This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36002.roa
File:                     AS36002.roa (raw, json)
Hash identifier:          YwHs99+lRsSYzp/yvQlN3ctbVELXVxPp1pf58bGTuqg=
Subject key identifier:   10:B9:97:D8:91:3F:DE:8F:69:75:4F:CD:3F:52:80:D3:A9:4A:E1:D0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       482CA3D734B8F6CBA47EBCC94D232B3317C0D717
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36002.roa
Signing time:             Fri 26 Dec 2025 06:10:43 +0000
ROA not before:           Fri 26 Dec 2025 06:05:43 +0000
ROA not after:            Fri 25 Dec 2026 06:10:43 +0000
asID:                     36002
IP address blocks:        191.101.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 20:18:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:2c:a3:d7:34:b8:f6:cb:a4:7e:bc:c9:4d:23:2b:33:17:c0:d7:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 26 06:05:43 2025 GMT
            Not After : Dec 25 06:10:43 2026 GMT
        Subject: CN=10B997D8913FDE8F69754FCD3F5280D3A94AE1D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ff:0e:d2:3a:96:b4:73:02:47:f6:32:1f:5e:b7:
                    f7:da:d4:77:db:1e:55:2b:c1:82:16:15:31:01:a4:
                    36:94:db:8a:9b:a9:d3:03:d2:c9:78:5a:64:af:11:
                    f7:6a:d8:a6:b4:10:b0:b4:fd:29:cc:e5:d7:62:84:
                    2d:1b:40:9f:42:65:b5:34:33:d3:30:21:94:87:c5:
                    53:f1:d1:95:33:65:75:f7:6c:e3:8e:ed:47:15:0c:
                    22:0b:c4:58:98:dd:eb:a7:54:26:b3:c3:db:83:ea:
                    6c:37:92:79:b7:1f:42:05:e3:0d:66:4d:85:05:58:
                    97:43:9c:13:1a:40:45:07:0c:64:1b:53:25:57:06:
                    76:77:5f:c2:82:48:a6:76:4e:57:fb:75:a4:a8:0d:
                    e8:11:cb:fa:84:6c:b4:6c:be:a4:b3:fa:d0:92:7a:
                    c8:1e:78:fa:13:8f:91:66:e7:4f:ef:31:e5:27:0d:
                    a9:18:b9:4e:5f:9d:39:b1:21:f3:95:1f:4e:ee:e8:
                    1f:ab:59:1b:2f:b6:76:05:16:e3:5c:72:6a:fb:85:
                    8f:3d:c3:24:47:1a:f6:07:4c:9a:c1:de:bf:d0:45:
                    3a:ff:b8:89:9b:22:a7:87:d3:f5:d6:4b:d3:c7:ac:
                    73:7b:02:71:67:c8:a0:90:3d:92:10:f6:66:df:3a:
                    a3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B9:97:D8:91:3F:DE:8F:69:75:4F:CD:3F:52:80:D3:A9:4A:E1:D0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:7e:5c:22:d8:6b:18:31:11:23:b7:3e:26:ee:52:a2:89:4c:
         04:00:79:5f:26:67:97:7a:1c:b8:5f:04:a4:58:dc:67:25:d8:
         ae:3a:e8:b3:d8:69:be:c2:0b:88:5c:92:61:98:a1:f1:8b:7e:
         6a:9f:98:cf:cb:81:c5:f0:6f:44:25:7f:13:40:e0:87:3b:f7:
         07:af:6f:07:87:d4:97:55:5f:d6:3d:18:81:75:a4:71:d0:5e:
         fb:08:fe:69:25:f3:9c:d7:89:b3:5c:83:d0:ff:0e:9f:16:f7:
         24:7e:df:fd:d3:ee:b9:75:86:10:e1:64:df:fe:e2:61:19:4f:
         16:7f:e4:3b:ee:39:db:86:04:7d:4d:25:27:e2:ab:02:be:eb:
         b1:da:c3:c6:d5:76:cd:7c:27:38:8c:38:f8:32:f6:5f:b2:ce:
         a0:e0:84:11:2e:ca:84:78:8e:75:ec:11:fe:a4:0b:75:90:9e:
         12:a9:32:2d:6d:0a:d7:4a:9e:76:e4:02:5c:47:ad:e6:d1:dc:
         ba:02:fd:a8:3d:f1:c5:0c:08:ca:39:5f:95:a3:a4:ff:36:58:
         b9:a8:d6:0b:9f:44:3e:c4:76:23:cf:05:f5:b0:f5:98:66:36:
         a3:e1:44:1b:20:2c:cb:cf:94:3d:e7:0c:29:76:6c:cc:8e:03:
         6f:05:50:d3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSCyj1zS49sukfrzJTSMrMxfA1xcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMjYwNjA1NDNaFw0yNjEyMjUwNjEwNDNaMDMxMTAvBgNV
BAMTKDEwQjk5N0Q4OTEzRkRFOEY2OTc1NEZDRDNGNTI4MEQzQTk0QUUxRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/DtI6lrRzAkf2Mh9et/fa1Hfb
HlUrwYIWFTEBpDaU24qbqdMD0sl4WmSvEfdq2Ka0ELC0/SnM5ddihC0bQJ9CZbU0
M9MwIZSHxVPx0ZUzZXX3bOOO7UcVDCILxFiY3eunVCazw9uD6mw3knm3H0IF4w1m
TYUFWJdDnBMaQEUHDGQbUyVXBnZ3X8KCSKZ2Tlf7daSoDegRy/qEbLRsvqSz+tCS
esgeePoTj5Fm50/vMeUnDakYuU5fnTmxIfOVH07u6B+rWRsvtnYFFuNccmr7hY89
wyRHGvYHTJrB3r/QRTr/uImbIqeH0/XWS9PHrHN7AnFnyKCQPZIQ9mbfOqPTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUELmX2JE/3o9pdU/NP1KA06lK4dAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzYwMDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZYQw
DQYJKoZIhvcNAQELBQADggEBAIl+XCLYaxgxESO3PibuUqKJTAQAeV8mZ5d6HLhf
BKRY3Gcl2K466LPYab7CC4hckmGYofGLfmqfmM/LgcXwb0QlfxNA4Ic79wevbweH
1JdVX9Y9GIF1pHHQXvsI/mkl85zXibNcg9D/Dp8W9yR+3/3T7rl1hhDhZN/+4mEZ
TxZ/5DvuOduGBH1NJSfiqwK+67Haw8bVds18JziMOPgy9l+yzqDghBEuyoR4jnXs
Ef6kC3WQnhKpMi1tCtdKnnbkAlxHrebR3LoC/ag98cUMCMo5X5WjpP82WLmo1guf
RD7EdiPPBfWw9ZhmNqPhRBsgLMvPlD3nDCl2bMyOA28FUNM=
-----END CERTIFICATE-----