This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa
File:                     AS396073.roa (raw, json)
Hash identifier:          t3hw8ObKmMMZM8sKA8xvf2Ofho4ZA7BYBWJIE3qjjqc=
Subject key identifier:   2D:6A:4B:2E:68:E5:D8:0D:7B:35:FD:DC:79:74:6F:0B:06:92:8B:AC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       04066218E254EE2C92114C22EBE0B741976DB105
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa
Signing time:             Wed 03 Dec 2025 08:55:12 +0000
ROA not before:           Wed 03 Dec 2025 08:50:12 +0000
ROA not after:            Wed 02 Dec 2026 08:55:12 +0000
asID:                     396073
IP address blocks:        191.101.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:42:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:06:62:18:e2:54:ee:2c:92:11:4c:22:eb:e0:b7:41:97:6d:b1:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  3 08:50:12 2025 GMT
            Not After : Dec  2 08:55:12 2026 GMT
        Subject: CN=2D6A4B2E68E5D80D7B35FDDC79746F0B06928BAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:d8:84:28:66:cf:0c:7a:12:ad:79:bb:77:
                    aa:01:a7:07:2a:36:f3:f2:60:82:56:14:2e:ab:a9:
                    32:ca:41:9e:89:96:d2:1b:e0:d3:07:e1:97:53:e7:
                    ee:33:1f:12:40:b9:af:ae:73:1d:22:11:7d:9b:69:
                    8a:df:82:3b:45:b2:b4:b5:ae:a4:98:a8:37:0e:79:
                    86:a0:75:b4:25:59:b8:ea:71:13:79:50:8a:22:d0:
                    70:44:fa:95:10:c5:8e:f3:73:ec:f5:b4:f1:75:a6:
                    d0:0f:4e:9f:da:35:32:70:34:a3:c6:67:de:98:96:
                    cf:5e:d4:42:11:3a:8b:9e:bf:9c:df:1d:9f:4d:ab:
                    70:d8:c1:4d:de:1a:b6:01:25:c0:52:33:3f:d0:c8:
                    ae:b4:ae:c0:ac:95:10:e4:ff:94:43:f7:3e:9d:7b:
                    f3:ab:c4:17:fe:cb:be:d4:65:98:20:2b:8e:4b:cf:
                    4c:b1:6d:5c:0b:a8:2d:c8:d0:bc:58:a0:b2:c2:dd:
                    32:2e:b8:d4:35:c0:bd:aa:ed:e0:41:dc:f2:49:d8:
                    56:37:62:ec:1d:2d:2d:a2:57:32:d8:2a:0d:d1:54:
                    fc:d4:77:29:74:59:0c:0e:67:dd:c5:eb:c7:61:f4:
                    b9:66:d5:d6:6f:97:45:a0:74:ca:ad:dd:82:7b:64:
                    e3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6A:4B:2E:68:E5:D8:0D:7B:35:FD:DC:79:74:6F:0B:06:92:8B:AC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:25:42:5a:86:85:1b:83:48:a1:56:fd:1d:8b:89:dd:ff:ff:
         fd:b1:81:32:92:3a:82:27:dc:79:37:a7:1b:1c:fd:05:3a:88:
         35:80:22:02:dc:d9:3a:b2:d2:7f:56:22:9c:a1:a7:58:d4:0f:
         b4:a5:02:e4:79:c3:9d:08:e1:96:5f:ea:9b:74:31:4f:dd:04:
         7b:09:0d:49:d1:e3:f1:f8:1f:95:62:06:37:09:0c:ab:05:2b:
         cc:02:dd:83:24:d4:ea:37:bb:8d:9f:7f:b4:01:b4:68:11:6b:
         c8:03:30:bf:33:fc:24:29:7e:7f:9e:a1:79:a4:cd:63:e4:d8:
         95:17:71:db:d3:3d:66:63:ed:1d:b9:2b:fa:bf:a7:ff:46:26:
         19:2a:83:59:ad:38:b0:b7:16:e7:62:5e:0c:e3:24:bc:04:82:
         09:dc:f9:97:75:64:be:d0:45:f7:c5:95:d1:32:46:d6:27:94:
         33:ab:fc:bb:1f:f8:a6:93:ac:36:b0:0a:2d:01:3c:47:4b:91:
         35:3e:06:2d:f9:1a:9b:49:0f:d7:14:ac:bf:ee:6b:29:eb:a5:
         bf:d6:33:52:58:d5:eb:6a:c9:57:e1:ce:43:20:ca:b1:72:b4:
         92:34:83:cd:cd:d7:67:71:c7:e7:90:07:af:c2:e4:4b:28:7d:
         26:1b:e7:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBAZiGOJU7iySEUwi6+C3QZdtsQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMDMwODUwMTJaFw0yNjEyMDIwODU1MTJaMDMxMTAvBgNV
BAMTKDJENkE0QjJFNjhFNUQ4MEQ3QjM1RkREQzc5NzQ2RjBCMDY5MjhCQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycdiEKGbPDHoSrXm7d6oBpwcq
NvPyYIJWFC6rqTLKQZ6JltIb4NMH4ZdT5+4zHxJAua+ucx0iEX2baYrfgjtFsrS1
rqSYqDcOeYagdbQlWbjqcRN5UIoi0HBE+pUQxY7zc+z1tPF1ptAPTp/aNTJwNKPG
Z96Yls9e1EIROouev5zfHZ9Nq3DYwU3eGrYBJcBSMz/QyK60rsCslRDk/5RD9z6d
e/OrxBf+y77UZZggK45Lz0yxbVwLqC3I0LxYoLLC3TIuuNQ1wL2q7eBB3PJJ2FY3
YuwdLS2iVzLYKg3RVPzUdyl0WQwOZ93F68dh9Llm1dZvl0WgdMqt3YJ7ZOMpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULWpLLmjl2A17Nf3ceXRvCwaSi6wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WC
MA0GCSqGSIb3DQEBCwUAA4IBAQA1JUJahoUbg0ihVv0di4nd///9sYEykjqCJ9x5
N6cbHP0FOog1gCIC3Nk6stJ/ViKcoadY1A+0pQLkecOdCOGWX+qbdDFP3QR7CQ1J
0ePx+B+VYgY3CQyrBSvMAt2DJNTqN7uNn3+0AbRoEWvIAzC/M/wkKX5/nqF5pM1j
5NiVF3Hb0z1mY+0duSv6v6f/RiYZKoNZrTiwtxbnYl4M4yS8BIIJ3PmXdWS+0EX3
xZXRMkbWJ5Qzq/y7H/imk6w2sAotATxHS5E1PgYt+RqbSQ/XFKy/7msp66W/1jNS
WNXraslX4c5DIMqxcrSSNIPNzddnccfnkAevwuRLKH0mG+cK
-----END CERTIFICATE-----