This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          Bw0vgXjfKu4uViBhGDMLCIey10koua9UUaR+YA9a9HA=
Subject key identifier:   A9:50:DA:16:07:58:69:03:32:0B:5C:14:89:4E:1D:E2:FE:9E:99:83
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       20FE102AC5BB7C5B5AAED5DF55BDC0475FA8D641
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS996.roa
Signing time:             Mon 10 Nov 2025 02:13:02 +0000
ROA not before:           Mon 10 Nov 2025 02:08:02 +0000
ROA not after:            Mon 09 Nov 2026 02:13:02 +0000
asID:                     996
IP address blocks:        82.24.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 00:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:fe:10:2a:c5:bb:7c:5b:5a:ae:d5:df:55:bd:c0:47:5f:a8:d6:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov 10 02:08:02 2025 GMT
            Not After : Nov  9 02:13:02 2026 GMT
        Subject: CN=A950DA1607586903320B5C14894E1DE2FE9E9983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fa:4e:59:87:38:b2:f0:6f:bb:5c:f1:3e:7a:
                    be:ec:8f:0f:52:d0:a7:74:d0:83:5f:43:7f:37:29:
                    13:b9:04:08:ad:8f:cd:51:3d:f9:c8:f0:9c:c9:c8:
                    67:da:e1:15:7a:81:fb:da:2e:9a:19:24:30:b5:e8:
                    7e:44:b7:d0:77:cc:2c:dd:a9:11:36:be:c5:49:ec:
                    58:fe:3a:f0:59:e3:c8:d7:b3:55:70:be:3c:5f:9e:
                    d1:08:17:34:e3:32:29:83:50:ea:b8:67:d5:60:1a:
                    88:66:4c:7c:13:2b:4a:f9:fc:77:c7:01:4e:81:ec:
                    af:a9:97:33:84:af:7c:af:ec:3c:f2:3f:a5:ec:aa:
                    96:42:42:20:89:52:b4:be:04:fc:b6:b8:76:02:39:
                    c3:42:28:7e:c2:03:d3:af:6d:66:97:23:62:50:78:
                    05:fc:45:91:94:57:47:54:24:26:0c:26:21:87:b3:
                    95:fb:2c:45:c2:44:9c:13:12:76:55:9b:74:af:43:
                    14:57:66:2d:03:a1:ed:b1:33:5f:ea:76:1d:57:d4:
                    06:3b:f6:0c:66:7c:ef:f3:cd:82:45:fe:67:2b:c6:
                    52:b0:7a:f0:9a:35:b9:57:a1:a8:92:0a:3c:5c:1a:
                    8e:57:1d:aa:33:21:94:a1:3e:98:a6:dd:2b:1d:70:
                    d2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:50:DA:16:07:58:69:03:32:0B:5C:14:89:4E:1D:E2:FE:9E:99:83
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:52:c4:2c:57:d9:04:49:23:92:a8:90:eb:e7:2b:72:1a:ab:
         4c:a1:1b:f2:4e:d0:58:e9:22:f8:47:ee:13:b1:6f:f5:a1:fb:
         cb:2c:cf:b5:2a:bd:6e:5b:92:d7:40:d9:80:b1:ad:49:6e:31:
         9e:a2:e0:02:56:39:48:24:e1:b7:99:8b:ff:c9:25:d3:a9:3b:
         3a:76:6e:80:ab:2b:04:3b:b4:d1:21:4b:7e:d9:11:ce:b2:47:
         41:d8:c0:b4:5f:65:aa:00:c8:9f:70:d5:d7:ac:89:c4:e2:6d:
         bd:cd:a7:48:53:7e:20:70:58:01:61:c8:9b:57:bf:ab:ae:1b:
         79:ce:b0:8c:63:93:2f:61:8f:a6:ae:d8:89:20:f3:b7:7e:c4:
         38:7a:7c:9c:a4:95:27:6c:b2:d6:4f:ea:63:a9:06:06:72:72:
         56:45:c5:0a:65:0b:c8:9a:dd:22:fa:4b:00:93:5b:e7:b2:07:
         27:a5:c2:73:28:5c:d3:33:07:54:f1:b7:83:d1:3c:64:f8:11:
         2b:c3:c4:6e:4c:fe:6a:e2:87:36:a2:a7:df:d5:2b:d3:19:6a:
         e3:72:b8:cd:a7:2d:e6:c8:d0:bd:e7:e5:6a:2e:14:f1:0a:57:
         ad:c8:ce:75:2f:10:76:53:17:a9:11:5b:2b:71:98:8e:69:a2:
         31:43:db:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUIP4QKsW7fFtartXfVb3AR1+o1kEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMTAwMjA4MDJaFw0yNjExMDkwMjEzMDJaMDMxMTAvBgNV
BAMTKEE5NTBEQTE2MDc1ODY5MDMzMjBCNUMxNDg5NEUxREUyRkU5RTk5ODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv+k5Zhziy8G+7XPE+er7sjw9S
0Kd00INfQ383KRO5BAitj81RPfnI8JzJyGfa4RV6gfvaLpoZJDC16H5Et9B3zCzd
qRE2vsVJ7Fj+OvBZ48jXs1VwvjxfntEIFzTjMimDUOq4Z9VgGohmTHwTK0r5/HfH
AU6B7K+plzOEr3yv7DzyP6XsqpZCQiCJUrS+BPy2uHYCOcNCKH7CA9OvbWaXI2JQ
eAX8RZGUV0dUJCYMJiGHs5X7LEXCRJwTEnZVm3SvQxRXZi0Doe2xM1/qdh1X1AY7
9gxmfO/zzYJF/mcrxlKwevCaNblXoaiSCjxcGo5XHaozIZShPpim3SsdcNLxAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUqVDaFgdYaQMyC1wUiU4d4v6emYMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUhgAMA0G
CSqGSIb3DQEBCwUAA4IBAQA+UsQsV9kESSOSqJDr5ytyGqtMoRvyTtBY6SL4R+4T
sW/1ofvLLM+1Kr1uW5LXQNmAsa1JbjGeouACVjlIJOG3mYv/ySXTqTs6dm6AqysE
O7TRIUt+2RHOskdB2MC0X2WqAMifcNXXrInE4m29zadIU34gcFgBYcibV7+rrht5
zrCMY5MvYY+mrtiJIPO3fsQ4enycpJUnbLLWT+pjqQYGcnJWRcUKZQvImt0i+ksA
k1vnsgcnpcJzKFzTMwdU8beD0Txk+BErw8RuTP5q4oc2oqff1SvTGWrjcrjNpy3m
yNC95+VqLhTxCletyM51LxB2UxepEVsrcZiOaaIxQ9ve
-----END CERTIFICATE-----