This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49592.roa
File:                     AS49592.roa (raw, json)
Hash identifier:          J0sHS7cneYqaPz2JKheGmO4IziujYRn3VHnSW2qmh3U=
Subject key identifier:   66:FA:41:30:9A:DC:25:40:E2:BB:54:94:BB:E2:3A:36:8A:4C:4E:E6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0FF2AC7A9FCA05B4123C98CCD7609DEE0BC54DDA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49592.roa
Signing time:             Sun 16 Nov 2025 19:32:46 +0000
ROA not before:           Sun 16 Nov 2025 19:27:46 +0000
ROA not after:            Sun 15 Nov 2026 19:32:46 +0000
asID:                     49592
IP address blocks:        143.20.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:f2:ac:7a:9f:ca:05:b4:12:3c:98:cc:d7:60:9d:ee:0b:c5:4d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov 16 19:27:46 2025 GMT
            Not After : Nov 15 19:32:46 2026 GMT
        Subject: CN=66FA41309ADC2540E2BB5494BBE23A368A4C4EE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4a:65:02:72:b6:02:6f:46:43:39:8a:cb:fe:
                    74:84:8b:b9:ad:0d:d6:9b:8c:74:15:3c:19:36:d8:
                    7b:3a:c9:ee:4d:9b:1e:47:97:b5:75:4d:16:14:0a:
                    f2:a7:0f:4f:ad:14:69:ea:2a:f1:69:46:74:ad:a8:
                    6a:5b:5f:2b:0f:a0:ff:d7:41:85:f4:f1:e3:d0:67:
                    fa:bf:cf:26:71:0a:c7:c6:3e:5d:1c:4f:e9:d6:39:
                    7d:44:ad:1b:87:d9:3c:56:00:cf:bb:1e:07:03:c9:
                    e5:c2:fd:0b:d7:3c:4e:be:5f:bb:91:a9:90:d0:86:
                    64:a3:c0:fe:b4:08:b1:2b:d4:3e:cb:66:75:4c:80:
                    2b:ab:9f:63:4e:e4:62:63:6b:b2:10:4a:60:95:07:
                    19:f3:5d:b3:40:17:15:94:65:4d:b3:91:d3:ba:fd:
                    6a:c7:64:ab:4e:3f:75:4a:63:76:90:44:df:33:5c:
                    82:33:f1:80:97:12:87:8e:f1:53:11:c8:86:ce:a4:
                    e0:66:3c:40:cf:08:63:fb:14:b6:84:45:0e:e5:fe:
                    f6:a6:34:6e:d9:fe:bc:8e:9c:b4:be:27:56:59:0c:
                    06:a3:59:60:d0:81:5e:1d:c3:8f:f2:a2:0f:aa:58:
                    53:be:19:9f:4b:1c:b5:63:cb:17:8f:f5:5c:bc:68:
                    04:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FA:41:30:9A:DC:25:40:E2:BB:54:94:BB:E2:3A:36:8A:4C:4E:E6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS49592.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7b:80:ce:60:9a:3a:43:64:b4:5c:37:70:ed:55:11:d4:af:
         1a:83:63:c7:d8:6e:8a:b0:db:9c:0a:8d:09:f7:9d:c5:33:c1:
         41:e6:b8:9b:87:24:a3:ab:f1:bf:56:f0:c0:16:57:03:bb:e3:
         93:6c:0f:9b:80:7a:ba:dd:6a:a1:92:ba:3a:ce:b7:02:aa:fe:
         43:2c:d2:1a:64:b0:81:b2:66:cc:09:aa:fa:46:a2:3f:5a:e3:
         c8:41:bb:38:57:bd:ac:4a:eb:8c:f6:ae:74:68:c7:9b:45:9f:
         d4:cf:d6:5b:10:34:b6:af:5d:81:a6:ab:87:b4:2e:56:bd:4a:
         55:c9:d4:c8:4c:a5:37:15:5b:e5:0f:57:53:a1:6c:1c:55:ee:
         b2:59:42:5d:0a:e3:ba:21:46:89:98:ed:82:49:97:81:c4:68:
         8b:de:20:38:f5:d1:e7:ca:b2:f0:ad:94:1f:be:13:4a:ac:77:
         e4:81:dd:21:89:7a:db:eb:d5:42:0d:64:fc:b8:6b:66:e1:ec:
         a8:7b:0e:e9:64:21:8f:35:c1:f2:91:35:35:59:f7:a2:54:b7:
         41:cf:8d:fa:dd:3a:9e:67:e3:b2:1f:12:eb:d8:9d:0a:4e:11:
         7d:f0:7a:20:af:65:61:c1:b0:14:2b:78:9b:70:81:6c:bf:80:
         31:c3:cd:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUD/Ksep/KBbQSPJjM12Cd7gvFTdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMTYxOTI3NDZaFw0yNjExMTUxOTMyNDZaMDMxMTAvBgNV
BAMTKDY2RkE0MTMwOUFEQzI1NDBFMkJCNTQ5NEJCRTIzQTM2OEE0QzRFRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHSmUCcrYCb0ZDOYrL/nSEi7mt
DdabjHQVPBk22Hs6ye5Nmx5Hl7V1TRYUCvKnD0+tFGnqKvFpRnStqGpbXysPoP/X
QYX08ePQZ/q/zyZxCsfGPl0cT+nWOX1ErRuH2TxWAM+7HgcDyeXC/QvXPE6+X7uR
qZDQhmSjwP60CLEr1D7LZnVMgCurn2NO5GJja7IQSmCVBxnzXbNAFxWUZU2zkdO6
/WrHZKtOP3VKY3aQRN8zXIIz8YCXEoeO8VMRyIbOpOBmPEDPCGP7FLaERQ7l/vam
NG7Z/ryOnLS+J1ZZDAajWWDQgV4dw4/yog+qWFO+GZ9LHLVjyxeP9Vy8aATbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUZvpBMJrcJUDiu1SUu+I6NopMTuYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDk1OTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFMAw
DQYJKoZIhvcNAQELBQADggEBACJ7gM5gmjpDZLRcN3DtVRHUrxqDY8fYboqw25wK
jQn3ncUzwUHmuJuHJKOr8b9W8MAWVwO745NsD5uAerrdaqGSujrOtwKq/kMs0hpk
sIGyZswJqvpGoj9a48hBuzhXvaxK64z2rnRox5tFn9TP1lsQNLavXYGmq4e0Lla9
SlXJ1MhMpTcVW+UPV1OhbBxV7rJZQl0K47ohRomY7YJJl4HEaIveIDj10efKsvCt
lB++E0qsd+SB3SGJetvr1UINZPy4a2bh7Kh7DulkIY81wfKRNTVZ96JUt0HPjfrd
Op5n47IfEuvYnQpOEX3weiCvZWHBsBQreJtwgWy/gDHDzco=
-----END CERTIFICATE-----