This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS60602.roa
File:                     AS60602.roa (raw, json)
Hash identifier:          7HSSx7LviSZ0G8/q6R4RXkFJRmvuhXT4dfA52YzeaD4=
Subject key identifier:   7C:6C:E4:40:F8:DE:38:2A:08:3B:87:9D:F1:49:66:EC:10:73:DF:90
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       52E92CAA20137A5A42F6EA5A05A843B4DD301324
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS60602.roa
Signing time:             Mon 24 Nov 2025 12:05:38 +0000
ROA not before:           Mon 24 Nov 2025 12:00:38 +0000
ROA not after:            Mon 23 Nov 2026 12:05:38 +0000
asID:                     60602
IP address blocks:        143.20.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e9:2c:aa:20:13:7a:5a:42:f6:ea:5a:05:a8:43:b4:dd:30:13:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov 24 12:00:38 2025 GMT
            Not After : Nov 23 12:05:38 2026 GMT
        Subject: CN=7C6CE440F8DE382A083B879DF14966EC1073DF90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:83:af:43:d8:99:da:30:b8:e6:85:2a:ea:
                    cc:d1:1d:af:ab:db:b8:21:1b:09:a3:1a:f9:28:a9:
                    5c:b4:ef:4b:bd:11:ca:a1:c8:8d:5b:13:2e:da:80:
                    a2:d0:f3:06:b1:e9:d8:18:5a:65:3d:67:66:c4:e4:
                    bf:7d:32:48:df:fe:ff:88:eb:f9:fc:0f:e8:b7:0a:
                    89:ba:57:1d:6c:5f:cd:2e:be:cf:63:e7:5a:f1:02:
                    b0:7c:c9:00:75:72:b6:af:99:e0:91:96:c0:2d:8a:
                    c2:c0:53:23:a0:35:e7:6c:f4:70:96:be:82:0b:62:
                    db:97:d0:81:ee:de:50:b0:59:06:2b:71:76:e1:df:
                    e3:3b:bc:e7:f4:3e:ce:31:ff:84:42:fb:46:fa:fd:
                    0a:f3:1b:a8:0c:57:26:d6:86:f4:df:f6:67:84:7c:
                    3f:ad:ce:1b:bf:e2:a4:1c:5f:f6:c8:68:6c:06:6e:
                    d5:38:40:0b:6b:67:43:94:bc:9f:99:74:2c:22:69:
                    41:0a:53:d2:b2:80:ca:a4:9f:86:d4:b4:69:ce:8e:
                    ac:a2:31:5f:c6:1b:04:89:f7:21:07:9f:c8:89:b5:
                    06:9e:28:be:84:62:77:ad:4b:da:8d:c5:80:93:fd:
                    d9:eb:78:f6:e2:8c:7c:11:49:86:dc:b9:3a:83:28:
                    e3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6C:E4:40:F8:DE:38:2A:08:3B:87:9D:F1:49:66:EC:10:73:DF:90
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS60602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:7b:d0:65:83:bd:90:b7:4e:56:89:65:97:77:69:00:91:df:
         7e:9b:ab:b9:b5:7b:25:cc:11:d1:56:42:0f:f7:de:91:1c:0b:
         12:3e:3d:4c:ac:1a:4c:98:58:47:22:8f:8c:ed:e1:fe:5d:ca:
         8b:d6:dd:a0:84:83:74:28:6d:a4:ab:83:7a:51:3c:7d:22:3f:
         ab:3a:74:98:c9:6d:d2:1e:f4:60:3c:ad:c4:7b:f7:2d:4b:97:
         21:28:43:fa:30:ca:58:df:a7:5e:0f:ab:82:fe:01:8d:60:da:
         33:25:11:27:f3:ea:49:2e:18:f1:30:b4:2e:9c:82:6f:0a:4b:
         2c:ed:1a:be:f5:ea:ac:3e:06:bb:b0:13:13:56:32:97:cc:86:
         b4:93:87:91:32:08:e7:cc:22:e9:a7:9e:2a:66:5b:2f:d2:fb:
         b4:a7:f1:2d:fd:23:ea:38:ad:51:b5:56:dc:69:db:90:08:a6:
         cb:df:d9:b1:56:1e:78:c7:e3:17:31:ac:f9:3e:0a:db:9b:54:
         ee:d1:a3:39:7a:5a:46:2c:d3:e7:9f:03:cd:97:18:1e:ec:d2:
         b7:a0:91:24:4f:b4:c8:9d:b9:fa:51:30:5c:f2:2b:7d:d6:42:
         d1:cd:56:59:04:35:e0:af:40:57:df:13:09:13:d5:c9:86:67:
         4a:f8:ea:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUuksqiATelpC9upaBahDtN0wEyQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMjQxMjAwMzhaFw0yNjExMjMxMjA1MzhaMDMxMTAvBgNV
BAMTKDdDNkNFNDQwRjhERTM4MkEwODNCODc5REYxNDk2NkVDMTA3M0RGOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0tIOvQ9iZ2jC45oUq6szRHa+r
27ghGwmjGvkoqVy070u9EcqhyI1bEy7agKLQ8wax6dgYWmU9Z2bE5L99Mkjf/v+I
6/n8D+i3Com6Vx1sX80uvs9j51rxArB8yQB1cravmeCRlsAtisLAUyOgNeds9HCW
voILYtuX0IHu3lCwWQYrcXbh3+M7vOf0Ps4x/4RC+0b6/QrzG6gMVybWhvTf9meE
fD+tzhu/4qQcX/bIaGwGbtU4QAtrZ0OUvJ+ZdCwiaUEKU9KygMqkn4bUtGnOjqyi
MV/GGwSJ9yEHn8iJtQaeKL6EYnetS9qNxYCT/dnrePbijHwRSYbcuTqDKONTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUfGzkQPjeOCoIO4ed8Ulm7BBz35AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjA2MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFBgw
DQYJKoZIhvcNAQELBQADggEBAEh70GWDvZC3TlaJZZd3aQCR336bq7m1eyXMEdFW
Qg/33pEcCxI+PUysGkyYWEcij4zt4f5dyovW3aCEg3QobaSrg3pRPH0iP6s6dJjJ
bdIe9GA8rcR79y1LlyEoQ/owyljfp14Pq4L+AY1g2jMlESfz6kkuGPEwtC6cgm8K
SyztGr716qw+BruwExNWMpfMhrSTh5EyCOfMIumnnipmWy/S+7Sn8S39I+o4rVG1
Vtxp25AIpsvf2bFWHnjH4xcxrPk+CtubVO7Rozl6WkYs0+efA82XGB7s0regkSRP
tMidufpRMFzyK33WQtHNVlkENeCvQFffEwkT1cmGZ0r46vs=
-----END CERTIFICATE-----