a0:63:95:4b:a6:dc:75:59:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  3 08:50:13 2025 GMT
            Not After : Dec  2 08:55:13 2026 GMT
        Subject: CN=8F24AD48A2A191A8B9B9407B4AB439406FEB52CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:74:6f:ad:47:67:3e:0f:fc:d1:b4:4c:14:fd:
                    1e:90:8f:9c:f7:a6:19:b8:97:fb:8c:81:ff:10:d2:
                    af:64:50:41:40:1b:ad:48:75:8f:c9:3c:17:9f:04:
                    a8:89:83:72:fa:7c:e0:50:f1:ce:a0:0b:21:a4:5d:
                    8a:ba:de:c3:05:75:c6:7c:11:b0:95:fd:74:ad:b8:
                    03:f4:a3:bf:cb:c4:55:e6:da:81:c3:48:0c:da:42:
                    90:67:c6:e2:da:02:d4:42:12:29:ca:c9:34:92:cd:
                    34:d7:19:f6:46:44:97:37:b6:52:3b:f8:b1:7b:ef:
                    98:cc:8d:37:fd:aa:f1:26:08:8b:79:97:37:07:4e:
                    df:7e:53:e4:97:96:d3:00:ea:b0:fc:88:2b:6e:e9:
                    e4:9f:58:8b:05:2a:96:b4:d6:30:93:52:b2:21:97:
                    2d:97:91:15:7d:c6:ec:d5:54:e1:93:bc:1f:fd:ce:
                    02:dd:6d:a1:6c:51:c1:8e:e8:4a:cb:34:0b:f9:96:
                    f1:a5:3f:49:64:e3:17:eb:9f:82:e9:6e:12:68:0f:
                    b3:f6:41:ad:f8:d1:68:9e:9c:33:59:30:45:13:fe:
                    65:9e:7b:5d:b0:84:48:1e:90:49:6a:73:fa:16:cc:
                    66:09:dc:87:ae:63:b0:f5:e8:7a:9a:0b:0a:e8:b4:
                    2e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:24:AD:48:A2:A1:91:A8:B9:B9:40:7B:4A:B4:39:40:6F:EB:52:CE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:93:16:07:86:97:9d:cd:4c:23:77:bb:1c:fc:82:44:8e:58:
         43:a7:2a:9c:35:f1:2c:72:16:8f:e4:84:35:43:7e:1a:2f:c6:
         c5:e3:44:d7:50:da:59:77:7a:1c:3a:b7:c1:04:d8:fb:da:ae:
         45:a6:fe:7b:54:2b:b6:1d:6c:e6:7d:f3:77:00:83:b5:6c:d8:
         cd:a7:ee:e0:5c:ad:b5:84:61:6e:8b:93:98:a3:cf:42:e7:d6:
         02:94:b5:16:74:bd:66:39:e6:24:bd:1f:92:0d:4c:d7:8d:a9:
         3e:c7:7d:e1:f5:fe:dd:2b:d7:17:ec:69:74:fd:03:57:76:b2:
         3f:3a:f9:8c:aa:c1:88:23:c2:f3:af:f6:13:1a:71:ea:26:ee:
         f8:a0:dd:9b:be:aa:9f:d4:db:68:e7:b5:6a:0d:46:af:a9:b6:
         0f:03:16:98:ff:49:03:24:a7:6d:d3:f0:3f:26:b1:26:bb:5b:
         63:eb:0f:7b:32:fc:b3:50:ca:5e:b0:ee:b4:df:04:18:97:bf:
         b4:7e:04:5c:2c:b0:16:9c:2b:9b:4a:85:1f:b6:a1:4b:8b:bc:
         0c:bc:12:3b:a0:77:bb:fd:c0:f2:b4:1a:57:f2:2a:22:d4:7d:
         b6:79:8a:3f:59:0e:f1:61:e3:4d:65:1a:e7:a3:a2:3c:25:5d:
         7d:d3:f9:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaH/wUIV69QafAGegY5VLptx1WQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMDMwODUwMTNaFw0yNjEyMDIwODU1MTNaMDMxMTAvBgNV
BAMTKDhGMjRBRDQ4QTJBMTkxQThCOUI5NDA3QjRBQjQzOTQwNkZFQjUyQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWdG+tR2c+D/zRtEwU/R6Qj5z3
phm4l/uMgf8Q0q9kUEFAG61IdY/JPBefBKiJg3L6fOBQ8c6gCyGkXYq63sMFdcZ8
EbCV/XStuAP0o7/LxFXm2oHDSAzaQpBnxuLaAtRCEinKyTSSzTTXGfZGRJc3tlI7
+LF775jMjTf9qvEmCIt5lzcHTt9+U+SXltMA6rD8iCtu6eSfWIsFKpa01jCTUrIh
ly2XkRV9xuzVVOGTvB/9zgLdbaFsUcGO6ErLNAv5lvGlP0lk4xfrn4LpbhJoD7P2
Qa340WienDNZMEUT/mWee12whEgekElqc/oWzGYJ3IeuY7D16HqaCwrotC4XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjyStSKKhkai5uUB7SrQ5QG/rUs4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyODI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdf8
MA0GCSqGSIb3DQEBCwUAA4IBAQAqkxYHhpedzUwjd7sc/IJEjlhDpyqcNfEschaP
5IQ1Q34aL8bF40TXUNpZd3ocOrfBBNj72q5Fpv57VCu2HWzmffN3AIO1bNjNp+7g
XK21hGFui5OYo89C59YClLUWdL1mOeYkvR+SDUzXjak+x33h9f7dK9cX7Gl0/QNX
drI/OvmMqsGII8Lzr/YTGnHqJu74oN2bvqqf1Nto57VqDUavqbYPAxaY/0kDJKdt
0/A/JrEmu1tj6w97MvyzUMpesO603wQYl7+0fgRcLLAWnCubSoUftqFLi7wMvBI7
oHe7/cDytBpX8ioi1H22eYo/WQ7xYeNNZRrno6I8JV190/le
-----END CERTIFICATE-----