This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS984.roa
File:                     AS984.roa (raw, json)
Hash identifier:          ZtgOkSUfuaIN1baqLNt9qnQxm4wkmMTGtMKzYN4vIJk=
Subject key identifier:   85:21:A1:0E:20:FF:CC:17:75:EF:B8:83:DD:DC:E5:83:C5:DA:A2:DC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       152A6193A2E33D397D2F004D31F72969A444C804
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS984.roa
Signing time:             Wed 12 Nov 2025 08:55:50 +0000
ROA not before:           Wed 12 Nov 2025 08:50:50 +0000
ROA not after:            Wed 11 Nov 2026 08:55:50 +0000
asID:                     984
IP address blocks:        45.146.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2a:61:93:a2:e3:3d:39:7d:2f:00:4d:31:f7:29:69:a4:44:c8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 12 08:50:50 2025 GMT
            Not After : Nov 11 08:55:50 2026 GMT
        Subject: CN=8521A10E20FFCC1775EFB883DDDCE583C5DAA2DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:22:76:dd:77:c8:82:02:02:f5:37:5f:ef:20:
                    0b:a4:28:38:b8:c0:43:3a:8e:f2:2a:5f:94:20:3f:
                    69:33:49:dc:eb:2a:39:93:af:cc:30:97:07:6e:cb:
                    ac:f5:a7:36:43:dc:c9:40:2c:bd:15:ce:65:df:43:
                    04:7b:31:37:dd:aa:27:d2:1d:4b:b3:ec:73:96:be:
                    43:2e:36:a5:83:cb:1a:fc:a0:44:93:3d:32:34:1e:
                    62:2b:1c:26:44:ca:b1:f0:81:18:73:55:63:69:cd:
                    d9:a5:ba:02:c4:ed:86:8d:2b:6e:a6:c7:64:c7:5d:
                    58:0c:36:98:f1:d0:0a:49:c5:f2:0a:fa:fd:65:5b:
                    67:47:37:a3:73:a0:c0:2a:9c:7f:cc:07:e6:93:8e:
                    98:9a:20:b1:53:a4:c6:e0:e4:66:70:74:07:2f:c3:
                    0b:1b:e5:9c:ff:5d:44:7c:60:97:6d:01:91:38:b7:
                    45:43:da:5e:9c:fe:6d:26:7c:c0:3c:67:07:6e:9d:
                    dd:d1:05:51:51:f4:6e:d1:59:83:e8:ae:19:1a:17:
                    13:66:19:db:b0:52:8e:e9:23:b6:32:bb:ac:a8:fd:
                    86:0a:4f:f8:24:db:7f:89:71:9b:2b:e9:7e:6e:be:
                    f9:ff:5e:68:f0:d3:d6:30:62:29:1e:62:06:f5:64:
                    36:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:21:A1:0E:20:FF:CC:17:75:EF:B8:83:DD:DC:E5:83:C5:DA:A2:DC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:79:43:35:45:7c:ac:f3:fb:52:3e:05:29:2a:d8:93:b3:ed:
         11:83:9e:69:9c:ef:fb:f5:23:09:90:65:53:e6:cd:96:24:05:
         14:80:ac:32:59:ed:78:b3:95:af:4f:0e:6a:d2:d3:62:61:92:
         6a:23:8f:9f:c7:36:d1:cc:0e:21:e1:46:37:a1:f3:1c:c4:10:
         e5:83:13:32:b8:89:e4:53:a7:b7:63:d5:d9:71:d2:5b:a0:5a:
         14:fa:39:ee:38:85:54:03:08:fd:46:d3:51:75:8c:0a:bc:da:
         5f:b0:1f:cf:1e:8e:6e:0a:a5:3e:06:d9:16:82:9f:df:91:1f:
         20:84:9e:cb:1f:eb:87:1a:10:4a:3d:a7:77:23:36:6c:2b:46:
         00:09:69:94:ae:6f:db:55:ea:d4:62:cf:cb:9a:88:a6:75:01:
         e7:4e:26:02:2f:71:48:1d:d4:4f:1c:55:28:2a:23:48:33:bf:
         4a:e1:08:71:39:c8:b3:27:e7:5e:11:ef:7f:9e:15:c0:35:5d:
         10:d2:9f:02:6a:a0:78:4d:23:e0:14:9a:31:00:20:0f:26:a9:
         f8:da:67:90:19:82:cb:2f:ea:84:c5:97:7c:fe:90:d0:82:69:
         cc:14:cc:3f:b8:8e:af:d7:73:9c:04:a3:41:e0:cd:7b:77:eb:
         5e:bf:69:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUFSphk6LjPTl9LwBNMfcpaaREyAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTExMTIwODUwNTBaFw0yNjExMTEwODU1NTBaMDMxMTAvBgNV
BAMTKDg1MjFBMTBFMjBGRkNDMTc3NUVGQjg4M0RERENFNTgzQzVEQUEyREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiInbdd8iCAgL1N1/vIAukKDi4
wEM6jvIqX5QgP2kzSdzrKjmTr8wwlwduy6z1pzZD3MlALL0VzmXfQwR7MTfdqifS
HUuz7HOWvkMuNqWDyxr8oESTPTI0HmIrHCZEyrHwgRhzVWNpzdmlugLE7YaNK26m
x2THXVgMNpjx0ApJxfIK+v1lW2dHN6NzoMAqnH/MB+aTjpiaILFTpMbg5GZwdAcv
wwsb5Zz/XUR8YJdtAZE4t0VD2l6c/m0mfMA8Zwdund3RBVFR9G7RWYPorhkaFxNm
GduwUo7pI7Yyu6yo/YYKT/gk23+JcZsr6X5uvvn/Xmjw09YwYikeYgb1ZDanAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUhSGhDiD/zBd177iD3dzlg8XaotwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTg0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZJQMA0G
CSqGSIb3DQEBCwUAA4IBAQB5eUM1RXys8/tSPgUpKtiTs+0Rg55pnO/79SMJkGVT
5s2WJAUUgKwyWe14s5WvTw5q0tNiYZJqI4+fxzbRzA4h4UY3ofMcxBDlgxMyuInk
U6e3Y9XZcdJboFoU+jnuOIVUAwj9RtNRdYwKvNpfsB/PHo5uCqU+BtkWgp/fkR8g
hJ7LH+uHGhBKPad3IzZsK0YACWmUrm/bVerUYs/LmoimdQHnTiYCL3FIHdRPHFUo
KiNIM79K4QhxOcizJ+deEe9/nhXANV0Q0p8CaqB4TSPgFJoxACAPJqn42meQGYLL
L+qExZd8/pDQgmnMFMw/uI6v13OcBKNB4M17d+tev2kn
-----END CERTIFICATE-----