This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401560.roa
File:                     AS401560.roa (raw, json)
Hash identifier:          8FoFX+2aKfwzfCMGJohOTjl/RDhNzMvDFMk01tYUVxU=
Subject key identifier:   F9:7F:1B:41:D4:35:BA:FF:0B:AD:8D:D2:23:AF:F9:18:64:51:71:4F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6087987D160E8039EA460CB870EFB9428D9597A2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401560.roa
Signing time:             Wed 31 Dec 2025 16:57:32 +0000
ROA not before:           Wed 31 Dec 2025 16:52:32 +0000
ROA not after:            Wed 30 Dec 2026 16:57:32 +0000
asID:                     401560
IP address blocks:        143.20.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 11:15:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:87:98:7d:16:0e:80:39:ea:46:0c:b8:70:ef:b9:42:8d:95:97:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 31 16:52:32 2025 GMT
            Not After : Dec 30 16:57:32 2026 GMT
        Subject: CN=F97F1B41D435BAFF0BAD8DD223AFF9186451714F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:92:66:70:e6:00:c8:71:35:fb:9e:b2:69:28:
                    24:6a:6e:7a:0c:71:a3:07:03:38:6b:0e:b9:98:9a:
                    e0:10:82:36:20:04:c6:b6:21:17:e8:95:a7:5d:3c:
                    0d:85:a7:43:33:5c:6e:f7:c9:ed:15:7e:7e:2f:71:
                    17:48:9c:1d:21:19:ea:ed:5a:ff:29:ca:40:e0:b6:
                    99:3a:be:9b:63:88:fc:de:06:2d:76:1e:5f:c1:a0:
                    cd:85:28:16:8a:ab:23:83:9a:38:ff:4f:88:a8:d6:
                    61:25:cf:e2:5f:4e:59:84:9f:54:7a:26:7c:7f:6d:
                    ce:7d:6f:3b:e9:67:8c:f3:3b:be:fc:6b:0c:f7:18:
                    25:30:c0:e2:b6:21:18:a3:b9:78:8a:64:41:b5:0f:
                    ae:b5:ba:f8:70:07:6d:5a:e2:f0:56:04:cc:03:62:
                    70:90:3e:22:ac:20:7e:18:33:1f:46:e1:ec:12:6d:
                    c0:38:6c:83:8b:a4:90:c9:6f:d9:62:1c:8f:a6:66:
                    2c:04:93:af:fa:bd:63:82:dc:9a:d6:51:95:f6:10:
                    c9:40:d2:13:02:ce:b1:5c:95:4a:20:9c:b2:14:16:
                    0c:c5:70:11:1b:1c:b3:03:17:d4:64:2b:ae:c0:bd:
                    72:53:32:59:57:fa:60:a8:7e:ad:ea:1d:16:9e:7a:
                    71:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:7F:1B:41:D4:35:BA:FF:0B:AD:8D:D2:23:AF:F9:18:64:51:71:4F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401560.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:17:ec:70:a2:9a:d3:92:9f:04:51:76:65:73:e8:ad:54:aa:
         87:de:27:18:0d:4d:2c:28:aa:b0:0f:0c:bb:b2:6d:a7:db:a4:
         14:50:c1:58:9d:66:fc:e7:14:29:52:61:73:40:6b:2c:9a:ff:
         ef:e8:e3:d8:6b:e8:b3:6c:c3:38:bf:19:99:63:c2:6a:4c:c1:
         fc:3c:03:95:5d:a8:b4:27:9f:88:75:7a:0b:c3:e5:a7:47:72:
         d5:b8:f3:f6:87:34:ce:c7:9a:70:ed:93:10:4d:49:3a:41:17:
         a9:47:c5:d3:4c:2a:4f:33:52:ce:8d:71:6f:73:09:5c:2f:e9:
         89:b0:94:f5:98:3f:fa:36:48:82:01:ae:9f:87:16:e6:41:3e:
         1a:4e:cd:8e:19:8b:7d:8a:85:fb:a2:1b:6f:fa:85:c0:b9:13:
         3d:3b:3a:21:7b:30:cc:6d:a1:82:c6:41:3a:15:08:bf:ed:ab:
         4e:12:16:8d:86:63:72:80:b3:9d:d4:fd:25:1b:b3:cf:be:e4:
         71:6f:27:94:5a:e9:87:a3:c6:c2:76:c8:c9:fb:84:be:26:2f:
         60:7c:56:ce:b4:d1:25:34:16:9c:81:cd:b8:54:2c:f5:90:17:
         ca:ca:bb:e3:6a:d5:04:18:70:c5:06:fa:75:4d:af:14:40:a4:
         05:0f:1d:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYIeYfRYOgDnqRgy4cO+5Qo2Vl6IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMzExNjUyMzJaFw0yNjEyMzAxNjU3MzJaMDMxMTAvBgNV
BAMTKEY5N0YxQjQxRDQzNUJBRkYwQkFEOEREMjIzQUZGOTE4NjQ1MTcxNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYkmZw5gDIcTX7nrJpKCRqbnoM
caMHAzhrDrmYmuAQgjYgBMa2IRfoladdPA2Fp0MzXG73ye0Vfn4vcRdInB0hGert
Wv8pykDgtpk6vptjiPzeBi12Hl/BoM2FKBaKqyODmjj/T4io1mElz+JfTlmEn1R6
Jnx/bc59bzvpZ4zzO778awz3GCUwwOK2IRijuXiKZEG1D661uvhwB21a4vBWBMwD
YnCQPiKsIH4YMx9G4ewSbcA4bIOLpJDJb9liHI+mZiwEk6/6vWOC3JrWUZX2EMlA
0hMCzrFclUognLIUFgzFcBEbHLMDF9RkK67AvXJTMllX+mCofq3qHRaeenHfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+X8bQdQ1uv8LrY3SI6/5GGRRcU8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAxNTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxT9
MA0GCSqGSIb3DQEBCwUAA4IBAQCDF+xwoprTkp8EUXZlc+itVKqH3icYDU0sKKqw
Dwy7sm2n26QUUMFYnWb85xQpUmFzQGssmv/v6OPYa+izbMM4vxmZY8JqTMH8PAOV
Xai0J5+IdXoLw+WnR3LVuPP2hzTOx5pw7ZMQTUk6QRepR8XTTCpPM1LOjXFvcwlc
L+mJsJT1mD/6NkiCAa6fhxbmQT4aTs2OGYt9ioX7ohtv+oXAuRM9OzohezDMbaGC
xkE6FQi/7atOEhaNhmNygLOd1P0lG7PPvuRxbyeUWumHo8bCdsjJ+4S+Ji9gfFbO
tNElNBacgc24VCz1kBfKyrvjatUEGHDFBvp1Ta8UQKQFDx0J
-----END CERTIFICATE-----