This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199524.roa
File:                     AS199524.roa (raw, json)
Hash identifier:          IIk+yheOrh7xBUpRfmAg5YuQcaBnCoNunPQRMZBNzXw=
Subject key identifier:   A9:67:15:EB:B5:09:2B:99:01:76:A3:71:AA:22:25:BB:7C:0B:4B:4C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       78E8C8B149801BF3C9144B170BFFC8F812BDC3E9
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199524.roa
Signing time:             Tue 18 Nov 2025 07:37:09 +0000
ROA not before:           Tue 18 Nov 2025 07:32:09 +0000
ROA not after:            Tue 17 Nov 2026 07:37:09 +0000
asID:                     199524
IP address blocks:        95.135.0.0/24 maxlen: 24
                          95.135.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Nov 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e8:c8:b1:49:80:1b:f3:c9:14:4b:17:0b:ff:c8:f8:12:bd:c3:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 18 07:32:09 2025 GMT
            Not After : Nov 17 07:37:09 2026 GMT
        Subject: CN=A96715EBB5092B990176A371AA2225BB7C0B4B4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b2:76:10:5d:8b:c0:d6:ad:26:22:14:03:b8:
                    ee:a0:a0:2a:82:cd:28:7f:0b:98:ef:1d:e8:d7:95:
                    6b:ac:01:3e:91:be:33:69:32:72:c0:c2:25:3c:e4:
                    4c:6c:68:df:e3:53:ca:18:cc:7b:e5:60:8f:13:6c:
                    02:42:6c:07:92:3b:3a:4b:90:88:27:17:32:af:5e:
                    f0:6a:c3:56:1d:06:6d:6a:78:cd:c1:0b:0d:c8:03:
                    f5:fa:d3:af:75:8d:71:ed:1a:d2:06:e3:0f:13:34:
                    52:59:d7:e8:1b:64:d5:b8:f4:e5:75:39:3f:50:33:
                    85:e5:99:ef:92:10:99:9c:55:cc:be:f5:40:f5:4a:
                    4e:61:e9:32:b1:21:8c:da:02:03:8f:83:4d:d2:be:
                    ec:6b:8e:85:16:84:91:9e:10:26:48:d9:6b:98:01:
                    01:2e:a3:c6:d0:86:71:74:af:df:1a:34:ad:75:d7:
                    54:c1:8e:36:81:af:77:bc:da:b8:86:87:d4:c6:69:
                    0a:80:86:66:33:c8:ff:83:83:fe:a7:ba:a5:a1:02:
                    f5:de:cf:38:7e:72:17:a2:ba:a6:cd:14:e7:e6:4d:
                    e9:9a:45:76:ec:90:6e:06:81:55:ef:e5:78:a0:48:
                    e8:da:0f:4e:31:7a:58:e8:c1:5c:a9:28:4f:9d:05:
                    cb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:67:15:EB:B5:09:2B:99:01:76:A3:71:AA:22:25:BB:7C:0B:4B:4C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199524.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:33:ca:81:9e:92:ad:49:cf:90:1d:7b:41:50:4c:7c:8c:81:
         e7:6b:d5:9c:46:20:9f:b0:c9:16:9c:bb:ee:0e:d3:a3:dc:cf:
         f4:6b:07:ef:e3:71:7d:dd:ad:b5:8a:ae:0f:5c:c9:99:61:2f:
         96:ae:db:96:b3:d0:fc:a8:11:f2:b2:0d:cf:74:a7:03:c0:43:
         05:2c:35:db:5e:4a:b6:9f:3b:c3:8b:1e:0c:8c:60:1b:7b:3a:
         a5:3d:61:11:22:b5:42:d2:1f:8c:04:12:9f:60:53:5d:7f:36:
         cb:f1:66:67:dd:9e:87:c3:6a:99:f5:b4:27:f7:14:56:95:10:
         8a:3d:ec:cd:a4:32:21:5b:3d:81:2f:cb:a6:23:c4:d0:9c:46:
         58:23:f7:44:7e:d1:a8:cd:58:69:a9:18:04:21:c4:19:d8:0f:
         4a:8e:06:63:81:69:ff:ef:99:cb:5c:05:7c:25:70:e9:52:3b:
         7b:31:6c:4b:e6:0c:23:bf:16:97:88:1d:12:b9:92:d4:68:56:
         8d:19:3f:2c:75:9f:24:68:6d:00:06:03:d4:34:aa:59:97:2d:
         3f:74:50:4f:1f:17:b9:b9:7a:b2:ba:ce:29:7f:32:89:c9:82:
         94:c8:bf:2b:d6:81:bf:e4:b8:c4:a2:c5:04:ab:61:f8:a9:32:
         c7:ce:cc:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeOjIsUmAG/PJFEsXC//I+BK9w+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTExMTgwNzMyMDlaFw0yNjExMTcwNzM3MDlaMDMxMTAvBgNV
BAMTKEE5NjcxNUVCQjUwOTJCOTkwMTc2QTM3MUFBMjIyNUJCN0MwQjRCNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCasnYQXYvA1q0mIhQDuO6goCqC
zSh/C5jvHejXlWusAT6RvjNpMnLAwiU85ExsaN/jU8oYzHvlYI8TbAJCbAeSOzpL
kIgnFzKvXvBqw1YdBm1qeM3BCw3IA/X60691jXHtGtIG4w8TNFJZ1+gbZNW49OV1
OT9QM4Xlme+SEJmcVcy+9UD1Sk5h6TKxIYzaAgOPg03SvuxrjoUWhJGeECZI2WuY
AQEuo8bQhnF0r98aNK1111TBjjaBr3e82riGh9TGaQqAhmYzyP+Dg/6nuqWhAvXe
zzh+cheiuqbNFOfmTemaRXbskG4GgVXv5XigSOjaD04xeljowVypKE+dBctzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqWcV67UJK5kBdqNxqiIlu3wLS0wwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk5NTI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4cA
MA0GCSqGSIb3DQEBCwUAA4IBAQBeM8qBnpKtSc+QHXtBUEx8jIHna9WcRiCfsMkW
nLvuDtOj3M/0awfv43F93a21iq4PXMmZYS+WrtuWs9D8qBHysg3PdKcDwEMFLDXb
Xkq2nzvDix4MjGAbezqlPWERIrVC0h+MBBKfYFNdfzbL8WZn3Z6Hw2qZ9bQn9xRW
lRCKPezNpDIhWz2BL8umI8TQnEZYI/dEftGozVhpqRgEIcQZ2A9KjgZjgWn/75nL
XAV8JXDpUjt7MWxL5gwjvxaXiB0SuZLUaFaNGT8sdZ8kaG0ABgPUNKpZly0/dFBP
Hxe5uXqyus4pfzKJyYKUyL8r1oG/5LjEosUEq2H4qTLHzszF
-----END CERTIFICATE-----