This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa
File:                     AS42831.roa (raw, json)
Hash identifier:          j2VY2sHv8x121NVdCy8BRtrhJEvQZ5wjPWn6upB6mxE=
Subject key identifier:   CA:EB:12:89:5E:7D:15:02:AC:10:B2:39:E4:4E:80:DE:6D:11:0D:2D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       08523E69CB08D3D0A2C1A257159E9BB77628FAD2
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa
Signing time:             Fri 26 Dec 2025 14:26:24 +0000
ROA not before:           Fri 26 Dec 2025 14:21:24 +0000
ROA not after:            Fri 25 Dec 2026 14:26:24 +0000
asID:                     42831
IP address blocks:        45.142.236.0/24 maxlen: 24
                          91.199.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:52:3e:69:cb:08:d3:d0:a2:c1:a2:57:15:9e:9b:b7:76:28:fa:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 26 14:21:24 2025 GMT
            Not After : Dec 25 14:26:24 2026 GMT
        Subject: CN=CAEB12895E7D1502AC10B239E44E80DE6D110D2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:28:06:e6:0e:06:71:c2:3d:24:59:db:50:fb:
                    74:1c:1f:1a:d3:0d:f7:ac:44:f4:77:13:f8:e3:f3:
                    75:ef:ca:0d:a0:69:20:58:83:17:e9:64:e4:39:92:
                    ff:b1:13:b1:0d:c2:4e:cb:64:fa:ce:f2:ef:5c:8c:
                    fc:3f:ea:d9:c9:a1:ec:b5:ef:71:98:b5:b9:1e:c1:
                    98:fa:40:22:b6:21:d6:d4:98:0b:f8:9b:63:19:e9:
                    9c:34:41:64:73:2b:95:0c:cc:bb:b8:9a:30:52:23:
                    62:b2:92:70:62:98:ac:83:83:e6:9b:83:d4:9a:f7:
                    98:c4:67:41:6f:45:0b:b4:e9:6c:0e:10:c5:21:b1:
                    f4:73:d5:bb:8e:00:58:3f:3b:c0:fc:d5:c1:5a:a8:
                    5e:92:cb:e2:54:55:67:28:a0:f7:d7:f1:b8:c6:3c:
                    76:c7:8c:e0:d9:85:55:fe:4e:75:06:8e:12:97:95:
                    e2:f3:8f:84:6c:c1:e4:7a:1d:e3:5d:dd:f7:df:3e:
                    44:50:c7:d1:32:4e:1d:d5:00:05:7f:07:fe:7d:db:
                    81:5e:54:69:9f:1d:0b:7f:7b:91:38:29:f9:f0:e0:
                    d1:82:67:42:f5:c6:95:f2:47:50:d1:1f:b1:37:65:
                    b6:ca:6b:e2:3f:56:09:61:cb:bf:1d:28:8e:02:c9:
                    e3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EB:12:89:5E:7D:15:02:AC:10:B2:39:E4:4E:80:DE:6D:11:0D:2D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS42831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.236.0/24
                  91.199.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d0:81:a3:76:b8:47:5b:e8:4f:60:bc:bd:43:89:c4:e1:a8:
         c6:fc:92:bf:21:24:3b:c0:e2:dc:4d:69:7f:90:3d:d3:30:3a:
         5a:ce:7a:e7:73:01:d0:d6:c2:a8:33:4e:49:61:8e:9a:70:41:
         8b:d0:6a:3d:3e:5d:34:b5:80:1a:4e:35:3d:d3:28:f8:35:3a:
         d8:cc:6c:78:91:b4:95:8a:88:f5:02:64:3c:10:bf:9e:00:88:
         b5:33:58:98:31:29:b5:f1:25:fb:13:c4:e8:71:5b:8b:09:64:
         3c:d1:e2:61:86:8c:ea:ea:68:8e:a1:6a:b5:99:0b:32:bf:18:
         a3:c3:ac:c5:8a:b6:0a:76:ca:94:de:b6:e0:1f:55:7f:fc:39:
         3c:78:c4:3a:ee:81:9a:7f:c2:f7:a2:56:ff:5d:72:bf:b7:74:
         7e:36:f0:a2:f7:f2:96:2b:1d:48:fc:c2:77:3a:f4:f9:78:7b:
         39:18:05:8c:73:f8:5e:65:a3:6e:59:75:01:d4:68:89:0d:7b:
         fe:b9:9a:a9:e8:21:3d:b6:9c:61:47:9d:1a:fa:01:eb:41:b3:
         64:48:e3:51:e8:bd:9c:c8:32:05:45:a8:d1:9e:86:bd:58:e7:
         dc:3b:c1:ac:a7:bc:3d:a9:6a:d1:62:0b:88:db:62:31:aa:19:
         04:34:32:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUCFI+acsI09CiwaJXFZ6bt3Yo+tIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMjYxNDIxMjRaFw0yNjEyMjUxNDI2MjRaMDMxMTAvBgNV
BAMTKENBRUIxMjg5NUU3RDE1MDJBQzEwQjIzOUU0NEU4MERFNkQxMTBEMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWKAbmDgZxwj0kWdtQ+3QcHxrT
DfesRPR3E/jj83Xvyg2gaSBYgxfpZOQ5kv+xE7ENwk7LZPrO8u9cjPw/6tnJoey1
73GYtbkewZj6QCK2IdbUmAv4m2MZ6Zw0QWRzK5UMzLu4mjBSI2KyknBimKyDg+ab
g9Sa95jEZ0FvRQu06WwOEMUhsfRz1buOAFg/O8D81cFaqF6Sy+JUVWcooPfX8bjG
PHbHjODZhVX+TnUGjhKXleLzj4RsweR6HeNd3fffPkRQx9EyTh3VAAV/B/5924Fe
VGmfHQt/e5E4Kfnw4NGCZ0L1xpXyR1DRH7E3ZbbKa+I/Vglhy78dKI4CyeOBAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUyusSiV59FQKsELI55E6A3m0RDS0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtjuwD
BABbx6wwDQYJKoZIhvcNAQELBQADggEBABHQgaN2uEdb6E9gvL1DicThqMb8kr8h
JDvA4txNaX+QPdMwOlrOeudzAdDWwqgzTklhjppwQYvQaj0+XTS1gBpONT3TKPg1
OtjMbHiRtJWKiPUCZDwQv54AiLUzWJgxKbXxJfsTxOhxW4sJZDzR4mGGjOrqaI6h
arWZCzK/GKPDrMWKtgp2ypTetuAfVX/8OTx4xDrugZp/wveiVv9dcr+3dH428KL3
8pYrHUj8wnc69Pl4ezkYBYxz+F5lo25ZdQHUaIkNe/65mqnoIT22nGFHnRr6AetB
s2RI41HovZzIMgVFqNGehr1Y59w7waynvD2patFiC4jbYjGqGQQ0MmM=
-----END CERTIFICATE-----