This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          1STbh6cEXfuq+06Ru57D3AbuRJ9iCc15LQ3VlxJDnsk=
Subject key identifier:   BB:86:C3:36:7C:C9:A0:80:F3:23:97:21:A0:2C:32:CD:C0:1D:DE:31
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6122D5E65DB77D0969FFBFE4A943DA5E670E58B9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa
Signing time:             Fri 28 Nov 2025 17:06:25 +0000
ROA not before:           Fri 28 Nov 2025 17:01:25 +0000
ROA not after:            Fri 27 Nov 2026 17:06:25 +0000
asID:                     23470
IP address blocks:        82.22.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 00:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:22:d5:e6:5d:b7:7d:09:69:ff:bf:e4:a9:43:da:5e:67:0e:58:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov 28 17:01:25 2025 GMT
            Not After : Nov 27 17:06:25 2026 GMT
        Subject: CN=BB86C3367CC9A080F3239721A02C32CDC01DDE31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:11:eb:2a:95:93:f8:0a:72:e0:c5:53:94:50:
                    70:49:bd:c2:0d:1d:9a:41:72:94:a6:04:1c:3d:6d:
                    1e:41:a4:f9:92:3d:e3:c7:ba:65:3b:2d:a1:42:ac:
                    77:bb:01:36:85:21:28:ff:35:5d:57:c0:2b:bc:75:
                    a7:d9:59:c6:8f:e7:a4:da:3b:c5:5e:77:57:c2:1e:
                    c5:14:a3:64:8d:75:67:16:40:1a:2c:ee:91:df:dd:
                    fb:f6:7a:bf:c3:0e:57:f5:74:73:6d:7b:24:43:ef:
                    da:d8:ac:bc:25:e1:09:6b:66:c7:23:41:6c:e3:32:
                    ed:ad:57:d9:72:1a:77:3f:b6:36:9c:77:47:4a:84:
                    89:b1:4b:44:89:5f:3d:be:27:3c:88:af:9e:59:36:
                    ba:fe:90:ac:f6:dd:76:dd:a3:34:5a:db:14:bc:2a:
                    93:a5:22:3b:6c:78:5f:13:83:b8:b5:a8:9f:26:e1:
                    d7:6f:67:ae:4e:a1:41:68:0a:36:96:19:cc:6c:80:
                    2c:ba:53:03:d0:88:6d:14:08:4f:02:a3:05:04:ff:
                    4b:ba:94:5e:c9:82:45:c6:d9:68:f1:9b:12:1f:5d:
                    eb:1e:77:52:03:fb:a7:df:ee:d8:5b:76:dd:4a:65:
                    f0:67:49:a1:55:fb:d3:cd:f5:5d:9d:43:26:ea:4a:
                    4d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:86:C3:36:7C:C9:A0:80:F3:23:97:21:A0:2C:32:CD:C0:1D:DE:31
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:af:6a:08:eb:78:a1:29:3b:7b:9d:3e:2e:87:56:d7:a6:8b:
         4a:4e:24:74:db:4b:df:75:0c:96:18:6d:39:d0:75:76:fb:90:
         85:2a:c6:8e:3e:c7:6a:58:56:81:9b:6a:dd:7a:91:21:56:f2:
         dd:ce:30:01:54:f6:bc:05:04:00:34:e6:42:ec:9b:02:d0:3f:
         47:44:a3:38:31:69:2b:71:82:50:43:12:4a:b6:14:28:2f:d8:
         71:df:7a:ef:4c:1b:84:7e:a5:62:da:7f:c3:81:2a:e9:f4:6c:
         35:ad:50:73:73:6e:dc:05:96:62:b6:8d:40:f2:80:0e:bb:cb:
         bc:25:ed:e9:83:fb:7b:73:fc:d9:01:db:44:39:79:ca:17:e1:
         a8:fd:e3:cb:fb:b5:87:9e:0c:e8:cd:3e:b7:b4:f2:85:d6:97:
         d3:62:93:42:2b:05:b1:6c:dd:9a:63:fd:8b:8b:fe:63:11:42:
         2e:5b:7c:b7:2d:45:2d:5e:6f:f9:d5:91:23:f1:64:fe:c2:30:
         90:c3:82:57:f8:26:3c:5c:24:48:b3:70:04:9b:96:a3:81:0e:
         37:f8:37:ee:36:ef:3d:80:8e:dd:2b:ac:45:1b:6f:97:e6:8f:
         d2:60:9d:3b:f6:48:9e:16:92:d4:ba:6c:ba:04:8f:e5:60:93:
         86:1f:43:34
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYSLV5l23fQlp/7/kqUPaXmcOWLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMjgxNzAxMjVaFw0yNjExMjcxNzA2MjVaMDMxMTAvBgNV
BAMTKEJCODZDMzM2N0NDOUEwODBGMzIzOTcyMUEwMkMzMkNEQzAxRERFMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1EesqlZP4CnLgxVOUUHBJvcIN
HZpBcpSmBBw9bR5BpPmSPePHumU7LaFCrHe7ATaFISj/NV1XwCu8dafZWcaP56Ta
O8Ved1fCHsUUo2SNdWcWQBos7pHf3fv2er/DDlf1dHNteyRD79rYrLwl4QlrZscj
QWzjMu2tV9lyGnc/tjacd0dKhImxS0SJXz2+JzyIr55ZNrr+kKz23XbdozRa2xS8
KpOlIjtseF8Tg7i1qJ8m4ddvZ65OoUFoCjaWGcxsgCy6UwPQiG0UCE8CowUE/0u6
lF7JgkXG2WjxmxIfXesed1ID+6ff7thbdt1KZfBnSaFV+9PN9V2dQybqSk0dAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu4bDNnzJoIDzI5choCwyzcAd3jEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFisw
DQYJKoZIhvcNAQELBQADggEBACivagjreKEpO3udPi6HVtemi0pOJHTbS991DJYY
bTnQdXb7kIUqxo4+x2pYVoGbat16kSFW8t3OMAFU9rwFBAA05kLsmwLQP0dEozgx
aStxglBDEkq2FCgv2HHfeu9MG4R+pWLaf8OBKun0bDWtUHNzbtwFlmK2jUDygA67
y7wl7emD+3tz/NkB20Q5ecoX4aj948v7tYeeDOjNPre08oXWl9Nik0IrBbFs3Zpj
/YuL/mMRQi5bfLctRS1eb/nVkSPxZP7CMJDDglf4JjxcJEizcASblqOBDjf4N+42
7z2Ajt0rrEUbb5fmj9JgnTv2SJ4WktS6bLoEj+Vgk4YfQzQ=
-----END CERTIFICATE-----