This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa
File:                     AS25098.roa (raw, json)
Hash identifier:          9zuiWQJrk7kGPcnsG23opR8VqNTx4GmTyHAA3gaiQ88=
Subject key identifier:   6C:58:46:EF:24:DA:63:F2:26:7B:31:BE:3A:35:E0:09:EA:B4:A9:6B
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       35CE3845D9007B4FC213FE3153F35C3C3C30ADE7
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa
Signing time:             Sat 13 Dec 2025 10:01:43 +0000
ROA not before:           Sat 13 Dec 2025 09:56:43 +0000
ROA not after:            Sat 12 Dec 2026 10:01:43 +0000
asID:                     25098
IP address blocks:        212.107.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Dec 2025 11:19:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:ce:38:45:d9:00:7b:4f:c2:13:fe:31:53:f3:5c:3c:3c:30:ad:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Dec 13 09:56:43 2025 GMT
            Not After : Dec 12 10:01:43 2026 GMT
        Subject: CN=6C5846EF24DA63F2267B31BE3A35E009EAB4A96B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:38:26:2f:b7:b8:fd:b7:13:ba:be:eb:04:a6:
                    4e:b9:15:dd:a4:60:95:fc:5d:89:33:bd:31:68:0a:
                    d1:90:67:b6:f9:d3:a4:32:8c:1e:b2:a8:7f:32:13:
                    02:2f:f6:3b:ea:f6:f5:66:e1:ef:35:73:49:38:b8:
                    f4:53:4c:cb:98:fd:11:6e:26:0a:3d:c2:c9:f5:11:
                    c4:20:56:7a:b1:8f:be:e1:cc:48:8a:53:0b:de:a0:
                    19:48:57:52:a1:04:87:2a:77:9e:ef:a7:73:42:65:
                    00:91:88:3e:1d:89:6b:07:1d:47:7a:83:54:3f:16:
                    40:2b:95:5a:d8:4e:a6:5e:a5:5d:f8:2d:c2:e9:c1:
                    1a:13:d4:b6:e8:51:ae:71:d5:fd:68:6b:94:14:f7:
                    cb:48:87:c6:56:c2:98:65:f5:17:03:31:57:74:5a:
                    0d:dc:53:72:2e:30:2e:03:d7:f3:1f:48:69:77:6f:
                    2b:df:41:17:92:17:11:bf:68:2d:79:1c:ba:be:cf:
                    f7:2b:23:e5:bd:2e:74:bd:70:18:df:c5:40:68:b4:
                    68:58:f7:5e:fa:77:bc:44:09:1b:e5:68:0b:f0:65:
                    a5:7d:ba:ec:8e:2c:26:17:70:9a:5f:58:84:cd:cd:
                    92:34:1a:da:9a:0f:83:fe:94:0b:a8:69:df:32:85:
                    27:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:58:46:EF:24:DA:63:F2:26:7B:31:BE:3A:35:E0:09:EA:B4:A9:6B
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:38:af:be:c3:08:85:15:d4:a8:09:c7:1d:f7:61:a6:76:81:
         44:71:2a:01:34:3d:14:21:f0:5f:fd:de:92:ae:3c:85:34:f0:
         d8:32:35:8a:dd:56:bd:9a:f4:10:9a:2f:ce:21:a1:43:2c:2b:
         63:e4:45:2d:8e:de:b6:17:95:d4:7d:40:77:c6:8b:e5:fe:b4:
         6c:0e:9a:85:23:68:01:ef:be:4b:c2:91:a6:cc:2a:f9:1d:21:
         7b:57:78:b0:ce:80:a8:bf:34:2c:02:f8:a5:82:d9:b4:39:56:
         db:82:c4:2b:05:31:99:97:3c:5a:dc:da:11:40:a6:ac:b3:5f:
         80:78:a3:b9:42:da:d6:5d:62:1c:db:a9:b9:6d:11:b6:b1:05:
         9f:2a:b5:a3:f5:40:ca:c9:bf:46:66:4b:b4:ea:98:89:32:bd:
         3f:24:a9:61:c9:61:26:a8:f4:ca:30:d1:22:86:4f:d4:ef:17:
         fe:a3:ef:e6:80:38:0b:fe:ee:7a:b9:95:a3:0c:03:6f:2f:78:
         e2:91:a3:05:cd:08:84:00:14:7d:d6:c3:8f:c4:27:c0:79:63:
         e7:f3:9d:ed:1c:b0:6a:84:a9:35:f9:a4:58:b3:b8:cd:73:a3:
         b7:1b:98:9c:03:b2:54:32:3e:e0:07:f5:3c:fe:11:be:5a:4e:
         19:cc:d6:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNc44RdkAe0/CE/4xU/NcPDwwrecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEyMTMwOTU2NDNaFw0yNjEyMTIxMDAxNDNaMDMxMTAvBgNV
BAMTKDZDNTg0NkVGMjREQTYzRjIyNjdCMzFCRTNBMzVFMDA5RUFCNEE5NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGOCYvt7j9txO6vusEpk65Fd2k
YJX8XYkzvTFoCtGQZ7b506QyjB6yqH8yEwIv9jvq9vVm4e81c0k4uPRTTMuY/RFu
Jgo9wsn1EcQgVnqxj77hzEiKUwveoBlIV1KhBIcqd57vp3NCZQCRiD4diWsHHUd6
g1Q/FkArlVrYTqZepV34LcLpwRoT1LboUa5x1f1oa5QU98tIh8ZWwphl9RcDMVd0
Wg3cU3IuMC4D1/MfSGl3byvfQReSFxG/aC15HLq+z/crI+W9LnS9cBjfxUBotGhY
9176d7xECRvlaAvwZaV9uuyOLCYXcJpfWITNzZI0GtqaD4P+lAuoad8yhSf7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUbFhG7yTaY/ImezG+OjXgCeq0qWswHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjUwOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALUawQw
DQYJKoZIhvcNAQELBQADggEBAJc4r77DCIUV1KgJxx33YaZ2gURxKgE0PRQh8F/9
3pKuPIU08NgyNYrdVr2a9BCaL84hoUMsK2PkRS2O3rYXldR9QHfGi+X+tGwOmoUj
aAHvvkvCkabMKvkdIXtXeLDOgKi/NCwC+KWC2bQ5VtuCxCsFMZmXPFrc2hFApqyz
X4B4o7lC2tZdYhzbqbltEbaxBZ8qtaP1QMrJv0ZmS7TqmIkyvT8kqWHJYSao9Mow
0SKGT9TvF/6j7+aAOAv+7nq5laMMA28veOKRowXNCIQAFH3Ww4/EJ8B5Y+fzne0c
sGqEqTX5pFizuM1zo7cbmJwDslQyPuAH9Tz+Eb5aThnM1mA=
-----END CERTIFICATE-----