This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213693.roa
File:                     AS213693.roa (raw, json)
Hash identifier:          PSOVC1hjHpX9/wRoshyRlB0MslqJGZkagIzKT6Gxo9Y=
Subject key identifier:   81:DA:A5:5F:61:0A:D8:B0:19:82:10:E0:B4:84:18:D0:BA:C0:A6:08
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       15AAF188D949D59777BED6CBA1BE28FF2D8A63E3
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213693.roa
Signing time:             Sat 27 Dec 2025 22:27:09 +0000
ROA not before:           Sat 27 Dec 2025 22:22:09 +0000
ROA not after:            Sat 26 Dec 2026 22:27:09 +0000
asID:                     213693
IP address blocks:        147.78.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 03:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:aa:f1:88:d9:49:d5:97:77:be:d6:cb:a1:be:28:ff:2d:8a:63:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 27 22:22:09 2025 GMT
            Not After : Dec 26 22:27:09 2026 GMT
        Subject: CN=81DAA55F610AD8B0198210E0B48418D0BAC0A608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:68:de:8d:db:82:10:0a:ad:82:55:6a:f7:e7:
                    f8:76:fa:9f:1b:58:97:14:54:37:8f:78:fa:b8:a9:
                    76:c1:a5:39:2c:5f:2a:1a:f3:67:47:31:ce:2e:42:
                    b3:4a:87:1e:57:9b:f9:0b:44:a8:33:32:fc:79:6b:
                    ea:39:b4:46:79:59:0a:7e:47:59:7d:89:db:ad:06:
                    c5:ae:f5:d9:0c:3b:27:78:57:21:f8:1e:01:99:a7:
                    9b:42:a5:02:a1:52:ee:46:a7:ef:45:8d:9d:8d:0e:
                    dd:6d:4e:5f:bf:bd:74:c5:25:45:f0:3e:d3:0f:19:
                    85:db:5e:13:7e:6b:e7:72:5f:19:04:7f:5b:12:c8:
                    0d:f6:b2:b3:fc:55:5f:50:76:ed:a0:de:77:fe:53:
                    65:0f:31:75:53:b4:12:d0:94:f0:4a:0b:e3:6f:76:
                    36:0c:82:76:df:7d:a4:79:cf:40:13:b2:8c:bd:4a:
                    a9:02:de:f8:10:90:7e:02:b7:b0:34:9e:9f:e7:ee:
                    bb:be:09:fc:ae:8a:aa:a9:7f:ae:b7:49:65:b3:13:
                    b5:43:a3:3a:34:80:ec:c9:c8:78:60:e8:21:9f:01:
                    53:48:5b:18:b0:66:43:90:08:3e:11:e7:b8:db:70:
                    27:2c:8d:56:57:f8:22:9f:f2:d5:23:c2:cc:d3:cd:
                    c4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:DA:A5:5F:61:0A:D8:B0:19:82:10:E0:B4:84:18:D0:BA:C0:A6:08
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:18:a9:b0:f2:3a:03:fe:eb:8d:83:72:84:a6:6f:6d:82:d5:
         f2:2d:8a:87:28:cb:59:6b:a9:99:6e:16:9d:67:db:c4:d8:fc:
         8f:cf:03:c7:a7:e9:f0:39:d9:c2:6c:80:22:ca:6c:1c:24:1c:
         21:39:46:93:56:12:d2:8a:8d:85:e5:19:b4:c8:36:ed:52:db:
         ff:bd:e3:22:70:04:54:50:df:87:91:b4:48:5d:d8:90:ef:cf:
         18:83:f9:11:60:27:58:1a:5d:44:8f:b8:59:a7:84:a7:f2:b9:
         da:65:5a:a7:8b:39:ae:43:d9:1d:ae:7f:0d:76:42:7c:d5:66:
         a2:c1:bb:10:c0:e0:df:15:2f:cd:bd:49:c5:0c:1a:06:25:63:
         f0:27:db:42:47:79:31:ed:b7:2a:7a:7c:81:bc:b3:4a:47:a0:
         6d:c9:9d:ce:5a:ad:b2:09:5e:71:82:a8:f6:44:22:97:2a:ee:
         01:30:f9:2b:8b:71:a2:3d:2a:1d:ca:87:43:4a:cd:ae:1c:fe:
         eb:fc:cc:32:ca:74:fb:38:d0:a8:bc:95:d2:79:e2:f6:7c:7e:
         02:bd:b6:60:50:b7:ec:f5:23:bf:15:fc:20:34:97:0f:c9:c9:
         15:7a:cc:fa:da:98:cc:0e:bd:c3:72:8f:9b:e3:79:10:b9:04:
         41:1d:39:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFarxiNlJ1Zd3vtbLob4o/y2KY+MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMjcyMjIyMDlaFw0yNjEyMjYyMjI3MDlaMDMxMTAvBgNV
BAMTKDgxREFBNTVGNjEwQUQ4QjAxOTgyMTBFMEI0ODQxOEQwQkFDMEE2MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaN6N24IQCq2CVWr35/h2+p8b
WJcUVDePePq4qXbBpTksXyoa82dHMc4uQrNKhx5Xm/kLRKgzMvx5a+o5tEZ5WQp+
R1l9idutBsWu9dkMOyd4VyH4HgGZp5tCpQKhUu5Gp+9FjZ2NDt1tTl+/vXTFJUXw
PtMPGYXbXhN+a+dyXxkEf1sSyA32srP8VV9Qdu2g3nf+U2UPMXVTtBLQlPBKC+Nv
djYMgnbffaR5z0ATsoy9SqkC3vgQkH4Ct7A0np/n7ru+Cfyuiqqpf663SWWzE7VD
ozo0gOzJyHhg6CGfAVNIWxiwZkOQCD4R57jbcCcsjVZX+CKf8tUjwszTzcRpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgdqlX2EK2LAZghDgtIQY0LrApggwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEzNjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk057
MA0GCSqGSIb3DQEBCwUAA4IBAQAeGKmw8joD/uuNg3KEpm9tgtXyLYqHKMtZa6mZ
bhadZ9vE2PyPzwPHp+nwOdnCbIAiymwcJBwhOUaTVhLSio2F5Rm0yDbtUtv/veMi
cARUUN+HkbRIXdiQ788Yg/kRYCdYGl1Ej7hZp4Sn8rnaZVqnizmuQ9kdrn8NdkJ8
1WaiwbsQwODfFS/NvUnFDBoGJWPwJ9tCR3kx7bcqenyBvLNKR6BtyZ3OWq2yCV5x
gqj2RCKXKu4BMPkri3GiPSodyodDSs2uHP7r/MwyynT7ONCovJXSeeL2fH4CvbZg
ULfs9SO/FfwgNJcPyckVesz62pjMDr3Dco+b43kQuQRBHTnx
-----END CERTIFICATE-----