This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          NjM1aeZ1iA4UnkdcryV0hCIU0z6m7vZjWVtamJSnhb0=
Subject key identifier:   26:84:40:99:15:9D:FC:21:13:38:1D:CC:05:97:1B:38:3D:5C:45:94
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       2D996CC5CB6D2010C8924EEC6AE4A802742D784E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215703.roa
Signing time:             Tue 25 Nov 2025 07:39:45 +0000
ROA not before:           Tue 25 Nov 2025 07:34:45 +0000
ROA not after:            Tue 24 Nov 2026 07:39:45 +0000
asID:                     215703
IP address blocks:        85.235.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 20:50:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:99:6c:c5:cb:6d:20:10:c8:92:4e:ec:6a:e4:a8:02:74:2d:78:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Nov 25 07:34:45 2025 GMT
            Not After : Nov 24 07:39:45 2026 GMT
        Subject: CN=26844099159DFC2113381DCC05971B383D5C4594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b4:71:d8:c9:2a:8f:f1:53:f4:44:3c:6e:b2:
                    2e:33:34:69:b1:ac:e1:2d:1e:32:d8:ce:9e:11:3c:
                    02:fb:27:c9:21:cf:80:2a:d0:29:88:41:8f:fe:37:
                    34:bd:4a:ca:67:a0:c0:d5:e6:41:fd:23:8a:f6:a2:
                    49:56:40:ea:82:23:e9:84:bd:9b:21:b8:c3:cb:cb:
                    c4:91:bf:48:ec:60:cc:ce:88:7b:0f:cc:33:82:b1:
                    24:b5:6c:b8:6e:b3:0f:b3:3c:55:08:eb:63:62:19:
                    49:a5:b6:7e:68:de:fb:b4:a2:32:99:2e:73:61:63:
                    aa:5c:a3:be:71:86:2e:48:d5:3a:5a:ff:c9:54:72:
                    90:da:a1:fe:14:d1:3d:4e:30:9b:56:70:f7:91:6e:
                    e4:c8:6d:88:77:66:d2:85:a1:fa:4b:d5:d7:e9:10:
                    d7:9c:73:b4:60:ac:02:6b:32:59:66:37:ee:75:1b:
                    45:50:47:1d:41:22:b5:68:79:e6:e6:da:33:61:2e:
                    66:f6:de:be:8e:ec:08:c1:1f:b6:ee:c0:af:a7:86:
                    b4:50:53:24:c3:8f:a0:f4:ea:f0:1c:0f:b1:06:36:
                    47:26:75:84:e9:61:b0:51:48:c1:ad:7f:1a:04:b7:
                    b4:57:83:02:4e:bc:bd:21:cb:1f:56:51:fd:7f:a4:
                    ba:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:84:40:99:15:9D:FC:21:13:38:1D:CC:05:97:1B:38:3D:5C:45:94
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:3c:29:35:92:43:59:10:ef:99:42:7c:14:dc:69:9c:73:72:
         2d:38:48:cf:df:b7:f9:5c:3b:9a:ec:b9:2b:7b:31:4c:99:2d:
         a9:2a:95:ed:7a:df:03:e2:ba:62:d5:e5:ef:93:88:23:ba:83:
         a8:ce:a5:10:6e:58:70:19:e1:7f:ca:65:4a:c9:ce:77:d6:31:
         67:2c:25:70:1f:f1:ab:51:af:98:f1:36:93:5a:c6:7c:59:37:
         50:1f:f5:0a:eb:02:65:78:b5:fb:46:95:eb:ff:e2:5f:32:f1:
         ab:fa:08:b2:34:e2:b5:fa:e2:ad:5a:30:c5:2f:6c:e1:9c:43:
         3c:73:7d:a5:9a:e8:03:8f:a0:64:22:97:7b:e0:f4:46:39:49:
         25:85:bc:bb:4a:e0:c0:8d:da:e8:dd:86:2a:58:e0:89:df:5b:
         4c:7d:37:73:e3:97:d8:c6:bb:52:10:d0:28:45:a8:01:b7:56:
         e9:ab:53:67:a7:9e:a1:72:e8:12:dd:fb:04:2c:8c:be:65:dc:
         7f:e4:01:e8:6f:c7:79:0d:11:a5:67:3a:97:ce:fd:ac:87:6e:
         a2:19:51:db:b3:e3:b6:ed:83:26:3b:8a:87:62:e6:22:10:f2:
         5c:f9:11:6b:93:c8:2f:f9:f9:d6:1c:0f:7c:50:33:bd:18:a0:
         45:50:80:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULZlsxcttIBDIkk7sauSoAnQteE4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTExMjUwNzM0NDVaFw0yNjExMjQwNzM5NDVaMDMxMTAvBgNV
BAMTKDI2ODQ0MDk5MTU5REZDMjExMzM4MURDQzA1OTcxQjM4M0Q1QzQ1OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXtHHYySqP8VP0RDxusi4zNGmx
rOEtHjLYzp4RPAL7J8khz4Aq0CmIQY/+NzS9SspnoMDV5kH9I4r2oklWQOqCI+mE
vZshuMPLy8SRv0jsYMzOiHsPzDOCsSS1bLhusw+zPFUI62NiGUmltn5o3vu0ojKZ
LnNhY6pco75xhi5I1Tpa/8lUcpDaof4U0T1OMJtWcPeRbuTIbYh3ZtKFofpL1dfp
ENecc7RgrAJrMllmN+51G0VQRx1BIrVoeebm2jNhLmb23r6O7AjBH7buwK+nhrRQ
UyTDj6D06vAcD7EGNkcmdYTpYbBRSMGtfxoEt7RXgwJOvL0hyx9WUf1/pLoHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJoRAmRWd/CETOB3MBZcbOD1cRZQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVetJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAAPCk1kkNZEO+ZQnwU3Gmcc3ItOEjP37f5XDua
7LkrezFMmS2pKpXtet8D4rpi1eXvk4gjuoOozqUQblhwGeF/ymVKyc531jFnLCVw
H/GrUa+Y8TaTWsZ8WTdQH/UK6wJleLX7RpXr/+JfMvGr+giyNOK1+uKtWjDFL2zh
nEM8c32lmugDj6BkIpd74PRGOUklhby7SuDAjdro3YYqWOCJ31tMfTdz45fYxrtS
ENAoRagBt1bpq1Nnp56hcugS3fsELIy+Zdx/5AHob8d5DRGlZzqXzv2sh26iGVHb
s+O27YMmO4qHYuYiEPJc+RFrk8gv+fnWHA98UDO9GKBFUIBD
-----END CERTIFICATE-----