This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
File:                     AS43350.roa (raw, json)
Hash identifier:          WFQlK5n3uIf/ejhZyFNDpq2yRaWO9zzE/pFPeZgOk1E=
Subject key identifier:   00:ED:46:3F:44:76:8E:25:73:99:EF:80:3F:AE:11:34:55:7B:2F:C8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       573430568AF74841026EF3E4E092E9EDCA06DC94
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
Signing time:             Mon 01 Dec 2025 00:15:21 +0000
ROA not before:           Mon 01 Dec 2025 00:10:21 +0000
ROA not after:            Mon 30 Nov 2026 00:15:21 +0000
asID:                     43350
IP address blocks:        181.41.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:34:30:56:8a:f7:48:41:02:6e:f3:e4:e0:92:e9:ed:ca:06:dc:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  1 00:10:21 2025 GMT
            Not After : Nov 30 00:15:21 2026 GMT
        Subject: CN=00ED463F44768E257399EF803FAE1134557B2FC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:2d:70:d8:66:58:0e:1e:49:52:cb:74:f6:
                    06:05:06:d2:a5:f5:89:ac:7b:ac:53:7a:05:33:9b:
                    93:62:ad:be:de:13:be:d0:71:b4:5b:a3:fb:3a:73:
                    f2:26:65:9b:0f:2a:88:f3:39:ab:c0:27:a0:05:81:
                    98:9e:ff:fc:dc:13:92:2c:d6:a7:1e:f1:9e:9d:67:
                    50:65:6a:33:1a:bc:7c:72:ab:53:cc:aa:0a:fc:92:
                    37:0a:c0:08:d6:4f:1c:d0:bc:d6:59:aa:4c:a1:1f:
                    51:bc:fb:0c:2f:ce:ef:ab:ee:e1:2d:2a:04:a4:fc:
                    e3:65:4c:49:a3:39:e6:3f:e5:b4:8a:62:98:fe:04:
                    46:3d:55:53:07:1b:1e:15:fc:a7:86:3d:f9:3f:53:
                    94:00:d4:b8:74:9b:fa:d4:48:f4:97:99:f3:70:03:
                    ef:c7:31:cb:86:62:63:9e:21:21:4b:af:46:38:3b:
                    4c:d5:b5:d2:e5:a5:01:95:5b:0c:e1:d6:4b:c1:07:
                    24:09:0a:ff:c6:69:68:63:aa:4e:1c:ef:ad:e9:d6:
                    72:6c:4b:06:8d:14:b8:55:8d:88:16:d3:4f:7e:0a:
                    4b:b1:f9:45:83:10:86:5a:eb:96:4f:5a:e0:f4:a8:
                    51:f6:3c:3f:39:21:89:c0:44:cf:62:12:8d:71:cb:
                    f9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:ED:46:3F:44:76:8E:25:73:99:EF:80:3F:AE:11:34:55:7B:2F:C8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:0b:d7:51:3e:20:70:7d:71:e1:7e:d2:cb:6c:e2:6c:3d:b1:
         6c:84:13:14:ca:de:c5:89:c1:59:dc:fd:da:2d:53:cc:57:af:
         8c:5f:cf:e8:15:e8:3d:94:f2:cd:5d:10:fe:60:8a:99:cb:4d:
         10:fa:da:ca:77:25:3c:c0:f1:1f:b5:d8:39:f5:25:c4:ff:eb:
         c3:3c:b1:e5:9d:69:80:87:50:5e:e7:f3:f0:4a:8d:55:a0:3d:
         15:2d:92:a5:91:c8:c1:a2:61:ed:91:80:3b:17:4f:39:d1:8b:
         40:db:b2:db:1f:51:8e:6f:d2:56:5c:2b:b8:2c:ae:4b:e5:95:
         16:f6:b9:b5:ff:0e:07:4f:ca:96:10:73:30:69:2f:96:99:e8:
         de:95:68:6a:9f:03:8e:bb:5a:7e:55:e3:01:81:b6:cb:46:a4:
         1d:91:a1:88:b8:fa:98:e8:ff:19:f1:87:dd:fe:98:ae:ca:be:
         64:a4:96:6e:1c:4f:63:63:1c:69:52:8a:7a:8f:30:bb:42:c0:
         52:56:5d:19:ce:21:c6:a1:76:ec:d6:c0:44:ea:4f:3e:1f:df:
         08:cb:20:f1:9b:55:9a:3c:5f:41:32:e9:56:86:7b:9e:98:2d:
         d7:97:52:89:26:11:27:db:8b:1c:56:df:af:ab:5f:6b:6f:e9:
         76:0a:fb:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVzQwVor3SEECbvPk4JLp7coG3JQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMDEwMDEwMjFaFw0yNjExMzAwMDE1MjFaMDMxMTAvBgNV
BAMTKDAwRUQ0NjNGNDQ3NjhFMjU3Mzk5RUY4MDNGQUUxMTM0NTU3QjJGQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoy1w2GZYDh5JUst09gYFBtKl
9Ymse6xTegUzm5Nirb7eE77QcbRbo/s6c/ImZZsPKojzOavAJ6AFgZie//zcE5Is
1qce8Z6dZ1BlajMavHxyq1PMqgr8kjcKwAjWTxzQvNZZqkyhH1G8+wwvzu+r7uEt
KgSk/ONlTEmjOeY/5bSKYpj+BEY9VVMHGx4V/KeGPfk/U5QA1Lh0m/rUSPSXmfNw
A+/HMcuGYmOeISFLr0Y4O0zVtdLlpQGVWwzh1kvBByQJCv/GaWhjqk4c763p1nJs
SwaNFLhVjYgW009+Ckux+UWDEIZa65ZPWuD0qFH2PD85IYnARM9iEo1xy/n/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAO1GP0R2jiVzme+AP64RNFV7L8gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDMzNTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC1KcIw
DQYJKoZIhvcNAQELBQADggEBAIwL11E+IHB9ceF+0sts4mw9sWyEExTK3sWJwVnc
/dotU8xXr4xfz+gV6D2U8s1dEP5gipnLTRD62sp3JTzA8R+12Dn1JcT/68M8seWd
aYCHUF7n8/BKjVWgPRUtkqWRyMGiYe2RgDsXTznRi0DbstsfUY5v0lZcK7gsrkvl
lRb2ubX/DgdPypYQczBpL5aZ6N6VaGqfA467Wn5V4wGBtstGpB2RoYi4+pjo/xnx
h93+mK7KvmSklm4cT2NjHGlSinqPMLtCwFJWXRnOIcahduzWwETqTz4f3wjLIPGb
VZo8X0Ey6VaGe56YLdeXUokmESfbixxW36+rX2tv6XYK+xg=
-----END CERTIFICATE-----