This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204245.roa
File:                     AS204245.roa (raw, json)
Hash identifier:          l2ugyfEqZwMT4tPA15gw85SyST/1fisdnLsIsKJ8Gnk=
Subject key identifier:   81:FF:F3:4B:84:C6:4E:3D:E6:A1:CD:A0:0C:86:04:96:AB:F8:A0:B1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6635F62541616F1F564995837BDE6FFA4AF9EE78
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204245.roa
Signing time:             Mon 10 Nov 2025 22:47:15 +0000
ROA not before:           Mon 10 Nov 2025 22:42:15 +0000
ROA not after:            Mon 09 Nov 2026 22:47:15 +0000
asID:                     204245
IP address blocks:        2a0f:85c1:d9a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:35:f6:25:41:61:6f:1f:56:49:95:83:7b:de:6f:fa:4a:f9:ee:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov 10 22:42:15 2025 GMT
            Not After : Nov  9 22:47:15 2026 GMT
        Subject: CN=81FFF34B84C64E3DE6A1CDA00C860496ABF8A0B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9e:7e:6b:66:2d:eb:da:ad:8d:da:1c:e8:e4:
                    18:36:30:95:a9:57:68:d1:c2:f3:94:d0:6f:05:66:
                    e5:b6:7e:26:c7:eb:1a:62:e1:e6:0d:7b:84:71:ae:
                    5a:cc:ff:87:8e:d0:79:4f:75:a2:7b:52:4c:ec:0d:
                    9c:06:a4:0c:22:a2:73:2f:42:47:47:05:23:fa:20:
                    6d:7c:fa:08:94:55:64:8d:05:5d:1e:6a:6b:a1:29:
                    bc:55:47:2a:c7:c8:83:ff:36:ea:eb:76:fe:7c:e8:
                    08:a8:10:8f:f9:4b:b9:97:96:e4:bb:2f:ad:23:23:
                    30:4a:79:95:ec:e4:f5:c9:8a:2f:22:db:33:05:30:
                    ae:75:ba:43:0c:27:73:d2:87:7a:83:36:37:ba:b1:
                    5b:fe:62:fe:9a:b0:16:b4:3d:ba:12:c0:ea:2e:28:
                    cf:61:f4:ed:9b:9f:a8:51:36:35:48:b6:db:eb:3d:
                    0c:e3:bd:f8:be:c7:46:9e:07:66:34:98:6e:f2:12:
                    23:f8:f5:c1:14:78:13:74:a2:87:eb:c8:4c:93:f3:
                    20:1c:7e:9e:7e:4b:69:fe:7f:8a:09:f7:78:c5:60:
                    a3:4a:28:1d:21:32:22:6c:b6:37:53:f1:d6:97:e9:
                    e4:b3:3a:b7:24:86:c7:80:25:1f:eb:99:e9:cd:e3:
                    a3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:FF:F3:4B:84:C6:4E:3D:E6:A1:CD:A0:0C:86:04:96:AB:F8:A0:B1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d9a::/48

    Signature Algorithm: sha256WithRSAEncryption
         ec:9c:8c:cb:50:d5:95:9f:cd:04:41:2f:ba:25:92:c4:c8:2f:
         c2:56:0a:7e:b6:35:e8:94:39:a7:93:9c:18:e0:37:ef:f7:1e:
         5c:30:81:44:7d:44:3d:9c:d3:82:df:48:53:81:c5:3f:33:23:
         9d:55:c9:c0:49:2a:9e:0f:7b:76:88:1f:ad:10:38:4a:04:34:
         d9:0e:91:7b:76:0c:be:83:4f:fb:4d:22:9a:ed:9a:24:12:7e:
         08:b4:06:57:11:fa:95:ff:bb:db:78:33:f7:84:d6:9e:1a:49:
         d0:4f:38:70:18:7f:68:1d:66:12:de:9a:bc:5b:62:ad:f0:79:
         83:1e:61:de:97:88:c9:47:13:af:aa:80:76:3d:56:5b:cf:78:
         69:f1:7d:ed:68:ec:c2:e5:df:b2:a6:b6:72:6d:c4:e2:b6:4e:
         ec:ce:28:c2:11:80:97:d1:50:ec:ea:6f:9c:be:d6:01:d4:6d:
         43:a9:1f:29:4a:2e:e4:7a:5c:8f:0e:6c:79:62:75:98:7f:59:
         45:5f:96:27:88:46:d1:17:0f:33:bc:10:1a:cb:37:a9:6d:69:
         47:e3:f8:6e:04:7b:7d:e4:ff:33:85:3b:56:a7:4b:8f:10:13:
         35:b4:fc:c4:b4:cc:72:d3:44:d1:7d:d3:a5:59:58:20:35:48:
         f0:bc:f1:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZjX2JUFhbx9WSZWDe95v+kr57ngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTExMTAyMjQyMTVaFw0yNjExMDkyMjQ3MTVaMDMxMTAvBgNV
BAMTKDgxRkZGMzRCODRDNjRFM0RFNkExQ0RBMDBDODYwNDk2QUJGOEEwQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCunn5rZi3r2q2N2hzo5Bg2MJWp
V2jRwvOU0G8FZuW2fibH6xpi4eYNe4RxrlrM/4eO0HlPdaJ7UkzsDZwGpAwionMv
QkdHBSP6IG18+giUVWSNBV0eamuhKbxVRyrHyIP/Nurrdv586AioEI/5S7mXluS7
L60jIzBKeZXs5PXJii8i2zMFMK51ukMMJ3PSh3qDNje6sVv+Yv6asBa0PboSwOou
KM9h9O2bn6hRNjVIttvrPQzjvfi+x0aeB2Y0mG7yEiP49cEUeBN0oofryEyT8yAc
fp5+S2n+f4oJ93jFYKNKKB0hMiJstjdT8daX6eSzOrckhseAJR/rmenN46NZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgf/zS4TGTj3moc2gDIYElqv4oLEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0MjQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ2aMA0GCSqGSIb3DQEBCwUAA4IBAQDsnIzLUNWVn80EQS+6JZLEyC/CVgp+tjXo
lDmnk5wY4Dfv9x5cMIFEfUQ9nNOC30hTgcU/MyOdVcnASSqeD3t2iB+tEDhKBDTZ
DpF7dgy+g0/7TSKa7ZokEn4ItAZXEfqV/7vbeDP3hNaeGknQTzhwGH9oHWYS3pq8
W2Kt8HmDHmHel4jJRxOvqoB2PVZbz3hp8X3taOzC5d+yprZybcTitk7szijCEYCX
0VDs6m+cvtYB1G1DqR8pSi7kelyPDmx5YnWYf1lFX5YniEbRFw8zvBAayzepbWlH
4/huBHt95P8zhTtWp0uPEBM1tPzEtMxy00TRfdOlWVggNUjwvPFm
-----END CERTIFICATE-----