This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          7hIBqy+/mgdcmM4cQTiWgx5AiM5GdyCuBVLNkwTjIfU=
Subject key identifier:   94:5B:CB:54:5B:EA:88:0D:F7:53:4E:B4:3F:2B:6C:49:57:30:0A:82
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3A936EF2AFFED15A3284F67149683C446227ACAA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
Signing time:             Fri 23 Jan 2026 18:19:20 +0000
ROA not before:           Fri 23 Jan 2026 18:14:20 +0000
ROA not after:            Fri 22 Jan 2027 18:19:20 +0000
asID:                     57043
IP address blocks:        147.79.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 20:24:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:93:6e:f2:af:fe:d1:5a:32:84:f6:71:49:68:3c:44:62:27:ac:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 23 18:14:20 2026 GMT
            Not After : Jan 22 18:19:20 2027 GMT
        Subject: CN=945BCB545BEA880DF7534EB43F2B6C4957300A82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:c4:b4:19:87:7b:bc:82:18:d1:0c:8e:cd:
                    12:35:2d:ec:fd:a2:65:e2:6e:4d:60:8f:3e:47:38:
                    26:91:25:0b:39:53:ce:ae:f2:3f:9c:e9:c1:71:d5:
                    ba:24:a2:2d:41:04:ed:5d:bf:c9:cc:0e:b2:7d:68:
                    e7:84:52:d9:f1:e2:dc:b3:18:16:c0:3d:fe:67:dc:
                    d3:df:91:43:da:0f:80:0e:85:4b:17:30:6c:bc:76:
                    5d:f4:30:ca:ac:09:bd:e7:c3:5e:4b:32:c7:91:6d:
                    5d:84:ec:55:0d:ea:78:66:1e:3c:96:1c:f6:ea:cc:
                    0d:0c:ff:6f:cc:de:37:90:4c:c4:93:92:2b:6c:74:
                    6f:ab:3f:52:fc:e1:5f:a5:dd:3f:a7:a1:b6:fc:1a:
                    00:33:be:ce:1a:24:79:55:53:59:16:b9:c9:16:74:
                    bf:7a:ee:3a:65:05:97:af:96:ec:a1:67:7f:a5:49:
                    ae:c0:da:8f:c0:3b:48:b9:f5:df:f6:be:83:1b:df:
                    5f:63:24:ca:75:a6:d2:13:e2:0f:06:6e:87:92:15:
                    d0:74:da:d9:dd:6e:61:da:c9:5e:85:41:23:92:16:
                    3c:b1:fb:de:0d:d2:5a:93:f7:3d:af:a5:cc:0c:28:
                    1d:9d:53:a6:3f:c7:a9:42:3e:37:65:bf:1d:bb:c3:
                    72:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5B:CB:54:5B:EA:88:0D:F7:53:4E:B4:3F:2B:6C:49:57:30:0A:82
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:99:0c:80:91:52:76:e7:ec:25:83:b4:fd:22:3e:0c:ce:b9:
         41:6e:9a:28:f9:b0:2b:f0:ed:df:e0:90:c8:4d:27:ed:3d:9a:
         12:b0:13:3f:56:e1:c4:26:ad:dc:da:99:23:66:51:64:bf:78:
         15:b5:7f:e5:26:3d:9f:47:79:81:ba:9b:c7:82:f8:94:c0:e4:
         fb:42:bb:1e:67:93:48:97:43:3c:47:ad:75:0e:80:95:07:d7:
         dc:1f:3b:e9:5f:05:7b:88:6b:50:43:9d:82:c9:61:25:2d:23:
         1b:ef:82:45:f9:e2:12:41:85:57:ac:2a:c5:35:ad:9e:51:7b:
         56:16:77:b2:e7:0a:ca:3d:d7:41:e5:ca:1d:53:28:0f:a7:76:
         aa:cc:2f:33:57:f9:ed:bc:77:f7:7e:a8:8d:c1:0f:db:9c:b5:
         12:da:c6:5d:67:58:c4:16:f9:86:cf:01:bc:65:6d:b4:96:04:
         2f:ef:fb:72:82:5f:b0:3e:ae:33:7b:a2:30:94:49:35:e8:21:
         5c:21:2f:59:36:42:c6:da:c9:83:35:77:eb:32:e8:29:b4:04:
         44:93:e3:28:45:8b:00:41:ea:b5:74:14:5e:19:50:89:d9:7e:
         51:0b:d6:a5:f3:26:4b:97:32:2d:db:83:ca:94:a4:6f:bb:b4:
         be:b0:61:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOpNu8q/+0VoyhPZxSWg8RGInrKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMjMxODE0MjBaFw0yNzAxMjIxODE5MjBaMDMxMTAvBgNV
BAMTKDk0NUJDQjU0NUJFQTg4MERGNzUzNEVCNDNGMkI2QzQ5NTczMDBBODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3y8S0GYd7vIIY0QyOzRI1Lez9
omXibk1gjz5HOCaRJQs5U86u8j+c6cFx1bokoi1BBO1dv8nMDrJ9aOeEUtnx4tyz
GBbAPf5n3NPfkUPaD4AOhUsXMGy8dl30MMqsCb3nw15LMseRbV2E7FUN6nhmHjyW
HPbqzA0M/2/M3jeQTMSTkitsdG+rP1L84V+l3T+nobb8GgAzvs4aJHlVU1kWuckW
dL967jplBZevluyhZ3+lSa7A2o/AO0i59d/2voMb319jJMp1ptIT4g8GboeSFdB0
2tndbmHayV6FQSOSFjyx+94N0lqT9z2vpcwMKB2dU6Y/x6lCPjdlvx27w3IDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUlFvLVFvqiA33U060PytsSVcwCoIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTwgw
DQYJKoZIhvcNAQELBQADggEBAAiZDICRUnbn7CWDtP0iPgzOuUFumij5sCvw7d/g
kMhNJ+09mhKwEz9W4cQmrdzamSNmUWS/eBW1f+UmPZ9HeYG6m8eC+JTA5PtCux5n
k0iXQzxHrXUOgJUH19wfO+lfBXuIa1BDnYLJYSUtIxvvgkX54hJBhVesKsU1rZ5R
e1YWd7LnCso910Hlyh1TKA+ndqrMLzNX+e28d/d+qI3BD9uctRLaxl1nWMQW+YbP
AbxlbbSWBC/v+3KCX7A+rjN7ojCUSTXoIVwhL1k2QsbayYM1d+sy6Cm0BEST4yhF
iwBB6rV0FF4ZUInZflEL1qXzJkuXMi3bg8qUpG+7tL6wYbo=
-----END CERTIFICATE-----