This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          oK7QDipfcQV0b1QRjZ3G15GxtuINmRgaJ505dnzskRU=
Subject key identifier:   08:25:C7:48:30:FD:3E:AB:A1:81:96:E0:8B:D8:5A:D4:85:BA:69:25
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0380FA8D55793CED5075E8D6EA1A3FB1836A0D60
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Sun 14 Dec 2025 10:04:27 +0000
ROA not before:           Sun 14 Dec 2025 09:59:27 +0000
ROA not after:            Sun 13 Dec 2026 10:04:27 +0000
asID:                     834
IP address blocks:        91.198.123.0/24 maxlen: 24
                          193.29.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Dec 2025 05:16:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:80:fa:8d:55:79:3c:ed:50:75:e8:d6:ea:1a:3f:b1:83:6a:0d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 14 09:59:27 2025 GMT
            Not After : Dec 13 10:04:27 2026 GMT
        Subject: CN=0825C74830FD3EABA18196E08BD85AD485BA6925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:91:5d:8d:65:ef:b4:bc:29:15:4f:bd:ed:
                    80:6e:04:cf:c2:48:a8:de:d4:bd:f6:a7:93:4e:a3:
                    75:8c:aa:5c:b2:c2:88:e2:3c:73:8d:25:78:86:4e:
                    3a:e5:be:e0:ba:37:f3:4f:6f:ee:83:06:48:08:6c:
                    07:ea:41:22:e2:ac:7d:17:da:b3:eb:b2:f1:29:55:
                    28:e7:6a:80:ab:97:10:fc:79:6d:a4:97:9d:e6:aa:
                    ff:79:81:43:3e:fe:ef:6e:56:d4:d7:34:4b:00:1b:
                    ad:57:30:70:65:2f:e5:70:4f:36:42:65:37:6e:27:
                    a2:ff:84:a8:c6:0e:59:ab:0a:9d:f5:0b:ab:bd:b7:
                    99:cb:e3:72:06:c1:fe:ea:be:72:14:fa:a1:f9:2f:
                    d7:cb:05:df:3c:f9:2d:cb:25:5a:23:8b:34:3a:b4:
                    d6:4e:f3:13:46:e0:08:12:c7:8f:e8:8a:bc:93:24:
                    15:13:26:06:bd:4f:5b:91:21:3a:db:a9:ff:74:a9:
                    93:b7:14:ca:ac:7b:c2:9d:f8:5e:38:1f:f7:e1:aa:
                    d5:35:b5:d2:9a:0e:13:b5:cc:45:a6:9d:32:b1:de:
                    64:56:80:3f:15:33:43:3e:61:04:0d:70:5f:e4:b3:
                    bc:2e:4f:20:33:fb:49:f7:dc:a6:3d:12:b2:59:7b:
                    ef:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:25:C7:48:30:FD:3E:AB:A1:81:96:E0:8B:D8:5A:D4:85:BA:69:25
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.123.0/24
                  193.29.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:68:01:b8:c2:66:65:a7:2c:f2:92:38:22:ef:3c:12:a4:70:
         32:d3:06:67:d6:65:a4:86:33:2f:2a:98:21:44:9e:a4:ef:69:
         81:57:96:53:07:f7:66:bc:a7:5e:c4:05:68:6c:42:bb:2b:8e:
         43:9f:6c:0f:b8:d0:80:c7:95:37:8b:25:22:0f:d6:ca:2d:5e:
         1f:31:05:e4:02:c4:65:f4:ec:b6:84:24:c1:d3:93:a7:b4:5c:
         a6:19:eb:b4:c9:56:77:45:96:50:d6:75:8c:a9:c9:b6:d2:59:
         4a:37:ab:50:07:86:c9:dd:7f:39:75:1a:2b:68:7f:f9:37:23:
         2b:ae:e2:0b:c0:bb:cc:8c:c3:6c:57:3b:91:e8:86:5c:9a:fa:
         e9:87:68:84:73:16:6b:66:ba:23:8a:61:bd:e8:70:69:15:5b:
         da:81:a0:97:45:25:0e:00:92:3b:2a:5a:8b:16:e1:05:70:db:
         de:c2:44:54:67:47:b1:68:9f:f5:85:57:fa:a6:be:e3:76:5e:
         76:81:92:9a:b6:7a:6f:15:3c:79:89:90:b6:8c:c4:a3:8c:c9:
         ac:e8:c9:d6:c8:3a:f8:86:d7:ae:6a:0b:45:59:32:61:e3:e0:
         e3:4c:db:a9:6b:03:4d:12:90:19:9c:5b:75:d2:0d:ed:e6:71:
         6a:8e:3f:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUA4D6jVV5PO1QdejW6ho/sYNqDWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMTQwOTU5MjdaFw0yNjEyMTMxMDA0MjdaMDMxMTAvBgNV
BAMTKDA4MjVDNzQ4MzBGRDNFQUJBMTgxOTZFMDhCRDg1QUQ0ODVCQTY5MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0TpFdjWXvtLwpFU+97YBuBM/C
SKje1L32p5NOo3WMqlyywojiPHONJXiGTjrlvuC6N/NPb+6DBkgIbAfqQSLirH0X
2rPrsvEpVSjnaoCrlxD8eW2kl53mqv95gUM+/u9uVtTXNEsAG61XMHBlL+VwTzZC
ZTduJ6L/hKjGDlmrCp31C6u9t5nL43IGwf7qvnIU+qH5L9fLBd88+S3LJVojizQ6
tNZO8xNG4AgSx4/oiryTJBUTJga9T1uRITrbqf90qZO3FMqse8Kd+F44H/fhqtU1
tdKaDhO1zEWmnTKx3mRWgD8VM0M+YQQNcF/ks7wuTyAz+0n33KY9ErJZe+9bAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCCXHSDD9PquhgZbgi9ha1IW6aSUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8Z7AwQA
wR1iMA0GCSqGSIb3DQEBCwUAA4IBAQA+aAG4wmZlpyzykjgi7zwSpHAy0wZn1mWk
hjMvKpghRJ6k72mBV5ZTB/dmvKdexAVobEK7K45Dn2wPuNCAx5U3iyUiD9bKLV4f
MQXkAsRl9Oy2hCTB05OntFymGeu0yVZ3RZZQ1nWMqcm20llKN6tQB4bJ3X85dRor
aH/5NyMrruILwLvMjMNsVzuR6IZcmvrph2iEcxZrZrojimG96HBpFVvagaCXRSUO
AJI7KlqLFuEFcNvewkRUZ0exaJ/1hVf6pr7jdl52gZKatnpvFTx5iZC2jMSjjMms
6MnWyDr4hteuagtFWTJh4+DjTNupawNNEpAZnFt10g3t5nFqjj9R
-----END CERTIFICATE-----