This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
File:                     AS63199.roa (raw, json)
Hash identifier:          pX+8MtpOVothXG2J0UQ/O9+ZIBWEWQCRumgSMQ9jNic=
Subject key identifier:   B2:4A:3A:19:D1:1E:76:74:B6:8E:E0:14:05:18:2A:E2:FB:C1:85:3A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7B76A0C7F2702B8776C95096C5F391D0B78B8224
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa
Signing time:             Thu 15 Jan 2026 07:09:25 +0000
ROA not before:           Thu 15 Jan 2026 07:04:25 +0000
ROA not after:            Thu 14 Jan 2027 07:09:25 +0000
asID:                     63199
IP address blocks:        143.20.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:56:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:76:a0:c7:f2:70:2b:87:76:c9:50:96:c5:f3:91:d0:b7:8b:82:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 15 07:04:25 2026 GMT
            Not After : Jan 14 07:09:25 2027 GMT
        Subject: CN=B24A3A19D11E7674B68EE01405182AE2FBC1853A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f7:71:e2:ce:f0:ff:01:33:2a:4a:79:f9:84:
                    61:e5:25:c2:ae:cb:37:40:ba:87:2d:ea:bb:79:c5:
                    c3:70:de:44:34:63:58:9a:d8:a6:d4:32:a6:a9:1f:
                    ad:0d:01:29:c2:ec:b0:42:9d:22:1b:28:23:64:ea:
                    46:8d:de:d7:5d:4e:b2:6c:45:64:09:11:41:52:81:
                    c6:08:fd:96:8e:34:de:0b:b2:8b:a5:c8:a3:32:d7:
                    cc:74:1a:e4:b5:4b:10:d4:ad:f5:9e:65:2c:27:59:
                    20:f6:d0:1c:d2:c8:50:21:1d:17:be:5d:dd:21:a8:
                    64:36:d7:54:d1:df:38:b2:7e:92:57:05:23:b1:cb:
                    3e:fa:18:0f:a7:af:eb:f3:76:ce:8b:5a:ea:e7:f1:
                    ae:f9:85:d3:1e:be:31:b7:6e:52:d7:3e:bb:6a:b7:
                    66:0f:bb:5e:a7:99:1b:04:40:c9:9d:30:a0:bb:08:
                    70:1d:5a:22:65:85:af:c0:20:75:83:75:3c:79:c3:
                    73:c5:97:d0:de:e0:70:d4:f3:df:df:87:30:53:b9:
                    e7:63:17:84:3f:6a:aa:96:52:da:dc:c0:76:05:11:
                    b4:00:f2:e3:e6:b9:13:b1:c7:9e:bb:97:3c:3d:b7:
                    40:fe:42:b3:d9:f4:b6:54:41:71:38:f0:55:f8:9d:
                    04:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4A:3A:19:D1:1E:76:74:B6:8E:E0:14:05:18:2A:E2:FB:C1:85:3A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS63199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:34:d2:05:0e:5e:84:1f:43:9a:29:f2:8d:7b:b3:d4:24:15:
         f5:ed:dc:9f:06:b6:d4:a8:a8:c8:de:a2:88:af:e6:cc:d0:76:
         9f:91:51:05:61:96:8f:3c:54:ec:e4:61:f7:7e:5e:ef:bb:b3:
         ff:f1:33:ec:85:e7:20:be:42:05:84:be:5a:83:0e:1c:f0:cb:
         63:b9:9d:37:bc:79:8f:b3:27:03:43:a9:72:0b:3d:48:8d:74:
         8e:a6:bf:9a:bf:3b:c8:cb:af:fc:48:9b:c8:c6:cb:ef:ab:51:
         f3:7f:75:00:aa:2f:f5:50:d7:36:42:3c:67:93:5a:cd:43:c8:
         f7:01:ca:93:aa:75:57:c3:59:a9:f3:00:0a:ba:72:e5:58:b2:
         34:a4:93:05:c9:d2:4e:8b:10:dc:ee:44:c7:5c:0a:2e:e4:d0:
         16:43:b6:86:ca:9a:01:03:d8:a8:bb:65:23:a4:83:a8:9d:df:
         b9:8d:79:ff:c4:54:06:0d:c8:86:29:3b:ea:5a:26:a8:0e:03:
         da:3c:1b:d3:9f:17:0b:3a:fb:12:a2:12:5a:89:02:72:8d:b7:
         86:a2:d3:52:04:b4:7a:7d:dd:9d:2d:d2:bc:39:81:bd:59:59:
         8d:0b:22:3d:53:3d:46:73:c4:f7:de:a4:40:06:f5:f7:e8:7a:
         36:b2:05:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUe3agx/JwK4d2yVCWxfOR0LeLgiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMTUwNzA0MjVaFw0yNzAxMTQwNzA5MjVaMDMxMTAvBgNV
BAMTKEIyNEEzQTE5RDExRTc2NzRCNjhFRTAxNDA1MTgyQUUyRkJDMTg1M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY93HizvD/ATMqSnn5hGHlJcKu
yzdAuoct6rt5xcNw3kQ0Y1ia2KbUMqapH60NASnC7LBCnSIbKCNk6kaN3tddTrJs
RWQJEUFSgcYI/ZaONN4LsoulyKMy18x0GuS1SxDUrfWeZSwnWSD20BzSyFAhHRe+
Xd0hqGQ211TR3ziyfpJXBSOxyz76GA+nr+vzds6LWurn8a75hdMevjG3blLXPrtq
t2YPu16nmRsEQMmdMKC7CHAdWiJlha/AIHWDdTx5w3PFl9De4HDU89/fhzBTuedj
F4Q/aqqWUtrcwHYFEbQA8uPmuROxx567lzw9t0D+QrPZ9LZUQXE48FX4nQRFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUsko6GdEednS2juAUBRgq4vvBhTowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjMxOTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFEEw
DQYJKoZIhvcNAQELBQADggEBADc00gUOXoQfQ5op8o17s9QkFfXt3J8GttSoqMje
ooiv5szQdp+RUQVhlo88VOzkYfd+Xu+7s//xM+yF5yC+QgWEvlqDDhzwy2O5nTe8
eY+zJwNDqXILPUiNdI6mv5q/O8jLr/xIm8jGy++rUfN/dQCqL/VQ1zZCPGeTWs1D
yPcBypOqdVfDWanzAAq6cuVYsjSkkwXJ0k6LENzuRMdcCi7k0BZDtobKmgED2Ki7
ZSOkg6id37mNef/EVAYNyIYpO+paJqgOA9o8G9OfFws6+xKiElqJAnKNt4ai01IE
tHp93Z0t0rw5gb1ZWY0LIj1TPUZzxPfepEAG9ffoejayBQY=
-----END CERTIFICATE-----