This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
File:                     AS153923.roa (raw, json)
Hash identifier:          a92NK6BZuYrPF+qYBs89plWRy55BUryHzWDpVOK6I2I=
Subject key identifier:   3F:96:27:13:45:AD:2E:7E:B3:C7:6E:12:EE:3E:7E:7A:EC:BA:86:69
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7920618DF74C2A7A905BD81171251032134CD595
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
Signing time:             Wed 21 Jan 2026 06:18:25 +0000
ROA not before:           Wed 21 Jan 2026 06:13:25 +0000
ROA not after:            Wed 20 Jan 2027 06:18:25 +0000
asID:                     153923
IP address blocks:        143.20.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:20:61:8d:f7:4c:2a:7a:90:5b:d8:11:71:25:10:32:13:4c:d5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 21 06:13:25 2026 GMT
            Not After : Jan 20 06:18:25 2027 GMT
        Subject: CN=3F96271345AD2E7EB3C76E12EE3E7E7AECBA8669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:da:2b:c6:75:80:dd:80:ec:d8:a5:6d:50:ad:
                    57:9e:4a:d0:8d:57:41:91:03:f3:e8:87:27:e5:f1:
                    b3:23:eb:d5:bd:df:17:b1:c9:0a:2d:05:85:6e:45:
                    33:d2:9a:7d:d5:b4:cd:5d:df:40:81:9e:4d:40:a6:
                    38:99:c1:12:f5:59:84:1e:50:8a:1c:78:7c:41:10:
                    0d:60:80:ed:7f:36:41:57:8f:de:aa:09:14:7a:e2:
                    03:b4:a4:52:ad:54:cc:5b:6a:3f:0c:b4:8d:bc:d2:
                    de:19:ef:6a:2f:16:a9:af:22:82:38:74:92:37:40:
                    ad:5c:62:4d:94:15:c7:d4:33:4a:f4:8c:b7:00:97:
                    a6:40:80:4a:bf:2b:05:73:bb:11:5a:6e:b4:53:27:
                    cf:c5:99:16:07:97:c9:88:65:90:15:e0:53:00:a6:
                    4c:d3:43:86:00:a6:7a:55:20:c2:fd:7f:4f:12:72:
                    38:33:f7:32:2c:48:1d:b8:ae:34:90:1b:27:ae:83:
                    c4:b9:d8:74:1a:ff:05:3b:f8:cc:ab:e2:1b:ea:a2:
                    e1:e7:d4:f3:fb:ac:d3:86:4f:5a:f5:43:01:55:c9:
                    86:5e:57:8e:9c:ec:4b:e6:f8:d6:02:3d:b4:13:aa:
                    4c:24:76:85:e6:80:a4:4c:a2:5d:9a:b9:3e:3b:2a:
                    80:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:96:27:13:45:AD:2E:7E:B3:C7:6E:12:EE:3E:7E:7A:EC:BA:86:69
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:eb:a4:25:f7:28:9f:d2:74:41:82:0d:3e:41:5a:eb:e1:70:
         bd:32:d0:01:13:32:b9:46:dd:5b:2d:93:b2:9c:27:93:e9:1e:
         4b:dd:5a:c1:ad:18:4d:43:d8:3e:6b:46:cc:38:33:02:42:e4:
         a3:4f:45:f6:5b:18:fa:23:5f:38:99:60:8e:1e:21:7f:84:58:
         29:a1:9d:7a:34:88:13:04:7a:f8:92:38:d6:14:8d:bf:06:6d:
         c0:4e:bd:01:82:c6:e9:e9:f7:57:b9:b8:31:9d:9f:59:34:2d:
         25:86:76:8d:43:95:5a:bb:8a:70:ab:af:9e:71:71:54:6c:3f:
         b5:c5:d0:7f:2d:23:ad:5c:fd:b8:d6:ae:e0:95:12:93:ab:48:
         b8:54:e2:2a:a6:57:58:fd:d9:ff:f5:c1:d5:dc:c8:23:e4:d1:
         c3:bd:30:9a:e2:9b:39:fd:5d:3d:4d:1a:17:63:52:41:38:2a:
         3e:04:63:b1:bb:95:42:54:c0:90:86:97:c1:49:c0:ea:42:ad:
         dc:6a:b0:5c:5d:52:41:0b:54:a3:03:ff:29:21:07:f8:97:2a:
         53:61:e7:3b:7b:69:62:79:c8:49:4f:e5:24:88:27:0b:ba:85:
         aa:5e:c2:4f:d9:8c:df:54:dc:6e:a2:56:99:44:91:67:da:9d:
         89:b9:47:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeSBhjfdMKnqQW9gRcSUQMhNM1ZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMjEwNjEzMjVaFw0yNzAxMjAwNjE4MjVaMDMxMTAvBgNV
BAMTKDNGOTYyNzEzNDVBRDJFN0VCM0M3NkUxMkVFM0U3RTdBRUNCQTg2NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz2ivGdYDdgOzYpW1QrVeeStCN
V0GRA/Pohyfl8bMj69W93xexyQotBYVuRTPSmn3VtM1d30CBnk1ApjiZwRL1WYQe
UIoceHxBEA1ggO1/NkFXj96qCRR64gO0pFKtVMxbaj8MtI280t4Z72ovFqmvIoI4
dJI3QK1cYk2UFcfUM0r0jLcAl6ZAgEq/KwVzuxFabrRTJ8/FmRYHl8mIZZAV4FMA
pkzTQ4YApnpVIML9f08Scjgz9zIsSB24rjSQGyeug8S52HQa/wU7+Myr4hvqouHn
1PP7rNOGT1r1QwFVyYZeV46c7Evm+NYCPbQTqkwkdoXmgKRMol2auT47KoA9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUP5YnE0WtLn6zx24S7j5+euy6hmkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUzOTIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQX
MA0GCSqGSIb3DQEBCwUAA4IBAQAM66Ql9yif0nRBgg0+QVrr4XC9MtABEzK5Rt1b
LZOynCeT6R5L3VrBrRhNQ9g+a0bMODMCQuSjT0X2Wxj6I184mWCOHiF/hFgpoZ16
NIgTBHr4kjjWFI2/Bm3ATr0Bgsbp6fdXubgxnZ9ZNC0lhnaNQ5Vau4pwq6+ecXFU
bD+1xdB/LSOtXP241q7glRKTq0i4VOIqpldY/dn/9cHV3Mgj5NHDvTCa4ps5/V09
TRoXY1JBOCo+BGOxu5VCVMCQhpfBScDqQq3carBcXVJBC1SjA/8pIQf4lypTYec7
e2liechJT+UkiCcLuoWqXsJP2YzfVNxuolaZRJFn2p2JuUfw
-----END CERTIFICATE-----