This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa
File:                     AS214139.roa (raw, json)
Hash identifier:          G5KnY+jEHROkGFm+oR3lTn08oOOU+D1+SGBJvi48XkM=
Subject key identifier:   44:E2:D6:A3:DA:E4:1E:53:7E:9A:48:CB:22:C1:59:24:EC:D9:28:7B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       30295E3AB5B53993E04FBD1FC68A8F1DCC5D8281
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa
Signing time:             Tue 18 Nov 2025 16:55:12 +0000
ROA not before:           Tue 18 Nov 2025 16:50:12 +0000
ROA not after:            Tue 17 Nov 2026 16:55:12 +0000
asID:                     214139
IP address blocks:        195.20.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:29:5e:3a:b5:b5:39:93:e0:4f:bd:1f:c6:8a:8f:1d:cc:5d:82:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 18 16:50:12 2025 GMT
            Not After : Nov 17 16:55:12 2026 GMT
        Subject: CN=44E2D6A3DAE41E537E9A48CB22C15924ECD9287B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3c:61:43:a7:d0:4f:b1:d8:0e:bb:d7:28:55:
                    23:10:95:8d:d6:bf:bb:53:1b:34:89:75:dd:2c:7d:
                    8e:ec:a1:24:13:68:e0:5c:29:52:32:b6:55:51:4a:
                    86:59:3c:54:d5:4f:e0:8c:b5:b5:ff:e8:96:29:47:
                    a0:70:79:36:e5:8e:6a:c9:a3:a4:39:2c:ee:84:30:
                    54:8a:83:b1:df:24:ef:08:de:7b:58:be:ac:e1:f8:
                    2c:a1:eb:a5:b3:a0:29:60:05:4a:45:89:c2:2e:ea:
                    1c:ee:7c:88:de:a2:66:ac:64:71:e1:c7:47:b4:20:
                    1d:c3:49:64:93:be:6a:41:53:2f:bd:b7:a2:1d:de:
                    f6:14:48:ce:9e:ca:71:d0:5c:d0:76:0b:f3:30:3a:
                    14:23:7f:a0:6a:f5:e6:03:5b:e4:27:9c:d3:e6:d3:
                    78:c3:67:f3:7f:7f:51:6f:ce:ea:36:3d:f1:1a:21:
                    46:7b:5c:13:fd:c9:10:6b:05:ad:59:9c:24:cc:78:
                    7e:c9:58:bb:fa:73:f8:c9:1c:57:a2:18:22:f3:7f:
                    5a:bd:31:c1:51:6b:ca:38:c3:f7:f9:cd:2d:33:84:
                    08:76:e6:3d:62:47:7b:31:94:c4:4c:18:ef:a1:26:
                    69:0b:c7:08:36:6d:bc:95:e9:9d:b1:5f:69:63:40:
                    00:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:E2:D6:A3:DA:E4:1E:53:7E:9A:48:CB:22:C1:59:24:EC:D9:28:7B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d7:f2:8b:fe:e0:c2:db:c2:91:c5:e2:e7:b7:7c:56:f0:c6:
         b1:47:d7:00:bc:dd:30:2f:2e:9d:45:0c:10:e7:21:96:67:6a:
         3e:d7:88:20:49:d2:99:24:02:d5:3d:0b:a3:be:33:b8:97:db:
         ad:54:c4:81:2a:d8:40:aa:be:15:e9:52:66:56:8c:1b:91:7b:
         0b:06:b8:22:7b:29:48:a2:71:fa:4f:4f:aa:08:55:90:3e:20:
         2f:f6:c6:ff:a1:b4:26:55:b4:2a:7b:55:c2:51:e4:8e:e1:5d:
         ba:0c:d7:ff:d5:f8:08:f2:82:f7:4e:ae:f8:ee:6f:40:1c:07:
         74:0c:52:8b:e1:ee:00:9e:8b:27:9f:e2:76:ff:b2:a4:40:46:
         9c:40:6f:1f:34:07:4f:ba:4f:62:07:18:0c:4a:c3:d0:f2:2c:
         b4:69:ea:f1:66:42:4c:b6:8f:21:36:11:a1:94:67:af:56:0c:
         5a:ae:2d:8d:90:8c:5f:ec:6c:c7:37:5a:5a:f2:1b:8b:ec:93:
         23:27:b3:b4:99:86:4a:27:61:be:27:60:db:75:eb:4c:c1:36:
         b7:e1:df:e6:c4:a5:58:a6:4d:61:b6:05:51:be:6b:80:1a:17:
         96:e7:3f:17:54:cb:0c:5d:47:ac:ea:15:84:48:83:5d:5f:5f:
         d8:6a:21:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMCleOrW1OZPgT70fxoqPHcxdgoEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTExMTgxNjUwMTJaFw0yNjExMTcxNjU1MTJaMDMxMTAvBgNV
BAMTKDQ0RTJENkEzREFFNDFFNTM3RTlBNDhDQjIyQzE1OTI0RUNEOTI4N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqPGFDp9BPsdgOu9coVSMQlY3W
v7tTGzSJdd0sfY7soSQTaOBcKVIytlVRSoZZPFTVT+CMtbX/6JYpR6BweTbljmrJ
o6Q5LO6EMFSKg7HfJO8I3ntYvqzh+Cyh66WzoClgBUpFicIu6hzufIjeomasZHHh
x0e0IB3DSWSTvmpBUy+9t6Id3vYUSM6eynHQXNB2C/MwOhQjf6Bq9eYDW+QnnNPm
03jDZ/N/f1Fvzuo2PfEaIUZ7XBP9yRBrBa1ZnCTMeH7JWLv6c/jJHFeiGCLzf1q9
McFRa8o4w/f5zS0zhAh25j1iR3sxlMRMGO+hJmkLxwg2bbyV6Z2xX2ljQAArAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUROLWo9rkHlN+mkjLIsFZJOzZKHswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE0MTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxRo
MA0GCSqGSIb3DQEBCwUAA4IBAQCp1/KL/uDC28KRxeLnt3xW8MaxR9cAvN0wLy6d
RQwQ5yGWZ2o+14ggSdKZJALVPQujvjO4l9utVMSBKthAqr4V6VJmVowbkXsLBrgi
eylIonH6T0+qCFWQPiAv9sb/obQmVbQqe1XCUeSO4V26DNf/1fgI8oL3Tq747m9A
HAd0DFKL4e4Anosnn+J2/7KkQEacQG8fNAdPuk9iBxgMSsPQ8iy0aerxZkJMto8h
NhGhlGevVgxari2NkIxf7GzHN1pa8huL7JMjJ7O0mYZKJ2G+J2DbdetMwTa34d/m
xKVYpk1htgVRvmuAGheW5z8XVMsMXUes6hWESINdX1/YaiGj
-----END CERTIFICATE-----