This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          95McBRDVcU9MdixZq7sK4ZKHbt8Ndr5HpsoTs7bO01U=
Subject key identifier:   CC:BE:48:04:2D:5B:46:D2:AE:C7:51:B0:66:DA:01:A0:C0:7E:BE:F8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7569DB0EA3CB0A183E12B05E13159D0E3124E6BC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa
Signing time:             Fri 24 Oct 2025 10:34:21 +0000
ROA not before:           Fri 24 Oct 2025 10:29:21 +0000
ROA not after:            Fri 23 Oct 2026 10:34:21 +0000
asID:                     23532
IP address blocks:        95.135.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Nov 2025 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:69:db:0e:a3:cb:0a:18:3e:12:b0:5e:13:15:9d:0e:31:24:e6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 24 10:29:21 2025 GMT
            Not After : Oct 23 10:34:21 2026 GMT
        Subject: CN=CCBE48042D5B46D2AEC751B066DA01A0C07EBEF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:66:54:bb:02:3b:04:2d:2e:ed:22:4b:27:
                    fd:ab:66:46:a7:7c:02:4b:af:70:d5:8b:43:ef:5b:
                    ef:09:95:37:0f:d0:83:8f:90:af:ad:6f:19:51:e9:
                    7f:6c:6b:62:8a:ce:b4:7a:c6:59:4e:51:ec:a4:5c:
                    f0:9b:f1:33:45:54:8a:a7:56:23:e7:19:11:d8:c7:
                    a8:02:6d:8e:d4:43:e0:10:7e:37:e0:78:da:60:9e:
                    28:5d:5e:3d:f6:45:77:68:cd:55:5c:46:be:78:c5:
                    db:6c:da:69:8e:d8:06:71:49:2d:c6:df:9d:d5:c5:
                    90:50:3c:98:e9:d5:5e:e6:4c:99:32:6a:45:ea:40:
                    10:f2:3d:c9:6f:f9:7b:94:03:59:b8:ab:bd:f4:4f:
                    9e:b1:3f:4b:96:c7:31:78:d3:63:2e:bd:0b:7c:22:
                    76:ee:3e:46:b3:8f:e0:b9:b0:e8:c6:13:c1:60:a9:
                    7a:e6:91:83:20:84:ea:48:6a:12:ab:1e:b0:14:0b:
                    bb:3e:d5:85:1c:44:9e:8c:35:55:de:0d:a1:4e:c0:
                    c6:2e:63:29:42:31:21:ed:ea:47:e9:0b:d4:d0:6c:
                    00:65:5a:b7:0d:cb:b2:de:83:60:d2:18:51:2c:04:
                    bd:d1:32:df:15:39:0c:3f:7b:ae:0c:91:97:43:7a:
                    19:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:BE:48:04:2D:5B:46:D2:AE:C7:51:B0:66:DA:01:A0:C0:7E:BE:F8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c3:92:5e:70:69:ec:aa:f0:3e:3e:8d:28:c7:ae:f3:fb:ae:
         b6:db:56:7d:b6:df:7b:23:ea:1b:c2:14:91:cb:3d:f5:a6:e0:
         d5:59:da:f2:6c:e2:92:51:11:8f:e5:a4:02:c1:41:cd:1d:fd:
         22:3a:f5:13:db:f3:93:f8:62:74:d9:9c:28:de:49:5a:31:91:
         8f:35:1a:42:1e:69:be:d4:1c:dc:32:c5:b2:44:a9:5c:c6:43:
         3e:69:72:12:94:2b:85:f8:ee:04:78:5c:ed:b1:3f:7b:fa:c7:
         7c:c2:87:1c:00:ca:9b:43:41:81:cb:80:3e:ec:a6:99:d3:31:
         78:92:16:94:6e:69:93:48:4f:90:70:a6:11:51:94:b0:8e:58:
         f1:a4:72:35:d7:db:b5:db:3b:1f:04:b0:95:ab:bf:31:6f:e8:
         a5:d7:6b:2f:25:62:dd:cf:af:9a:de:8c:2a:e3:3f:8b:24:43:
         59:c3:13:03:02:65:70:d8:f8:7b:41:55:9b:77:e6:32:e7:dd:
         8b:7e:96:a1:83:b0:c6:e2:ae:ae:52:81:c6:dc:bc:72:6a:d8:
         33:9a:69:73:a8:12:95:6d:64:79:d0:b9:06:07:93:1e:1e:4a:
         5e:44:dc:39:19:87:5e:08:e6:55:c7:ac:ac:3a:e5:3f:26:bf:
         dd:4b:77:37
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdWnbDqPLChg+ErBeExWdDjEk5rwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjQxMDI5MjFaFw0yNjEwMjMxMDM0MjFaMDMxMTAvBgNV
BAMTKENDQkU0ODA0MkQ1QjQ2RDJBRUM3NTFCMDY2REEwMUEwQzA3RUJFRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy6mZUuwI7BC0u7SJLJ/2rZkan
fAJLr3DVi0PvW+8JlTcP0IOPkK+tbxlR6X9sa2KKzrR6xllOUeykXPCb8TNFVIqn
ViPnGRHYx6gCbY7UQ+AQfjfgeNpgnihdXj32RXdozVVcRr54xdts2mmO2AZxSS3G
353VxZBQPJjp1V7mTJkyakXqQBDyPclv+XuUA1m4q730T56xP0uWxzF402MuvQt8
InbuPkazj+C5sOjGE8FgqXrmkYMghOpIahKrHrAUC7s+1YUcRJ6MNVXeDaFOwMYu
YylCMSHt6kfpC9TQbABlWrcNy7Leg2DSGFEsBL3RMt8VOQw/e64MkZdDehnJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzL5IBC1bRtKux1GwZtoBoMB+vvgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABfh7ww
DQYJKoZIhvcNAQELBQADggEBAJrDkl5waeyq8D4+jSjHrvP7rrbbVn2233sj6hvC
FJHLPfWm4NVZ2vJs4pJREY/lpALBQc0d/SI69RPb85P4YnTZnCjeSVoxkY81GkIe
ab7UHNwyxbJEqVzGQz5pchKUK4X47gR4XO2xP3v6x3zChxwAyptDQYHLgD7sppnT
MXiSFpRuaZNIT5BwphFRlLCOWPGkcjXX27XbOx8EsJWrvzFv6KXXay8lYt3Pr5re
jCrjP4skQ1nDEwMCZXDY+HtBVZt35jLn3Yt+lqGDsMbirq5SgcbcvHJq2DOaaXOo
EpVtZHnQuQYHkx4eSl5E3DkZh14I5lXHrKw65T8mv91Ldzc=
-----END CERTIFICATE-----