This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS203494.roa
File:                     AS203494.roa (raw, json)
Hash identifier:          g7owRXRhT+XzUSSD9UHRI87XaNusn2AAJBbi4IB/qc8=
Subject key identifier:   D0:2C:EF:53:32:B3:02:31:89:AA:97:F7:80:F3:F2:29:44:50:6E:04
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       6754040E5CE29076CFC1652661D7EA09BE0F9D6B
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS203494.roa
Signing time:             Fri 28 Nov 2025 12:08:58 +0000
ROA not before:           Fri 28 Nov 2025 12:03:58 +0000
ROA not after:            Fri 27 Nov 2026 12:08:58 +0000
asID:                     203494
IP address blocks:        217.18.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:54:04:0e:5c:e2:90:76:cf:c1:65:26:61:d7:ea:09:be:0f:9d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Nov 28 12:03:58 2025 GMT
            Not After : Nov 27 12:08:58 2026 GMT
        Subject: CN=D02CEF5332B3023189AA97F780F3F22944506E04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:83:f3:53:b1:f9:83:63:25:4e:81:51:8b:ad:
                    93:d1:71:77:e7:5f:18:41:99:03:54:37:02:37:65:
                    6c:1c:e2:d1:97:d9:7f:f3:49:48:fa:e4:cb:37:57:
                    9d:e9:a7:cb:53:e7:0b:6b:d3:61:26:1e:4c:24:25:
                    33:03:79:d7:7a:e6:8f:a2:36:11:9f:19:e5:f2:1c:
                    94:29:14:fe:60:48:ee:41:81:7f:ce:96:36:ff:32:
                    91:9e:bb:75:9d:e1:97:de:ee:c0:3d:54:93:97:87:
                    2c:7f:7e:b8:b1:7f:53:13:c8:8d:8e:c2:07:c9:ee:
                    12:0d:70:53:46:03:44:d3:db:67:eb:3c:c5:3c:e0:
                    af:c8:42:42:40:a2:40:89:28:73:2b:32:98:2d:c9:
                    da:b4:c4:a6:fa:1c:6d:ba:38:61:10:dd:82:c5:ad:
                    a6:8c:4b:f3:f6:b0:00:58:27:36:f2:1d:ac:70:99:
                    c8:cb:94:32:78:31:a8:0d:4a:da:0f:16:fd:e7:fe:
                    90:cf:50:8a:ce:fd:50:de:2d:72:b9:c2:52:a8:4b:
                    80:d8:26:dc:48:ee:f2:91:e9:cd:eb:d5:4e:44:b8:
                    cc:9c:af:31:71:71:01:89:32:2e:b7:b4:cf:3d:18:
                    99:89:4f:52:3d:70:77:94:af:6e:01:e1:97:4c:8d:
                    26:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:2C:EF:53:32:B3:02:31:89:AA:97:F7:80:F3:F2:29:44:50:6E:04
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS203494.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:65:8d:0c:40:25:d4:03:6f:3a:3b:2d:09:a8:f1:8c:fe:b0:
         28:9c:b1:5d:47:b6:aa:e6:1d:6b:84:89:3b:7c:09:1f:2f:8f:
         d4:94:a2:80:9f:b9:60:2a:95:15:9f:d5:af:87:c6:e9:bf:fd:
         e1:3b:27:cc:70:64:43:c0:c0:fe:23:b3:ec:b4:b6:9f:50:ef:
         81:86:76:4a:f4:ef:dc:ec:25:c8:2c:8d:49:14:1f:ae:75:18:
         b9:11:36:3a:ab:e8:3e:78:d5:a8:4c:c0:7f:32:35:d0:19:9b:
         d1:7a:bc:a6:30:e4:ab:80:46:1c:7a:9c:e2:dd:e9:8c:5c:14:
         9a:84:b4:3a:4a:57:99:cd:d2:41:9f:b4:6a:68:f3:b3:69:fb:
         44:70:98:fb:08:a8:52:30:4a:a3:14:6e:43:74:5b:c1:71:fb:
         12:90:c5:5f:ee:f4:3a:ca:1c:a3:e3:9e:12:80:ca:0e:57:82:
         9b:b3:90:38:da:dc:4a:d3:ce:31:9f:40:e5:c9:33:cb:84:00:
         7f:c4:f8:7a:00:04:13:c6:5c:ec:ca:a6:37:57:86:5e:71:10:
         70:51:bd:e2:c5:08:44:71:0e:c6:6a:a4:9f:1e:18:73:0f:38:
         00:0a:c8:3f:7e:92:f4:ad:7e:3f:ed:8b:a0:fb:e9:28:bc:41:
         b3:4c:8d:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ1QEDlzikHbPwWUmYdfqCb4PnWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTExMjgxMjAzNThaFw0yNjExMjcxMjA4NThaMDMxMTAvBgNV
BAMTKEQwMkNFRjUzMzJCMzAyMzE4OUFBOTdGNzgwRjNGMjI5NDQ1MDZFMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdg/NTsfmDYyVOgVGLrZPRcXfn
XxhBmQNUNwI3ZWwc4tGX2X/zSUj65Ms3V53pp8tT5wtr02EmHkwkJTMDedd65o+i
NhGfGeXyHJQpFP5gSO5BgX/Oljb/MpGeu3Wd4Zfe7sA9VJOXhyx/frixf1MTyI2O
wgfJ7hINcFNGA0TT22frPMU84K/IQkJAokCJKHMrMpgtydq0xKb6HG26OGEQ3YLF
raaMS/P2sABYJzbyHaxwmcjLlDJ4MagNStoPFv3n/pDPUIrO/VDeLXK5wlKoS4DY
JtxI7vKR6c3r1U5EuMycrzFxcQGJMi63tM89GJmJT1I9cHeUr24B4ZdMjSbtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0CzvUzKzAjGJqpf3gPPyKURQbgQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAzNDk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RLR
MA0GCSqGSIb3DQEBCwUAA4IBAQCEZY0MQCXUA286Oy0JqPGM/rAonLFdR7aq5h1r
hIk7fAkfL4/UlKKAn7lgKpUVn9Wvh8bpv/3hOyfMcGRDwMD+I7PstLafUO+BhnZK
9O/c7CXILI1JFB+udRi5ETY6q+g+eNWoTMB/MjXQGZvRerymMOSrgEYcepzi3emM
XBSahLQ6SleZzdJBn7RqaPOzaftEcJj7CKhSMEqjFG5DdFvBcfsSkMVf7vQ6yhyj
454SgMoOV4Kbs5A42txK084xn0DlyTPLhAB/xPh6AAQTxlzsyqY3V4ZecRBwUb3i
xQhEcQ7GaqSfHhhzDzgACsg/fpL0rX4/7Yug++kovEGzTI3L
-----END CERTIFICATE-----