This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208690.roa
File:                     AS208690.roa (raw, json)
Hash identifier:          Se66H1jdbGjPiZlyu7gCSgz4HAXvdrVTtCRzipLIYXY=
Subject key identifier:   76:98:D5:30:E1:F2:BC:2A:0D:DF:E7:D5:CC:B1:DF:C3:DA:E9:2B:E4
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       27D7671CD02908D68798F6CADAD1BB118C2264A1
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208690.roa
Signing time:             Tue 30 Dec 2025 21:42:55 +0000
ROA not before:           Tue 30 Dec 2025 21:37:55 +0000
ROA not after:            Tue 29 Dec 2026 21:42:55 +0000
asID:                     208690
IP address blocks:        147.78.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 03:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:d7:67:1c:d0:29:08:d6:87:98:f6:ca:da:d1:bb:11:8c:22:64:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 30 21:37:55 2025 GMT
            Not After : Dec 29 21:42:55 2026 GMT
        Subject: CN=7698D530E1F2BC2A0DDFE7D5CCB1DFC3DAE92BE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ab:9d:ad:54:f8:71:0d:63:75:76:0d:61:b4:
                    64:e3:f0:6e:c9:86:a7:a9:c4:3c:0c:05:c9:e5:d5:
                    08:2f:5a:9c:95:2a:b7:30:52:9f:b3:f2:3d:63:42:
                    87:1d:71:46:4e:20:f2:e1:86:e2:84:8f:5a:c6:62:
                    da:41:c9:b5:d2:5c:72:5f:c7:dc:4a:72:3b:08:31:
                    37:bb:c0:1e:a8:d1:2d:73:11:e5:d5:64:43:2c:fd:
                    91:b9:b5:73:d5:bc:62:53:96:63:3a:f9:46:7a:b0:
                    b2:9b:0a:ca:29:05:69:c6:78:e0:2f:05:14:36:b6:
                    b2:06:1f:45:9f:49:0b:94:f8:1c:67:c1:f9:08:fb:
                    09:bc:55:2c:ed:49:ab:4a:12:9a:e7:73:e6:30:d1:
                    a6:56:15:6f:9a:52:47:93:46:8c:2e:10:d2:44:b1:
                    1f:35:ba:65:dc:a4:06:c0:01:09:fe:2a:f8:e3:40:
                    07:5b:bc:a3:02:a8:0a:b3:22:72:af:3a:d4:a7:40:
                    4f:88:de:fb:55:b2:2d:d7:0c:f0:3e:2e:4b:0f:f7:
                    1f:87:ec:c2:27:72:7f:41:85:fb:70:a0:1e:67:72:
                    45:08:41:b5:20:28:22:d8:79:18:ca:76:2b:8a:ba:
                    31:46:96:b2:a9:1d:cf:e9:21:dd:e0:67:5f:c7:ae:
                    cc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:98:D5:30:E1:F2:BC:2A:0D:DF:E7:D5:CC:B1:DF:C3:DA:E9:2B:E4
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ac:aa:67:e3:51:40:87:8f:48:57:93:9c:12:94:9f:7c:ac:
         70:3c:7e:6a:84:7c:44:d5:7d:05:8e:ab:6a:1c:0b:59:b8:a9:
         b8:df:b9:58:f9:80:34:1a:1f:d4:42:53:dd:9c:39:75:85:f7:
         63:97:22:5a:9c:f0:1d:ce:99:bc:da:11:aa:36:af:d7:45:c4:
         c7:60:97:cb:92:06:26:de:7f:31:eb:8d:eb:3d:c6:c5:37:04:
         4f:3d:79:b4:07:43:60:c8:bc:b3:14:f4:c5:55:f2:c3:a9:48:
         91:c9:eb:7c:6f:41:13:b9:20:e6:b1:e4:17:1c:b8:ef:c8:d4:
         94:1a:97:17:cd:2a:61:eb:53:47:53:61:22:d1:1f:78:29:81:
         21:39:fa:7c:c4:fe:02:ff:ea:8c:3c:ba:1e:bb:15:2f:51:1b:
         29:0a:a4:59:f7:57:be:b5:77:b0:da:5a:ae:9b:72:5d:31:65:
         b8:a0:25:d9:09:ac:5e:d0:dd:78:bc:3e:35:5d:37:72:0b:f9:
         5b:00:81:b1:28:bf:35:37:2d:78:79:91:8d:94:b4:57:ce:b7:
         ff:c2:fc:7f:32:98:0f:eb:cd:11:22:ac:a5:26:fe:86:83:81:
         3b:51:cb:2b:f2:db:03:2b:83:23:ab:78:78:1e:83:07:3b:92:
         38:1f:df:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJ9dnHNApCNaHmPbK2tG7EYwiZKEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMzAyMTM3NTVaFw0yNjEyMjkyMTQyNTVaMDMxMTAvBgNV
BAMTKDc2OThENTMwRTFGMkJDMkEwRERGRTdENUNDQjFERkMzREFFOTJCRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyq52tVPhxDWN1dg1htGTj8G7J
hqepxDwMBcnl1QgvWpyVKrcwUp+z8j1jQocdcUZOIPLhhuKEj1rGYtpBybXSXHJf
x9xKcjsIMTe7wB6o0S1zEeXVZEMs/ZG5tXPVvGJTlmM6+UZ6sLKbCsopBWnGeOAv
BRQ2trIGH0WfSQuU+BxnwfkI+wm8VSztSatKEprnc+Yw0aZWFW+aUkeTRowuENJE
sR81umXcpAbAAQn+KvjjQAdbvKMCqAqzInKvOtSnQE+I3vtVsi3XDPA+LksP9x+H
7MIncn9BhftwoB5nckUIQbUgKCLYeRjKdiuKujFGlrKpHc/pId3gZ1/HrsxRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdpjVMOHyvCoN3+fVzLHfw9rpK+QwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NjkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk054
MA0GCSqGSIb3DQEBCwUAA4IBAQBHrKpn41FAh49IV5OcEpSffKxwPH5qhHxE1X0F
jqtqHAtZuKm437lY+YA0Gh/UQlPdnDl1hfdjlyJanPAdzpm82hGqNq/XRcTHYJfL
kgYm3n8x643rPcbFNwRPPXm0B0NgyLyzFPTFVfLDqUiRyet8b0ETuSDmseQXHLjv
yNSUGpcXzSph61NHU2Ei0R94KYEhOfp8xP4C/+qMPLoeuxUvURspCqRZ91e+tXew
2lqum3JdMWW4oCXZCaxe0N14vD41XTdyC/lbAIGxKL81Ny14eZGNlLRXzrf/wvx/
MpgP680RIqylJv6Gg4E7Ucsr8tsDK4Mjq3h4HoMHO5I4H9/S
-----END CERTIFICATE-----