This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152900.roa
File:                     AS152900.roa (raw, json)
Hash identifier:          g+WYMTKN5iaDFPc58Y+ADMucWld14AsL2Crl3wwKJOM=
Subject key identifier:   8A:90:6B:08:EA:C1:26:63:5F:6E:FB:54:FE:C0:C5:DE:C9:A1:E3:C9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       48B9B47857EEC9DD264DAF69702BF2E785496639
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152900.roa
Signing time:             Tue 06 Jan 2026 01:00:46 +0000
ROA not before:           Tue 06 Jan 2026 00:55:46 +0000
ROA not after:            Tue 05 Jan 2027 01:00:46 +0000
asID:                     152900
IP address blocks:        2a14:7580:e500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:b9:b4:78:57:ee:c9:dd:26:4d:af:69:70:2b:f2:e7:85:49:66:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:46 2026 GMT
            Not After : Jan  5 01:00:46 2027 GMT
        Subject: CN=8A906B08EAC126635F6EFB54FEC0C5DEC9A1E3C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e0:a8:41:c9:71:dd:36:1b:76:3c:f8:a2:dd:
                    09:4b:29:36:94:c6:78:47:54:09:43:d8:77:5d:3f:
                    d5:ed:f0:e6:ff:3d:00:32:9b:90:a8:0e:bd:ff:b0:
                    25:cb:a0:0d:cf:b7:de:19:d1:71:8d:52:9f:d4:89:
                    7d:ba:d1:d9:f3:99:e6:13:53:4b:07:19:b8:05:9d:
                    2e:99:34:35:60:3f:c5:24:cc:40:f6:2f:45:37:b4:
                    35:48:27:b3:bb:26:20:a2:d1:d7:17:27:b1:09:a1:
                    c4:d4:7c:d7:ad:65:95:5e:4b:c1:82:d6:e1:86:87:
                    c0:ff:44:07:93:39:75:a5:8f:11:ed:0f:18:47:5f:
                    1c:f7:e3:fe:af:2f:55:e1:63:61:29:90:f4:5b:7e:
                    4a:6a:52:a4:46:85:1f:e0:b1:59:a5:84:d7:4b:5b:
                    11:33:9d:17:e7:41:bb:c5:6c:d8:42:2e:8c:84:b7:
                    38:55:c5:d4:d1:8d:cd:7f:df:57:4b:00:90:12:83:
                    2b:90:10:74:b1:04:1c:88:22:59:6d:c0:2a:a6:f8:
                    ed:3c:80:8f:86:d4:4d:33:8a:14:06:03:30:6b:66:
                    3a:8f:69:24:bf:5c:65:26:0c:0e:f9:2e:81:02:2f:
                    84:4d:5b:59:e6:76:ca:3c:9c:8e:86:24:a4:df:0c:
                    1e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:90:6B:08:EA:C1:26:63:5F:6E:FB:54:FE:C0:C5:DE:C9:A1:E3:C9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS152900.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:e500::/40

    Signature Algorithm: sha256WithRSAEncryption
         20:f3:f6:5b:c4:0d:4e:25:59:13:a5:e9:dd:e5:3a:84:81:67:
         e5:55:0c:c3:ad:9c:42:bc:d5:41:86:5c:a5:5c:be:4d:54:63:
         42:23:ee:7a:8a:d4:8f:a8:a5:b8:ea:54:55:a1:e8:de:7c:e1:
         04:14:75:5e:0e:2a:29:15:ea:f9:0e:0d:e8:80:3d:6b:01:3f:
         60:f5:4a:65:fd:60:d8:f1:53:8d:ba:db:a2:fc:70:4a:26:61:
         ed:2a:6b:21:34:d9:12:7b:b5:f2:cc:a8:80:f8:5c:f5:bd:40:
         e8:6a:0a:4f:a8:26:88:ea:bf:3e:d6:67:05:62:a1:27:06:6f:
         93:1d:95:bc:b0:f2:71:c8:40:76:2d:75:32:34:17:16:26:00:
         94:1a:b9:ed:c1:36:9f:d5:27:6a:89:27:9f:68:6e:dd:c7:50:
         d9:e4:17:33:1c:2a:64:07:fb:19:96:6a:f6:cd:30:2f:2c:b8:
         6b:20:bb:b3:ae:75:7c:e5:ea:f9:29:af:54:be:ca:21:22:75:
         70:1a:a2:07:01:c8:a8:23:07:3c:e5:05:94:e1:55:dc:47:86:
         b9:8b:b0:73:df:58:18:d6:29:bd:9a:99:a7:74:3b:60:60:fa:
         55:89:12:70:35:37:fe:61:6a:4a:7c:a7:5b:e3:17:4c:52:3d:
         59:1c:c3:a4
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUSLm0eFfuyd0mTa9pcCvy54VJZjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDZaFw0yNzAxMDUwMTAwNDZaMDMxMTAvBgNV
BAMTKDhBOTA2QjA4RUFDMTI2NjM1RjZFRkI1NEZFQzBDNURFQzlBMUUzQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv4KhByXHdNht2PPii3QlLKTaU
xnhHVAlD2HddP9Xt8Ob/PQAym5CoDr3/sCXLoA3Pt94Z0XGNUp/UiX260dnzmeYT
U0sHGbgFnS6ZNDVgP8UkzED2L0U3tDVIJ7O7JiCi0dcXJ7EJocTUfNetZZVeS8GC
1uGGh8D/RAeTOXWljxHtDxhHXxz34/6vL1XhY2EpkPRbfkpqUqRGhR/gsVmlhNdL
WxEznRfnQbvFbNhCLoyEtzhVxdTRjc1/31dLAJASgyuQEHSxBByIIlltwCqm+O08
gI+G1E0zihQGAzBrZjqPaSS/XGUmDA75LoECL4RNW1nmdso8nI6GJKTfDB4jAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUipBrCOrBJmNfbvtU/sDF3smh48kwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMTUyOTAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gOUwDQYJKoZIhvcNAQELBQADggEBACDz9lvEDU4lWROl6d3lOoSBZ+VVDMOtnEK8
1UGGXKVcvk1UY0Ij7nqK1I+opbjqVFWh6N584QQUdV4OKikV6vkODeiAPWsBP2D1
SmX9YNjxU42626L8cEomYe0qayE02RJ7tfLMqID4XPW9QOhqCk+oJojqvz7WZwVi
oScGb5Mdlbyw8nHIQHYtdTI0FxYmAJQaue3BNp/VJ2qJJ59obt3HUNnkFzMcKmQH
+xmWavbNMC8suGsgu7OudXzl6vkpr1S+yiEidXAaogcByKgjBzzlBZThVdxHhrmL
sHPfWBjWKb2amad0O2Bg+lWJEnA1N/5hakp8p1vjF0xSPVkcw6Q=
-----END CERTIFICATE-----