This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399646.roa
File:                     AS399646.roa (raw, json)
Hash identifier:          L9ZzBKPm/e9tUqBl4Cf2abYp3rewCW3wk8HexWACbEA=
Subject key identifier:   31:9C:89:4C:4D:B1:78:DA:30:E3:CC:49:70:5A:3A:BC:BE:01:7A:0C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       72498EEB12B89464835E0ADC2C96404490F1A3A1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399646.roa
Signing time:             Fri 21 Nov 2025 14:49:24 +0000
ROA not before:           Fri 21 Nov 2025 14:44:24 +0000
ROA not after:            Fri 20 Nov 2026 14:49:24 +0000
asID:                     399646
IP address blocks:        143.20.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:49:8e:eb:12:b8:94:64:83:5e:0a:dc:2c:96:40:44:90:f1:a3:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov 21 14:44:24 2025 GMT
            Not After : Nov 20 14:49:24 2026 GMT
        Subject: CN=319C894C4DB178DA30E3CC49705A3ABCBE017A0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:04:0d:f8:3f:d9:58:c3:6a:6d:cd:b1:37:3e:
                    35:0f:ba:8b:2a:fa:d1:b1:d6:2e:83:2c:4d:84:20:
                    be:d8:29:0d:a8:4f:52:c2:8f:23:36:82:59:a7:d9:
                    7f:b4:ab:fa:72:a4:f0:fe:dd:a2:f0:3a:13:4d:4f:
                    87:db:68:0f:f4:02:8c:31:5b:1b:c3:bd:c4:9e:2f:
                    c0:b7:c8:12:d5:6c:8c:5c:e3:6e:61:54:68:3b:04:
                    e0:eb:c3:97:55:6b:d4:43:d4:82:72:78:7b:fb:24:
                    3c:46:5d:13:0f:4a:08:77:d0:85:c9:f3:0b:e7:db:
                    0d:08:9b:84:e2:4c:4c:5a:77:93:c3:07:97:a3:94:
                    c6:7b:95:4c:0a:e4:e2:a6:29:d9:4f:24:42:c3:f9:
                    ba:ee:b2:b0:32:bf:46:45:c2:ec:d0:1e:b6:7b:af:
                    68:60:80:4b:2d:3c:64:aa:6c:c0:bd:cb:4a:1c:7f:
                    61:cd:18:fe:11:9f:56:34:6a:9e:15:57:3f:ea:df:
                    c0:28:b9:4e:7c:f1:48:35:c3:05:14:aa:b0:ed:65:
                    f9:d6:20:46:aa:fb:7d:c5:88:39:42:84:05:b8:7b:
                    ce:d6:d2:28:87:a6:ba:d6:4a:8b:25:5e:17:08:ad:
                    fd:66:7e:9c:e1:aa:10:04:4b:b9:a0:c2:df:0c:b5:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:9C:89:4C:4D:B1:78:DA:30:E3:CC:49:70:5A:3A:BC:BE:01:7A:0C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399646.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:69:41:e2:8d:5e:4f:93:73:f2:b1:fb:c6:8f:8f:48:b1:56:
         9d:56:6b:0d:f7:93:4a:03:a3:6e:84:8e:7a:2c:b1:7d:aa:86:
         6f:ff:f8:28:3c:04:cf:6b:d2:46:a9:a0:29:c0:f4:25:43:f3:
         bd:d7:38:3e:c5:85:c4:9c:07:d3:52:77:a4:2e:11:2a:59:01:
         bd:06:7e:50:08:58:49:f9:08:7d:4f:ed:0f:5b:be:48:56:5d:
         7a:7b:65:fd:c5:20:d6:1a:bb:57:10:cd:7e:cb:1a:d7:76:9d:
         a4:d3:a8:c1:b2:85:a7:79:ee:82:03:6f:32:70:ae:1a:e0:ab:
         28:56:a4:1d:a7:5c:10:1f:a2:13:25:e3:e5:ab:f8:ee:cc:c4:
         5e:bd:1a:e5:4a:01:9c:d8:1f:36:47:ed:e0:7d:4c:57:94:35:
         f5:33:50:96:3b:cc:d8:99:9a:60:a9:09:d8:82:0c:2c:47:cc:
         9c:8e:c3:d0:e3:7e:b9:f3:bd:99:a4:72:a2:ad:69:4b:a4:6e:
         14:81:99:09:2e:b4:18:71:e6:1e:c3:c7:a8:15:25:80:db:70:
         27:c9:f3:db:b7:63:fd:d8:3d:e0:a7:45:f6:2e:0c:ca:1e:14:
         54:bc:c9:86:2e:82:47:c6:06:c6:2d:1a:ed:4a:6d:5c:f8:01:
         e8:d9:02:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUckmO6xK4lGSDXgrcLJZARJDxo6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMjExNDQ0MjRaFw0yNjExMjAxNDQ5MjRaMDMxMTAvBgNV
BAMTKDMxOUM4OTRDNERCMTc4REEzMEUzQ0M0OTcwNUEzQUJDQkUwMTdBMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGBA34P9lYw2ptzbE3PjUPuosq
+tGx1i6DLE2EIL7YKQ2oT1LCjyM2glmn2X+0q/pypPD+3aLwOhNNT4fbaA/0Aowx
WxvDvcSeL8C3yBLVbIxc425hVGg7BODrw5dVa9RD1IJyeHv7JDxGXRMPSgh30IXJ
8wvn2w0Im4TiTExad5PDB5ejlMZ7lUwK5OKmKdlPJELD+brusrAyv0ZFwuzQHrZ7
r2hggEstPGSqbMC9y0ocf2HNGP4Rn1Y0ap4VVz/q38AouU588Ug1wwUUqrDtZfnW
IEaq+33FiDlChAW4e87W0iiHprrWSoslXhcIrf1mfpzhqhAES7mgwt8MtQbJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMZyJTE2xeNow48xJcFo6vL4BegwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk5NjQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSP
MA0GCSqGSIb3DQEBCwUAA4IBAQA+aUHijV5Pk3PysfvGj49IsVadVmsN95NKA6Nu
hI56LLF9qoZv//goPATPa9JGqaApwPQlQ/O91zg+xYXEnAfTUnekLhEqWQG9Bn5Q
CFhJ+Qh9T+0PW75IVl16e2X9xSDWGrtXEM1+yxrXdp2k06jBsoWnee6CA28ycK4a
4KsoVqQdp1wQH6ITJePlq/juzMRevRrlSgGc2B82R+3gfUxXlDX1M1CWO8zYmZpg
qQnYggwsR8ycjsPQ4365872ZpHKirWlLpG4UgZkJLrQYceYew8eoFSWA23AnyfPb
t2P92D3gp0X2LgzKHhRUvMmGLoJHxgbGLRrtSm1c+AHo2QLa
-----END CERTIFICATE-----