This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          +4pOHrABsOpPj5oeZg32zRSTUKK4vwEXM7D9hbJqKdc=
Subject key identifier:   B3:86:A8:E7:E0:75:5B:D8:1B:3F:C3:89:A8:F9:EE:DA:B9:8B:2F:AE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4DDAA94B907459E0C2036063F306D452EB2E6653
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
Signing time:             Tue 13 Jan 2026 00:55:33 +0000
ROA not before:           Tue 13 Jan 2026 00:50:33 +0000
ROA not after:            Tue 12 Jan 2027 00:55:33 +0000
asID:                     399486
IP address blocks:        85.209.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:51:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:da:a9:4b:90:74:59:e0:c2:03:60:63:f3:06:d4:52:eb:2e:66:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 13 00:50:33 2026 GMT
            Not After : Jan 12 00:55:33 2027 GMT
        Subject: CN=B386A8E7E0755BD81B3FC389A8F9EEDAB98B2FAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ed:93:94:58:a1:2e:28:59:a6:0e:60:c5:18:
                    46:ae:e6:2c:b8:dd:48:4c:69:b0:de:6e:49:90:9f:
                    70:2f:c1:af:7b:a7:59:da:c7:2c:23:dd:fa:26:6e:
                    42:af:c9:79:62:d6:1a:30:36:e5:85:64:74:a1:bc:
                    7b:2f:fc:36:c8:e5:26:05:c3:5c:52:c9:d0:2f:70:
                    11:73:31:62:b0:80:37:b4:95:eb:8a:85:a0:db:4b:
                    63:b0:eb:a6:e9:60:9e:76:04:ab:49:26:6e:27:2d:
                    15:b1:ba:49:68:a9:b2:5a:ba:5f:8a:7a:c7:31:99:
                    33:91:0f:c9:40:68:6c:11:7e:ef:d7:9a:a4:8f:53:
                    98:67:0c:53:12:c9:c3:c5:88:9b:d1:25:f3:7f:e1:
                    b2:fe:9b:1e:b1:68:75:99:29:10:1d:1b:a5:76:cb:
                    56:55:03:4a:b4:d0:bb:42:15:44:90:01:8b:37:ef:
                    1d:64:c4:67:41:a2:10:86:2a:60:88:96:d4:6c:1e:
                    68:53:4a:75:62:a7:a3:ff:eb:a5:98:fd:f1:47:20:
                    ee:96:b8:d3:56:f9:83:a2:3b:23:20:e9:cc:bc:98:
                    f1:bd:3e:61:27:44:57:50:3e:26:37:72:e7:4b:3b:
                    d3:dd:37:2e:d5:02:ed:92:32:13:1c:65:ae:85:a8:
                    c3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:86:A8:E7:E0:75:5B:D8:1B:3F:C3:89:A8:F9:EE:DA:B9:8B:2F:AE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:70:fa:65:43:f1:92:f8:d0:0f:9b:ca:5a:e4:89:70:12:37:
         f2:0a:d5:2e:cc:18:ff:ad:1e:9e:ef:d8:02:4e:c4:7a:17:0c:
         a5:c6:ad:ca:11:83:24:39:89:8e:0d:b6:be:cb:b2:80:90:1b:
         e8:58:64:a5:ed:06:99:11:1d:83:a3:cd:04:af:e3:ea:6d:d2:
         4d:ba:85:fb:e9:a0:b6:82:ab:db:5e:12:87:20:bd:7c:0e:f5:
         c2:14:e3:c4:87:7c:cd:11:50:04:48:8e:ea:87:6d:93:f5:f1:
         d0:41:52:4f:1d:cc:75:ca:94:cb:01:5b:2f:30:36:02:67:cf:
         60:8f:b7:d2:3e:de:da:49:18:31:fd:26:ed:06:5d:04:03:fb:
         ee:09:3e:74:50:80:6b:70:07:47:bc:ac:f5:fa:c7:35:0b:ed:
         f0:ce:ba:a5:78:3a:7e:56:10:16:33:a5:0a:9e:78:3c:7f:1b:
         b7:51:eb:b5:a5:aa:7d:34:f9:88:84:cf:8e:22:f4:ab:84:17:
         da:72:52:e6:d2:a4:5c:02:70:42:dd:7c:3c:7c:ce:2e:17:11:
         0a:00:96:f9:cd:34:b3:94:a6:9c:41:75:bc:b8:21:51:fc:53:
         88:be:2e:90:2c:c2:0b:a4:56:6d:c2:ae:02:94:4d:a3:33:ac:
         fe:da:46:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTdqpS5B0WeDCA2Bj8wbUUusuZlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAxMTMwMDUwMzNaFw0yNzAxMTIwMDU1MzNaMDMxMTAvBgNV
BAMTKEIzODZBOEU3RTA3NTVCRDgxQjNGQzM4OUE4RjlFRURBQjk4QjJGQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk7ZOUWKEuKFmmDmDFGEau5iy4
3UhMabDebkmQn3Avwa97p1naxywj3fombkKvyXli1howNuWFZHShvHsv/DbI5SYF
w1xSydAvcBFzMWKwgDe0leuKhaDbS2Ow66bpYJ52BKtJJm4nLRWxukloqbJaul+K
escxmTORD8lAaGwRfu/XmqSPU5hnDFMSycPFiJvRJfN/4bL+mx6xaHWZKRAdG6V2
y1ZVA0q00LtCFUSQAYs37x1kxGdBohCGKmCIltRsHmhTSnVip6P/66WY/fFHIO6W
uNNW+YOiOyMg6cy8mPG9PmEnRFdQPiY3cudLO9PdNy7VAu2SMhMcZa6FqMNJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUs4ao5+B1W9gbP8OJqPnu2rmLL64wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGw
MA0GCSqGSIb3DQEBCwUAA4IBAQABcPplQ/GS+NAPm8pa5IlwEjfyCtUuzBj/rR6e
79gCTsR6Fwylxq3KEYMkOYmODba+y7KAkBvoWGSl7QaZER2Do80Er+PqbdJNuoX7
6aC2gqvbXhKHIL18DvXCFOPEh3zNEVAESI7qh22T9fHQQVJPHcx1ypTLAVsvMDYC
Z89gj7fSPt7aSRgx/SbtBl0EA/vuCT50UIBrcAdHvKz1+sc1C+3wzrqleDp+VhAW
M6UKnng8fxu3Ueu1pap9NPmIhM+OIvSrhBfaclLm0qRcAnBC3Xw8fM4uFxEKAJb5
zTSzlKacQXW8uCFR/FOIvi6QLMILpFZtwq4ClE2jM6z+2kbt
-----END CERTIFICATE-----