This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
File:                     AS20771.roa (raw, json)
Hash identifier:          TelSlFyGRxKah39oaZzM+6ZqFG3oF9BEX2cPVrkYvmM=
Subject key identifier:   97:A4:57:1B:2E:CE:9C:B4:9C:FB:19:B2:D5:F3:2D:C3:2D:AF:16:E5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       379D1AACF47F430370BD3D8AEE2E9E21663EC8E1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
Signing time:             Wed 03 Dec 2025 08:55:12 +0000
ROA not before:           Wed 03 Dec 2025 08:50:12 +0000
ROA not after:            Wed 02 Dec 2026 08:55:12 +0000
asID:                     20771
IP address blocks:        109.106.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 22:12:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:9d:1a:ac:f4:7f:43:03:70:bd:3d:8a:ee:2e:9e:21:66:3e:c8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  3 08:50:12 2025 GMT
            Not After : Dec  2 08:55:12 2026 GMT
        Subject: CN=97A4571B2ECE9CB49CFB19B2D5F32DC32DAF16E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:25:37:01:79:4f:0b:39:45:a8:eb:30:1a:74:
                    7a:be:5f:78:e4:06:6c:dd:37:c1:0a:fb:58:df:36:
                    b9:d6:6f:3c:a3:47:c1:c2:b0:61:45:7a:48:98:97:
                    5e:4b:2a:98:17:28:60:b7:78:75:41:9e:68:1e:c9:
                    92:fc:c1:6a:41:ea:63:7b:e8:ec:ef:ca:3e:04:7c:
                    fe:52:fe:b1:8f:36:79:f3:59:96:a3:83:18:74:5b:
                    60:b6:72:a5:4e:cc:94:80:12:d2:d6:d8:a9:8f:ae:
                    14:3a:c6:3c:ae:7c:1e:7d:1a:f9:38:72:94:5c:b0:
                    ac:86:1d:ff:78:fb:70:40:f1:15:1d:98:4c:56:33:
                    a9:5c:6a:51:e8:0f:84:1e:e0:ac:e3:3f:9e:e3:01:
                    39:7c:df:80:ab:c7:cd:e3:8b:93:3f:99:4c:e8:c0:
                    43:7f:6c:c8:9b:c5:66:c9:c8:26:fa:5b:86:7c:dd:
                    57:ae:b4:ba:84:cf:60:70:00:c4:bb:15:30:1c:65:
                    4d:ad:b7:ac:da:db:01:1c:02:96:4d:2d:df:fd:35:
                    03:1e:6b:65:7a:4b:57:2e:00:19:72:9c:d5:a5:b0:
                    9b:0e:74:9e:af:52:9d:43:5e:64:18:ad:81:0f:47:
                    6d:9d:fc:54:02:0a:e6:e3:39:bc:80:1a:ae:2e:6f:
                    a4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A4:57:1B:2E:CE:9C:B4:9C:FB:19:B2:D5:F3:2D:C3:2D:AF:16:E5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:2a:c1:4b:7d:10:1b:3d:b5:af:b1:e0:64:66:36:fd:b8:5e:
         1e:96:d3:ca:7e:bb:e3:07:f2:ca:cf:ff:53:12:fe:52:59:14:
         4c:79:d6:c6:b2:ee:fa:f6:92:56:1c:d5:12:73:45:14:dd:21:
         43:37:6e:97:8f:73:19:0e:8c:33:43:fd:ae:34:38:60:d5:ac:
         fc:56:5a:15:30:22:9f:68:77:5a:04:f7:87:94:bd:95:fc:79:
         a8:61:39:04:d1:69:5a:9a:cb:d8:6e:47:d2:b3:b7:1f:3a:30:
         58:7a:f1:9a:05:b2:c1:31:f3:a6:27:78:b8:d1:ea:d7:1b:0f:
         fa:7a:d9:24:63:10:cb:5f:04:0d:ef:6a:5a:e5:a6:b7:d1:34:
         79:4f:c6:ad:7c:fe:2f:79:90:b4:65:de:ca:5d:2a:ec:db:95:
         db:af:5f:b2:d4:75:65:65:1a:38:03:6d:aa:5b:af:51:58:00:
         b7:38:1d:51:81:9a:79:46:9b:6c:13:7c:66:71:24:fc:3a:90:
         54:4c:f9:83:b4:42:fa:f2:ce:a8:41:e6:5b:28:27:2e:61:93:
         f1:1a:6d:04:62:45:c7:72:8b:33:52:f6:d0:e6:6b:2d:b2:a5:
         5f:a6:d5:7a:40:d9:ca:40:79:d3:e1:89:d9:11:33:7d:12:d1:
         3e:95:57:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUN50arPR/QwNwvT2K7i6eIWY+yOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMDMwODUwMTJaFw0yNjEyMDIwODU1MTJaMDMxMTAvBgNV
BAMTKDk3QTQ1NzFCMkVDRTlDQjQ5Q0ZCMTlCMkQ1RjMyREMzMkRBRjE2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmJTcBeU8LOUWo6zAadHq+X3jk
BmzdN8EK+1jfNrnWbzyjR8HCsGFFekiYl15LKpgXKGC3eHVBnmgeyZL8wWpB6mN7
6Ozvyj4EfP5S/rGPNnnzWZajgxh0W2C2cqVOzJSAEtLW2KmPrhQ6xjyufB59Gvk4
cpRcsKyGHf94+3BA8RUdmExWM6lcalHoD4Qe4KzjP57jATl834Crx83ji5M/mUzo
wEN/bMibxWbJyCb6W4Z83VeutLqEz2BwAMS7FTAcZU2tt6za2wEcApZNLd/9NQMe
a2V6S1cuABlynNWlsJsOdJ6vUp1DXmQYrYEPR22d/FQCCubjObyAGq4ub6S/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUl6RXGy7OnLSc+xmy1fMtwy2vFuUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3NzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtagAw
DQYJKoZIhvcNAQELBQADggEBALMqwUt9EBs9ta+x4GRmNv24Xh6W08p+u+MH8srP
/1MS/lJZFEx51say7vr2klYc1RJzRRTdIUM3bpePcxkOjDND/a40OGDVrPxWWhUw
Ip9od1oE94eUvZX8eahhOQTRaVqay9huR9Kztx86MFh68ZoFssEx86YneLjR6tcb
D/p62SRjEMtfBA3valrlprfRNHlPxq18/i95kLRl3spdKuzblduvX7LUdWVlGjgD
bapbr1FYALc4HVGBmnlGm2wTfGZxJPw6kFRM+YO0QvryzqhB5lsoJy5hk/EabQRi
RcdyizNS9tDmay2ypV+m1XpA2cpAedPhidkRM30S0T6VV0E=
-----END CERTIFICATE-----