This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          7NNsx2e4TYfGPP5+kuqCrxF9STCc+4VoI8crCZ85Vf0=
Subject key identifier:   2B:C2:A8:BF:4E:34:37:41:35:15:8E:C5:32:FB:42:1F:DF:02:F3:01
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       34545DDC94C5660733F396F315D20F6555A51E7A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21840.roa
Signing time:             Tue 18 Nov 2025 05:50:09 +0000
ROA not before:           Tue 18 Nov 2025 05:45:09 +0000
ROA not after:            Tue 17 Nov 2026 05:50:09 +0000
asID:                     21840
IP address blocks:        147.78.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:54:5d:dc:94:c5:66:07:33:f3:96:f3:15:d2:0f:65:55:a5:1e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 18 05:45:09 2025 GMT
            Not After : Nov 17 05:50:09 2026 GMT
        Subject: CN=2BC2A8BF4E34374135158EC532FB421FDF02F301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f5:d3:c1:52:f0:74:e6:69:33:96:01:02:5b:
                    0b:ba:f7:c0:7c:fa:b1:8d:a9:3e:14:a7:69:ab:20:
                    b6:bb:49:a7:b8:ba:83:c1:ca:df:2f:02:d9:6b:b7:
                    45:15:f7:ea:4a:07:36:aa:64:d5:66:91:30:3e:40:
                    14:1b:0d:5e:44:b0:4f:e2:2b:23:11:90:8f:d2:1c:
                    c2:31:42:df:db:ad:df:91:16:71:94:d6:4c:b5:4e:
                    08:d8:07:fc:39:74:40:d7:ee:79:10:13:7c:7e:a5:
                    ab:24:10:4a:47:d9:fa:6d:2d:fb:98:a8:7f:db:3c:
                    3e:56:e2:4c:4d:ed:ba:a0:51:9e:88:e3:7b:10:5b:
                    c7:71:18:b8:8b:02:03:1b:bd:81:ec:b7:5c:78:dd:
                    6f:b3:9d:79:f0:63:79:2c:5a:30:e5:dd:93:95:45:
                    36:42:26:0f:6c:04:09:b5:b6:4a:10:33:23:4e:1f:
                    69:02:e5:9b:59:bf:5d:2d:c9:e2:43:8d:4f:fa:aa:
                    5b:8b:be:9f:32:7f:78:6e:83:d2:79:12:7d:36:24:
                    aa:c7:6d:55:c2:d9:94:57:44:15:e6:ca:5f:10:30:
                    e1:1b:1c:e3:70:19:39:62:8b:de:63:0c:d7:f4:45:
                    00:c5:96:ac:4f:e1:c0:29:d0:f8:82:4c:b0:7b:fe:
                    26:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C2:A8:BF:4E:34:37:41:35:15:8E:C5:32:FB:42:1F:DF:02:F3:01
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:42:8d:5a:fd:00:13:ac:bd:8a:2e:27:b7:3e:06:29:37:f6:
         76:6f:04:eb:a3:b9:cb:0d:5f:e4:c3:24:30:f9:0a:b7:c7:47:
         78:af:b6:27:54:9f:db:48:48:8c:56:97:0b:4a:56:9f:8a:e9:
         ca:1f:c6:8b:a0:52:31:be:87:89:cd:d6:c2:ff:6d:3d:73:03:
         b2:15:6c:99:c3:9f:37:93:56:07:a5:be:ff:b7:e9:4e:8b:1b:
         64:ea:42:e4:08:f3:59:4e:2b:cc:b5:be:f5:73:9c:14:13:be:
         e4:4c:97:c5:a1:63:ec:09:50:82:9a:d5:9a:2f:b7:23:7a:d3:
         4c:de:43:21:d1:2d:04:8d:60:09:4a:84:ed:14:84:17:32:68:
         66:ac:e4:a9:30:24:34:ac:18:9c:bb:7e:18:e3:78:ed:41:61:
         7d:c8:da:1e:1d:88:d7:a2:92:fb:d2:7e:8a:1c:01:4d:c8:ec:
         30:27:42:12:7a:24:3d:02:06:a7:14:5d:35:c9:79:07:2c:25:
         f5:20:f4:a7:14:e8:29:8b:a2:ee:d5:6a:66:09:88:17:fc:25:
         1d:4f:37:0f:55:ca:57:c2:39:ca:f4:d4:ef:3f:11:d0:2d:84:
         1f:ac:14:9b:da:01:f2:d1:ce:9a:46:d0:8e:87:f6:65:a8:20:
         2e:bb:55:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNFRd3JTFZgcz85bzFdIPZVWlHnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTExMTgwNTQ1MDlaFw0yNjExMTcwNTUwMDlaMDMxMTAvBgNV
BAMTKDJCQzJBOEJGNEUzNDM3NDEzNTE1OEVDNTMyRkI0MjFGREYwMkYzMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS9dPBUvB05mkzlgECWwu698B8
+rGNqT4Up2mrILa7Sae4uoPByt8vAtlrt0UV9+pKBzaqZNVmkTA+QBQbDV5EsE/i
KyMRkI/SHMIxQt/brd+RFnGU1ky1TgjYB/w5dEDX7nkQE3x+paskEEpH2fptLfuY
qH/bPD5W4kxN7bqgUZ6I43sQW8dxGLiLAgMbvYHst1x43W+znXnwY3ksWjDl3ZOV
RTZCJg9sBAm1tkoQMyNOH2kC5ZtZv10tyeJDjU/6qluLvp8yf3hug9J5En02JKrH
bVXC2ZRXRBXmyl8QMOEbHONwGTlii95jDNf0RQDFlqxP4cAp0PiCTLB7/ibXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUK8Kov040N0E1FY7FMvtCH98C8wEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTnsw
DQYJKoZIhvcNAQELBQADggEBAL1CjVr9ABOsvYouJ7c+Bik39nZvBOujucsNX+TD
JDD5CrfHR3ivtidUn9tISIxWlwtKVp+K6cofxougUjG+h4nN1sL/bT1zA7IVbJnD
nzeTVgelvv+36U6LG2TqQuQI81lOK8y1vvVznBQTvuRMl8WhY+wJUIKa1ZovtyN6
00zeQyHRLQSNYAlKhO0UhBcyaGas5KkwJDSsGJy7fhjjeO1BYX3I2h4diNeikvvS
foocAU3I7DAnQhJ6JD0CBqcUXTXJeQcsJfUg9KcU6CmLou7VamYJiBf8JR1PNw9V
ylfCOcr01O8/EdAthB+sFJvaAfLRzppG0I6H9mWoIC67Vc4=
-----END CERTIFICATE-----