This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152586.roa
File:                     AS152586.roa (raw, json)
Hash identifier:          R/gJmpmNIHBteyNd46V8ExzAdBZjrniO/SbE8KHulyg=
Subject key identifier:   58:76:7A:8D:D9:35:B7:DB:FF:41:E3:B9:A4:76:C4:05:93:F3:5E:1D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1FCF7FB16BF808572DB3EF569088DF81FF4F0A41
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152586.roa
Signing time:             Thu 04 Dec 2025 09:20:25 +0000
ROA not before:           Thu 04 Dec 2025 09:15:25 +0000
ROA not after:            Thu 03 Dec 2026 09:20:25 +0000
asID:                     152586
IP address blocks:        194.5.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:cf:7f:b1:6b:f8:08:57:2d:b3:ef:56:90:88:df:81:ff:4f:0a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec  4 09:15:25 2025 GMT
            Not After : Dec  3 09:20:25 2026 GMT
        Subject: CN=58767A8DD935B7DBFF41E3B9A476C40593F35E1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:92:84:fb:ab:f4:27:76:6d:77:a0:1b:c1:7f:
                    91:96:19:57:cf:df:24:2b:a5:a7:84:22:2d:2e:59:
                    db:5f:62:99:a2:f2:69:2c:10:fb:0f:56:89:1e:d0:
                    70:5c:e9:2b:26:be:85:82:07:27:43:b8:4b:5b:0a:
                    8e:a2:bc:ce:84:f1:ad:65:68:77:5c:47:b0:87:a2:
                    31:cc:39:06:c4:b2:cd:da:4d:92:50:10:36:83:dc:
                    8e:90:7a:30:7a:94:d4:5a:ee:e8:12:9b:a4:19:3e:
                    5d:40:7e:e9:18:50:7c:5c:8f:1b:3f:e1:03:56:68:
                    55:ea:7a:35:cd:ca:fa:1f:b9:2c:30:47:ac:6a:38:
                    b9:f6:8c:7c:e4:b5:21:db:07:61:01:b4:a7:b8:28:
                    fe:ce:d4:5d:ed:06:7c:6d:d2:77:a0:4d:e3:fb:97:
                    d0:c4:27:f3:f8:3e:b7:c7:4f:67:09:4d:a7:8c:66:
                    9c:40:ce:6a:11:37:6c:bb:d5:4d:0b:6b:9e:98:e1:
                    07:8c:c6:9b:f0:ff:9f:09:aa:6b:5d:f6:f6:6e:aa:
                    e9:22:0c:90:9f:0a:1a:fc:c2:71:1b:0f:8c:fd:9d:
                    5d:31:e9:01:35:62:71:f5:99:f5:d2:8f:95:65:17:
                    6e:89:91:29:cc:12:f2:0a:e5:f8:65:39:3a:85:ae:
                    ef:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:76:7A:8D:D9:35:B7:DB:FF:41:E3:B9:A4:76:C4:05:93:F3:5E:1D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS152586.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:de:c1:d8:14:d2:a3:d7:a2:e1:28:93:67:89:3a:78:57:52:
         03:ed:d5:b8:7b:09:38:05:a0:88:c7:46:65:a8:79:84:40:b6:
         d2:10:d7:0e:87:fe:53:89:bc:98:80:90:83:58:49:6a:93:33:
         e3:e5:b4:9a:61:83:04:31:9c:df:97:49:97:f1:5b:06:dc:e3:
         70:89:40:57:c2:2d:b7:f6:17:e9:38:fc:2d:66:21:5f:8b:9c:
         10:6b:c0:f3:32:d8:56:79:97:4a:d8:e4:7f:88:a3:fa:5f:c9:
         c8:7e:aa:99:a0:cc:a3:fe:cb:1b:6a:42:80:80:4e:b9:cc:83:
         f5:d0:69:74:ad:c3:17:b7:47:f7:2c:4d:62:06:79:67:4f:40:
         2b:5b:48:ea:c3:3e:54:ff:a4:9c:57:67:2b:8c:5d:a5:3f:73:
         9a:63:98:cf:2f:33:64:f3:29:86:7e:ad:1b:c2:85:3e:d0:fc:
         a0:c7:65:b2:25:be:a1:08:16:98:12:a5:56:8a:b5:b8:26:88:
         fb:b6:7a:7e:53:e4:d3:6d:89:62:08:63:78:b8:f2:ac:d8:1b:
         84:fa:63:5f:4b:76:b5:00:12:e6:ad:fe:46:74:af:71:01:a1:
         86:25:eb:4c:50:17:da:e9:79:20:26:f4:a3:15:59:55:46:70:
         24:58:c3:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH89/sWv4CFcts+9WkIjfgf9PCkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMDQwOTE1MjVaFw0yNjEyMDMwOTIwMjVaMDMxMTAvBgNV
BAMTKDU4NzY3QThERDkzNUI3REJGRjQxRTNCOUE0NzZDNDA1OTNGMzVFMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLkoT7q/Qndm13oBvBf5GWGVfP
3yQrpaeEIi0uWdtfYpmi8mksEPsPVoke0HBc6SsmvoWCBydDuEtbCo6ivM6E8a1l
aHdcR7CHojHMOQbEss3aTZJQEDaD3I6QejB6lNRa7ugSm6QZPl1AfukYUHxcjxs/
4QNWaFXqejXNyvofuSwwR6xqOLn2jHzktSHbB2EBtKe4KP7O1F3tBnxt0negTeP7
l9DEJ/P4PrfHT2cJTaeMZpxAzmoRN2y71U0La56Y4QeMxpvw/58Jqmtd9vZuquki
DJCfChr8wnEbD4z9nV0x6QE1YnH1mfXSj5VlF26JkSnMEvIK5fhlOTqFru8HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWHZ6jdk1t9v/QeO5pHbEBZPzXh0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTUyNTg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgWT
MA0GCSqGSIb3DQEBCwUAA4IBAQBU3sHYFNKj16LhKJNniTp4V1ID7dW4ewk4BaCI
x0ZlqHmEQLbSENcOh/5TibyYgJCDWElqkzPj5bSaYYMEMZzfl0mX8VsG3ONwiUBX
wi239hfpOPwtZiFfi5wQa8DzMthWeZdK2OR/iKP6X8nIfqqZoMyj/ssbakKAgE65
zIP10Gl0rcMXt0f3LE1iBnlnT0ArW0jqwz5U/6ScV2crjF2lP3OaY5jPLzNk8ymG
fq0bwoU+0Pygx2WyJb6hCBaYEqVWirW4Joj7tnp+U+TTbYliCGN4uPKs2BuE+mNf
S3a1ABLmrf5GdK9xAaGGJetMUBfa6XkgJvSjFVlVRnAkWMPJ
-----END CERTIFICATE-----