This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          p8lpcAJYx6CnFxjfpl0PDBGJG1y1WZcH/vUQzF6ojIU=
Subject key identifier:   A6:1D:F3:DB:82:1A:D6:F2:FE:38:DD:58:2E:CB:FC:94:62:21:2F:98
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       62E8EF4A345182FB2425F40454B7C2A3B0EBE0D0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa
Signing time:             Sun 28 Dec 2025 06:39:46 +0000
ROA not before:           Sun 28 Dec 2025 06:34:46 +0000
ROA not after:            Sun 27 Dec 2026 06:39:46 +0000
asID:                     21840
IP address blocks:        143.20.93.0/24 maxlen: 24
                          143.20.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:e8:ef:4a:34:51:82:fb:24:25:f4:04:54:b7:c2:a3:b0:eb:e0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 28 06:34:46 2025 GMT
            Not After : Dec 27 06:39:46 2026 GMT
        Subject: CN=A61DF3DB821AD6F2FE38DD582ECBFC9462212F98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:41:8b:8d:d5:c5:03:88:b7:22:c5:32:15:07:
                    6b:43:9a:52:a3:a6:5c:e9:c1:e9:da:2c:1c:1c:95:
                    c4:4b:ff:fb:d9:bb:18:93:85:96:b9:06:34:28:fe:
                    14:38:31:65:dd:65:fb:f8:3d:08:51:f6:18:a8:c7:
                    4b:22:81:a1:1c:2f:ab:65:a8:ff:e8:c6:c2:79:d4:
                    0b:86:cf:fd:86:65:1e:e5:15:93:a5:3a:1d:3c:f6:
                    f3:89:75:c9:35:c9:4c:81:34:5b:f2:7a:32:bd:20:
                    a1:64:15:20:80:22:42:c1:dd:5f:e0:a7:d9:a9:1d:
                    6f:c3:6c:5e:2f:4c:ff:89:dd:40:c8:92:ca:c8:57:
                    a1:21:61:b7:8e:70:ab:30:a5:26:ae:cc:8c:ae:b9:
                    ba:4d:ee:11:8c:60:ac:c0:dc:7a:e9:cc:09:0a:95:
                    34:99:53:e6:6c:2d:92:2b:f9:82:48:a3:ec:ec:a3:
                    79:ea:4e:19:71:f2:16:03:01:0a:34:5b:9f:0a:f3:
                    4b:1f:25:36:c8:1d:e0:08:d1:29:f2:77:68:e8:ee:
                    ca:f1:59:de:22:39:dc:ad:7a:8f:9d:fc:e5:8b:d4:
                    49:6b:ce:72:ee:f8:71:56:5d:9e:9e:a4:f2:d1:e0:
                    46:d8:f7:48:e6:58:c9:1e:02:b1:d7:1d:5b:49:0a:
                    58:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1D:F3:DB:82:1A:D6:F2:FE:38:DD:58:2E:CB:FC:94:62:21:2F:98
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.93.0/24
                  143.20.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:7c:69:58:f3:2c:1f:68:6c:ca:a9:23:f8:a2:20:bf:2c:f5:
         cd:d4:0b:99:83:24:0d:7a:fd:53:cb:9a:88:04:0f:73:4b:98:
         be:94:82:49:ad:a3:13:a2:9f:95:bb:c7:27:6f:7d:db:46:e3:
         db:4d:58:d6:51:28:ca:15:12:7f:85:2d:07:4c:2b:52:60:a2:
         56:32:b2:3d:37:f8:9e:d3:f9:66:1e:ef:c2:c5:3c:ad:40:4c:
         a2:49:3d:39:4c:10:9c:71:58:48:78:d7:9a:6b:25:ff:2d:93:
         e0:19:3b:61:fe:83:72:3b:2f:b2:58:9c:fc:d4:d6:0d:88:0d:
         37:7c:a2:6c:26:95:2e:06:73:8b:bb:dc:85:66:b5:13:13:25:
         fb:b1:ab:4d:63:b1:d4:66:a1:78:55:d1:0f:bf:1e:bf:fa:eb:
         3c:15:95:f0:a2:90:fe:a2:65:4a:f4:51:d6:17:d9:c1:72:86:
         db:ca:0b:46:49:e5:99:77:cf:44:df:ff:37:a9:c9:bd:a8:13:
         fe:0b:72:cb:c3:19:cd:bd:e3:b7:75:d4:c0:1f:85:85:d7:0b:
         51:d4:7b:56:50:54:25:78:be:d1:dd:cf:da:2f:5e:d9:b7:d5:
         93:43:84:d7:42:38:03:4e:29:26:af:29:c8:69:f9:94:7f:bf:
         9c:68:cd:71
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYujvSjRRgvskJfQEVLfCo7Dr4NAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMjgwNjM0NDZaFw0yNjEyMjcwNjM5NDZaMDMxMTAvBgNV
BAMTKEE2MURGM0RCODIxQUQ2RjJGRTM4REQ1ODJFQ0JGQzk0NjIyMTJGOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmQYuN1cUDiLcixTIVB2tDmlKj
plzpwenaLBwclcRL//vZuxiThZa5BjQo/hQ4MWXdZfv4PQhR9hiox0sigaEcL6tl
qP/oxsJ51AuGz/2GZR7lFZOlOh089vOJdck1yUyBNFvyejK9IKFkFSCAIkLB3V/g
p9mpHW/DbF4vTP+J3UDIksrIV6EhYbeOcKswpSauzIyuubpN7hGMYKzA3HrpzAkK
lTSZU+ZsLZIr+YJIo+zso3nqThlx8hYDAQo0W58K80sfJTbIHeAI0Snyd2jo7srx
Wd4iOdyteo+d/OWL1ElrznLu+HFWXZ6epPLR4EbY90jmWMkeArHXHVtJClizAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUph3z24Ia1vL+ON1YLsv8lGIhL5gwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFF0D
BACPFHMwDQYJKoZIhvcNAQELBQADggEBAKp8aVjzLB9obMqpI/iiIL8s9c3UC5mD
JA16/VPLmogED3NLmL6UgkmtoxOin5W7xydvfdtG49tNWNZRKMoVEn+FLQdMK1Jg
olYysj03+J7T+WYe78LFPK1ATKJJPTlMEJxxWEh415prJf8tk+AZO2H+g3I7L7JY
nPzU1g2IDTd8omwmlS4Gc4u73IVmtRMTJfuxq01jsdRmoXhV0Q+/Hr/66zwVlfCi
kP6iZUr0UdYX2cFyhtvKC0ZJ5Zl3z0Tf/zepyb2oE/4LcsvDGc2947d11MAfhYXX
C1HUe1ZQVCV4vtHdz9ovXtm31ZNDhNdCOANOKSavKchp+ZR/v5xozXE=
-----END CERTIFICATE-----