This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS53902.roa
File:                     AS53902.roa (raw, json)
Hash identifier:          gODWfVPRBGOMsyLZLDyggFAaBFlLtd3IXysBTvU/v1A=
Subject key identifier:   7F:16:03:E2:90:96:84:95:0C:81:89:0F:A5:9C:A1:2B:9A:BE:A0:F9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4490D3389755C6D8B68C6D0D2B36616017BF5E83
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS53902.roa
Signing time:             Wed 07 Jan 2026 23:51:19 +0000
ROA not before:           Wed 07 Jan 2026 23:46:19 +0000
ROA not after:            Wed 06 Jan 2027 23:51:19 +0000
asID:                     53902
IP address blocks:        193.176.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 13:13:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:90:d3:38:97:55:c6:d8:b6:8c:6d:0d:2b:36:61:60:17:bf:5e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan  7 23:46:19 2026 GMT
            Not After : Jan  6 23:51:19 2027 GMT
        Subject: CN=7F1603E2909684950C81890FA59CA12B9ABEA0F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f2:af:28:08:d6:63:84:af:21:0a:5f:b6:02:
                    9a:7c:a5:39:6f:96:8a:b5:dd:58:fb:b5:c9:e6:74:
                    94:7d:fa:67:7e:2b:5d:66:17:4a:31:79:7a:d1:76:
                    ea:b6:72:76:e8:c1:00:24:08:d9:fb:5f:32:30:8c:
                    b1:09:e0:98:b3:17:c4:89:32:38:5e:b3:bb:83:b9:
                    fc:b5:72:97:7c:3d:a3:72:3a:7c:d1:7a:3f:34:11:
                    2e:f1:52:03:7a:95:3d:8c:0f:c2:b7:a9:54:54:72:
                    ff:65:e6:1a:31:94:9b:61:3c:9a:1e:6f:2f:46:6f:
                    2c:4a:b3:ce:c4:af:73:6b:34:80:cb:ef:34:9b:be:
                    fa:a2:4b:fb:14:e2:a2:cc:ae:88:74:8f:dd:92:4a:
                    94:ad:4c:8e:b1:da:80:23:ec:39:f7:e2:6b:3d:52:
                    78:ee:a5:b7:ec:6d:3f:85:fa:ef:87:38:bf:43:b9:
                    c1:3a:57:b2:be:89:bd:90:ce:54:9b:c5:48:f3:24:
                    11:0e:95:f0:9f:4f:38:65:bc:c6:d4:dd:47:56:c9:
                    17:64:4f:60:5a:fb:ba:50:12:e6:a7:24:79:6f:a2:
                    51:28:a2:ce:68:fd:c8:d8:4f:f8:52:32:4b:e9:0e:
                    a2:60:3e:f6:d0:7c:da:11:35:1d:aa:5d:83:42:c8:
                    12:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:16:03:E2:90:96:84:95:0C:81:89:0F:A5:9C:A1:2B:9A:BE:A0:F9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS53902.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b6:c6:c2:62:78:56:44:8f:1d:2a:18:05:35:e1:67:a7:51:
         74:9f:71:74:ed:12:92:b6:b3:4b:0f:81:de:d9:8d:0c:ed:cd:
         4e:7c:eb:3b:ea:eb:6a:59:cf:61:e3:25:df:e9:36:90:26:e1:
         d7:e7:bd:52:65:b5:65:45:60:28:c8:d1:31:ac:1b:4c:e0:3b:
         93:53:85:a0:25:46:75:d8:5c:86:69:32:f4:30:05:36:27:fb:
         1f:12:09:36:d8:3c:62:46:8e:24:39:48:30:9b:84:2b:e1:c7:
         da:5e:36:8d:37:20:3d:0e:68:d7:d7:90:00:63:a6:1b:7b:a6:
         02:9c:d6:59:cd:f0:c5:1c:70:2c:a2:dd:20:ac:b2:c5:37:6a:
         90:7d:14:14:26:f9:e1:a2:25:9c:29:ff:31:5d:17:a7:e8:a9:
         20:c4:5d:4f:8d:dd:1a:f4:b8:1f:da:f2:ab:5f:1a:13:c1:e8:
         2f:b2:27:f5:e0:e2:2c:e4:5c:d0:cd:6e:4d:05:91:f7:f1:bb:
         46:50:15:fa:d1:10:f0:cc:ef:df:12:52:55:9b:8e:b5:bc:ca:
         32:34:85:80:04:0b:8a:bb:a5:b5:8c:43:4b:ef:75:45:04:7d:
         12:82:e5:42:79:bc:26:4b:fd:03:81:c8:c8:3c:aa:e0:de:d7:
         23:82:5f:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURJDTOJdVxti2jG0NKzZhYBe/XoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAxMDcyMzQ2MTlaFw0yNzAxMDYyMzUxMTlaMDMxMTAvBgNV
BAMTKDdGMTYwM0UyOTA5Njg0OTUwQzgxODkwRkE1OUNBMTJCOUFCRUEwRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC78q8oCNZjhK8hCl+2App8pTlv
loq13Vj7tcnmdJR9+md+K11mF0oxeXrRduq2cnbowQAkCNn7XzIwjLEJ4JizF8SJ
Mjhes7uDufy1cpd8PaNyOnzRej80ES7xUgN6lT2MD8K3qVRUcv9l5hoxlJthPJoe
by9GbyxKs87Er3NrNIDL7zSbvvqiS/sU4qLMroh0j92SSpStTI6x2oAj7Dn34ms9
UnjupbfsbT+F+u+HOL9DucE6V7K+ib2QzlSbxUjzJBEOlfCfTzhlvMbU3UdWyRdk
T2Ba+7pQEuanJHlvolEoos5o/cjYT/hSMkvpDqJgPvbQfNoRNR2qXYNCyBLdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUfxYD4pCWhJUMgYkPpZyhK5q+oPkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTM5MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBsIEw
DQYJKoZIhvcNAQELBQADggEBAGy2xsJieFZEjx0qGAU14WenUXSfcXTtEpK2s0sP
gd7ZjQztzU586zvq62pZz2HjJd/pNpAm4dfnvVJltWVFYCjI0TGsG0zgO5NThaAl
RnXYXIZpMvQwBTYn+x8SCTbYPGJGjiQ5SDCbhCvhx9peNo03ID0OaNfXkABjpht7
pgKc1lnN8MUccCyi3SCsssU3apB9FBQm+eGiJZwp/zFdF6foqSDEXU+N3Rr0uB/a
8qtfGhPB6C+yJ/Xg4izkXNDNbk0Fkffxu0ZQFfrREPDM798SUlWbjrW8yjI0hYAE
C4q7pbWMQ0vvdUUEfRKC5UJ5vCZL/QOByMg8quDe1yOCX6E=
-----END CERTIFICATE-----