This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399516.roa
File:                     AS399516.roa (raw, json)
Hash identifier:          f6s7yPg2+uvNUedF9tqiE4lT86QZ2ipx8QkhuDSTZcA=
Subject key identifier:   F5:E9:9E:B1:5A:E3:A7:F3:80:BA:81:17:B8:8F:E9:6B:EF:3C:95:A3
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       13CA0ECD6975F5F9B14CB06E7D551EA3233E0062
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399516.roa
Signing time:             Sat 10 Jan 2026 14:00:21 +0000
ROA not before:           Sat 10 Jan 2026 13:55:21 +0000
ROA not after:            Sat 09 Jan 2027 14:00:21 +0000
asID:                     399516
IP address blocks:        143.20.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ca:0e:cd:69:75:f5:f9:b1:4c:b0:6e:7d:55:1e:a3:23:3e:00:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 10 13:55:21 2026 GMT
            Not After : Jan  9 14:00:21 2027 GMT
        Subject: CN=F5E99EB15AE3A7F380BA8117B88FE96BEF3C95A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:45:93:6c:ae:e3:68:ae:52:73:b1:e0:25:bb:
                    97:67:cf:37:6b:c2:fb:c7:b9:c9:e3:d8:68:fd:58:
                    00:04:6f:4b:ad:a7:60:f0:4d:0a:ef:22:e3:51:95:
                    e6:bb:47:b7:5e:c6:8b:7e:0b:0a:19:85:93:14:23:
                    4f:7c:80:98:73:41:ed:ca:b5:b7:82:d5:e1:82:c1:
                    84:e1:8d:cd:4a:4e:00:6c:ad:46:23:14:61:a7:4a:
                    fc:38:82:78:e0:61:17:97:84:4e:49:e1:f1:fe:a2:
                    5d:1a:d4:4f:62:74:7c:9c:f3:7b:70:c4:c0:c3:19:
                    35:93:b7:41:1f:bc:7b:68:60:cf:14:b8:1d:cb:dc:
                    a8:ae:09:ed:18:58:33:f5:f0:75:a7:bb:18:ec:b6:
                    28:d9:52:d3:f7:4b:8a:09:e1:2a:7f:4f:99:86:1d:
                    f3:68:d2:77:33:0c:a8:c3:87:2e:4c:da:e2:fe:4c:
                    a6:b4:fc:d6:45:c8:fa:fe:fb:6e:d3:2d:ba:28:21:
                    5d:a5:98:b8:56:9d:3b:c8:a7:5f:97:48:9c:c7:b4:
                    13:ba:58:71:94:a0:72:1c:a7:c9:26:f7:48:db:7a:
                    66:b2:fd:9a:08:41:b8:e4:50:92:4e:2a:34:4e:98:
                    7e:43:b8:62:5e:7d:a8:35:ec:f5:af:72:f6:83:d3:
                    4f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E9:9E:B1:5A:E3:A7:F3:80:BA:81:17:B8:8F:E9:6B:EF:3C:95:A3
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399516.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:44:48:1f:b5:f9:d5:d9:2f:b8:32:cb:b3:b5:c0:ca:f8:79:
         e9:84:0f:d6:ac:04:0a:62:3b:24:70:b3:83:ea:35:54:fd:34:
         41:98:cd:c9:1a:15:0c:68:c0:ad:35:78:03:a8:f1:a6:72:91:
         33:a3:02:bf:d0:3e:90:2f:b9:f2:7f:7b:69:67:8f:d5:13:80:
         2b:47:62:24:26:01:67:91:48:a0:8d:7a:00:ac:f9:70:03:9b:
         1d:36:f7:2a:bf:5a:e4:00:45:d5:d5:a0:6f:0e:2e:9c:b8:0f:
         01:1d:56:ff:20:8f:b8:9b:13:1f:79:c9:1e:49:01:87:5c:3e:
         b7:7a:f4:2e:7d:4c:65:3a:a7:6c:e8:a2:54:71:83:d1:f8:0b:
         5f:44:f4:f1:d9:db:35:20:87:ba:67:d0:dd:63:5b:c4:94:e5:
         a9:83:a0:ca:ce:6c:a7:19:c2:c3:0b:b2:f5:02:ae:04:4d:cf:
         88:44:50:60:c7:a7:a4:2b:b5:2e:a6:d7:22:f3:7a:8a:f0:9b:
         8c:42:76:12:6e:63:b8:c6:09:e4:94:24:3d:7c:91:db:79:c3:
         12:0b:3b:4a:be:2e:1a:99:21:af:e3:4c:b5:98:a7:db:5f:13:
         4d:2b:f0:f5:c8:e4:e3:68:26:fd:29:c9:54:1c:a0:73:27:f2:
         71:18:eb:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUE8oOzWl19fmxTLBufVUeoyM+AGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMTAxMzU1MjFaFw0yNzAxMDkxNDAwMjFaMDMxMTAvBgNV
BAMTKEY1RTk5RUIxNUFFM0E3RjM4MEJBODExN0I4OEZFOTZCRUYzQzk1QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoRZNsruNorlJzseAlu5dnzzdr
wvvHucnj2Gj9WAAEb0utp2DwTQrvIuNRlea7R7dexot+CwoZhZMUI098gJhzQe3K
tbeC1eGCwYThjc1KTgBsrUYjFGGnSvw4gnjgYReXhE5J4fH+ol0a1E9idHyc83tw
xMDDGTWTt0EfvHtoYM8UuB3L3KiuCe0YWDP18HWnuxjstijZUtP3S4oJ4Sp/T5mG
HfNo0nczDKjDhy5M2uL+TKa0/NZFyPr++27TLbooIV2lmLhWnTvIp1+XSJzHtBO6
WHGUoHIcp8km90jbemay/ZoIQbjkUJJOKjROmH5DuGJefag17PWvcvaD008VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9emesVrjp/OAuoEXuI/pa+88laMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk5NTE2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQj
MA0GCSqGSIb3DQEBCwUAA4IBAQDJREgftfnV2S+4MsuztcDK+HnphA/WrAQKYjsk
cLOD6jVU/TRBmM3JGhUMaMCtNXgDqPGmcpEzowK/0D6QL7nyf3tpZ4/VE4ArR2Ik
JgFnkUigjXoArPlwA5sdNvcqv1rkAEXV1aBvDi6cuA8BHVb/II+4mxMfeckeSQGH
XD63evQufUxlOqds6KJUcYPR+AtfRPTx2ds1IIe6Z9DdY1vElOWpg6DKzmynGcLD
C7L1Aq4ETc+IRFBgx6ekK7Uuptci83qK8JuMQnYSbmO4xgnklCQ9fJHbecMSCztK
vi4amSGv40y1mKfbXxNNK/D1yOTjaCb9KclUHKBzJ/JxGOsU
-----END CERTIFICATE-----