This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          Q6+hAQdjcQEatLjBdTRCFhOtM718FW9UeOxfU9Ol4CQ=
Subject key identifier:   6D:D5:F7:12:B9:B3:CF:68:05:C4:1B:F9:E8:9E:14:E2:DB:6E:96:E1
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1817D97E5981C1DFA83FCF580FD2455D9F84B1DD
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa
Signing time:             Thu 13 Nov 2025 02:15:45 +0000
ROA not before:           Thu 13 Nov 2025 02:10:45 +0000
ROA not after:            Thu 12 Nov 2026 02:15:45 +0000
asID:                     21859
IP address blocks:        141.11.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 03:28:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:17:d9:7e:59:81:c1:df:a8:3f:cf:58:0f:d2:45:5d:9f:84:b1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov 13 02:10:45 2025 GMT
            Not After : Nov 12 02:15:45 2026 GMT
        Subject: CN=6DD5F712B9B3CF6805C41BF9E89E14E2DB6E96E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:72:a4:07:0d:b6:cb:be:36:15:4a:be:3a:68:
                    b5:3c:b9:c9:3d:14:49:42:63:22:f6:4a:ff:58:99:
                    86:a6:3a:6d:c2:c2:45:27:fa:8a:b5:50:11:2e:1d:
                    27:10:bc:73:86:8e:2c:2f:f7:8d:99:3a:04:5e:b1:
                    97:47:82:4c:9a:50:78:3a:46:41:28:5a:5f:d6:f0:
                    07:bd:4d:cc:a2:c6:52:65:af:ca:7c:a9:26:82:98:
                    69:03:65:d6:05:f0:f8:ff:89:68:c2:67:9d:12:4e:
                    dd:9d:75:dd:49:db:4c:d6:8f:e4:3d:3b:1d:0f:83:
                    0d:aa:17:e6:b8:dc:ea:6e:b1:33:61:41:46:a3:92:
                    24:55:96:7d:74:e7:d6:e7:e3:39:52:cb:49:3a:b8:
                    b9:78:89:bd:14:bc:36:5a:86:bb:56:ba:15:82:90:
                    2d:42:97:97:0d:27:7d:b9:a1:4e:9a:e6:1c:83:13:
                    bf:f0:a7:2a:55:2c:d5:5a:b5:1c:84:c9:6c:06:f3:
                    58:23:eb:28:b6:41:18:76:f5:59:f3:64:3a:4b:65:
                    11:e2:83:00:80:58:a6:a9:13:cd:a7:d8:41:75:46:
                    ae:ab:0d:73:20:15:2d:00:15:71:c1:b4:15:a4:1f:
                    9e:f2:02:ca:ae:35:36:89:e6:3e:5d:63:61:8f:b3:
                    45:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D5:F7:12:B9:B3:CF:68:05:C4:1B:F9:E8:9E:14:E2:DB:6E:96:E1
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2c:43:14:e5:c0:38:4b:f0:7e:14:86:1d:4b:d3:6a:24:6d:
         f9:1d:7a:ac:61:fe:a4:b2:af:b6:34:b6:38:ae:dc:7e:0b:ff:
         d5:3c:0c:81:db:73:e5:98:99:65:7b:7e:d0:07:c3:ce:33:9f:
         ad:69:33:b4:e7:83:62:a8:75:5a:c9:52:b9:0b:fe:3a:21:6d:
         81:35:8a:8d:b3:78:07:5f:86:f9:d6:c8:1d:5a:c0:a9:84:ae:
         88:7d:9c:d5:8e:93:75:62:20:f5:1e:73:52:ab:fb:14:3a:40:
         14:c5:14:d3:96:fd:9b:04:1a:af:5f:98:14:bd:d0:75:6d:9d:
         9a:ba:f1:0d:55:92:26:5c:fb:3e:30:4e:d4:a3:d0:b2:a0:b6:
         67:b9:b7:77:0d:8f:d4:d6:0a:8f:e8:9f:2f:28:90:85:e4:17:
         30:97:dd:23:66:7f:4a:b3:45:fd:05:2c:ad:2b:d0:f9:4f:d0:
         d3:7c:42:8f:7d:bd:5a:81:c9:10:9e:ae:90:c7:e9:64:1d:c9:
         a4:96:77:69:6f:81:42:bc:40:87:76:43:b4:c8:52:7e:03:45:
         44:b0:5b:2b:5b:25:83:f1:54:97:1e:a3:e9:0f:4e:9d:c7:d1:
         44:61:33:df:a0:ae:85:0b:60:a0:f6:ab:87:5f:5e:ea:0c:44:
         49:94:ab:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGBfZflmBwd+oP89YD9JFXZ+Esd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTExMTMwMjEwNDVaFw0yNjExMTIwMjE1NDVaMDMxMTAvBgNV
BAMTKDZERDVGNzEyQjlCM0NGNjgwNUM0MUJGOUU4OUUxNEUyREI2RTk2RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cqQHDbbLvjYVSr46aLU8uck9
FElCYyL2Sv9YmYamOm3CwkUn+oq1UBEuHScQvHOGjiwv942ZOgResZdHgkyaUHg6
RkEoWl/W8Ae9TcyixlJlr8p8qSaCmGkDZdYF8Pj/iWjCZ50STt2ddd1J20zWj+Q9
Ox0Pgw2qF+a43OpusTNhQUajkiRVln1059bn4zlSy0k6uLl4ib0UvDZahrtWuhWC
kC1Cl5cNJ325oU6a5hyDE7/wpypVLNVatRyEyWwG81gj6yi2QRh29VnzZDpLZRHi
gwCAWKapE82n2EF1Rq6rDXMgFS0AFXHBtBWkH57yAsquNTaJ5j5dY2GPs0VjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUbdX3Ermzz2gFxBv56J4U4ttuluEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC3Uw
DQYJKoZIhvcNAQELBQADggEBABAsQxTlwDhL8H4Uhh1L02okbfkdeqxh/qSyr7Y0
tjiu3H4L/9U8DIHbc+WYmWV7ftAHw84zn61pM7Tng2KodVrJUrkL/johbYE1io2z
eAdfhvnWyB1awKmEroh9nNWOk3ViIPUec1Kr+xQ6QBTFFNOW/ZsEGq9fmBS90HVt
nZq68Q1VkiZc+z4wTtSj0LKgtme5t3cNj9TWCo/ony8okIXkFzCX3SNmf0qzRf0F
LK0r0PlP0NN8Qo99vVqByRCerpDH6WQdyaSWd2lvgUK8QId2Q7TIUn4DRUSwWytb
JYPxVJceo+kPTp3H0URhM9+groULYKD2q4dfXuoMREmUq8Y=
-----END CERTIFICATE-----