This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          ZjPHadG7aYOtc2d16huxO+5E82cGJ6ZcmlyYnUKmbug=
Subject key identifier:   12:FC:AE:E3:88:A7:13:10:51:49:B3:2D:0B:6E:BB:9E:8F:A5:D7:CF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       71944603C936CBC8CDD7D68C6F471556AB2EF728
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
Signing time:             Tue 25 Nov 2025 16:00:17 +0000
ROA not before:           Tue 25 Nov 2025 15:55:17 +0000
ROA not after:            Tue 24 Nov 2026 16:00:17 +0000
asID:                     214677
IP address blocks:        143.20.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:94:46:03:c9:36:cb:c8:cd:d7:d6:8c:6f:47:15:56:ab:2e:f7:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov 25 15:55:17 2025 GMT
            Not After : Nov 24 16:00:17 2026 GMT
        Subject: CN=12FCAEE388A713105149B32D0B6EBB9E8FA5D7CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:4b:95:23:bc:86:e4:a2:11:f3:4c:2d:a0:96:
                    0d:54:f7:11:2e:f3:3a:37:34:dc:ae:e6:83:99:22:
                    63:e6:40:45:6e:fb:d7:0b:5b:c3:7f:48:97:e6:8e:
                    33:ab:8e:0a:25:a7:da:30:e3:c5:f8:f7:e0:a4:f2:
                    85:3e:27:ca:3d:10:55:eb:fe:d8:5b:44:80:59:c2:
                    e2:d6:63:12:e0:15:05:9f:ec:bd:67:c7:4e:91:ef:
                    03:60:a4:5f:17:41:ff:1d:1c:fe:1c:72:53:22:a0:
                    3c:f2:27:ad:d8:95:0d:64:eb:82:f2:f2:06:42:63:
                    0e:77:70:ef:e9:bc:e4:2b:26:e7:67:ca:10:cd:50:
                    ba:a0:76:3b:9c:65:5d:a3:2d:50:eb:f4:d7:06:7b:
                    79:e1:ce:95:36:0f:a9:3e:21:1f:c3:39:e9:cd:c5:
                    68:52:41:c1:9e:67:c3:2f:e2:de:02:56:26:9a:dc:
                    9b:3f:02:8a:22:36:05:01:2b:0b:19:d0:2c:20:1a:
                    3d:dc:82:1c:d2:92:68:1f:22:b9:b6:d6:b6:e9:a6:
                    d4:68:3b:02:37:da:8f:cc:6d:fd:2e:0d:53:d5:7f:
                    9c:47:90:00:06:40:39:75:c6:86:da:4e:1b:7e:8d:
                    05:9d:2d:78:21:41:82:a3:36:4f:dd:f9:70:9e:4e:
                    67:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FC:AE:E3:88:A7:13:10:51:49:B3:2D:0B:6E:BB:9E:8F:A5:D7:CF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:46:bd:cf:46:81:08:51:00:e3:65:d5:42:84:48:16:11:1a:
         9e:74:c0:46:66:5f:04:8c:db:85:98:a8:76:2a:2f:3a:57:f0:
         34:58:68:23:b3:01:5f:8f:8f:fb:55:22:4a:ca:0d:01:85:a9:
         56:a5:80:18:30:42:51:c2:e4:2c:05:54:2a:ea:37:d7:e7:c6:
         22:85:b0:39:74:33:a9:7f:aa:a5:81:2e:f4:36:d2:97:6c:f6:
         90:af:61:8e:0e:e5:6a:fc:73:e7:22:cd:47:47:6e:35:cf:30:
         bd:d3:ff:d0:38:bf:11:94:9f:9a:a5:eb:8a:e2:56:e1:00:59:
         d1:51:34:4a:e1:50:80:07:3d:6d:82:13:f3:86:e6:94:8e:9d:
         b1:98:cf:7e:8e:07:8d:b2:96:07:77:03:65:07:ce:7e:2a:e1:
         e5:55:fe:d8:99:41:30:07:f6:f0:0a:75:a7:a6:a2:38:94:9a:
         20:09:95:db:c6:e6:e7:e0:33:d4:00:b7:0c:0f:1c:92:51:be:
         fe:b4:01:80:36:ec:62:2e:07:c1:76:22:44:57:f4:aa:1b:6e:
         a3:20:5f:31:ca:3e:83:aa:fe:95:90:06:27:bf:1c:22:b1:d8:
         39:b3:12:5f:9c:6c:22:d7:0b:ea:b7:c6:b9:58:4e:6d:cd:f3:
         12:56:cb:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcZRGA8k2y8jN19aMb0cVVqsu9ygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMjUxNTU1MTdaFw0yNjExMjQxNjAwMTdaMDMxMTAvBgNV
BAMTKDEyRkNBRUUzODhBNzEzMTA1MTQ5QjMyRDBCNkVCQjlFOEZBNUQ3Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjS5UjvIbkohHzTC2glg1U9xEu
8zo3NNyu5oOZImPmQEVu+9cLW8N/SJfmjjOrjgolp9ow48X49+Ck8oU+J8o9EFXr
/thbRIBZwuLWYxLgFQWf7L1nx06R7wNgpF8XQf8dHP4cclMioDzyJ63YlQ1k64Ly
8gZCYw53cO/pvOQrJudnyhDNULqgdjucZV2jLVDr9NcGe3nhzpU2D6k+IR/DOenN
xWhSQcGeZ8Mv4t4CViaa3Js/AooiNgUBKwsZ0CwgGj3cghzSkmgfIrm21rbpptRo
OwI32o/Mbf0uDVPVf5xHkAAGQDl1xobaTht+jQWdLXghQYKjNk/d+XCeTmfBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEvyu44inExBRSbMtC267no+l188wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRP
MA0GCSqGSIb3DQEBCwUAA4IBAQDFRr3PRoEIUQDjZdVChEgWERqedMBGZl8EjNuF
mKh2Ki86V/A0WGgjswFfj4/7VSJKyg0BhalWpYAYMEJRwuQsBVQq6jfX58YihbA5
dDOpf6qlgS70NtKXbPaQr2GODuVq/HPnIs1HR241zzC90//QOL8RlJ+apeuK4lbh
AFnRUTRK4VCABz1tghPzhuaUjp2xmM9+jgeNspYHdwNlB85+KuHlVf7YmUEwB/bw
CnWnpqI4lJogCZXbxubn4DPUALcMDxySUb7+tAGANuxiLgfBdiJEV/SqG26jIF8x
yj6Dqv6VkAYnvxwisdg5sxJfnGwi1wvqt8a5WE5tzfMSVsvj
-----END CERTIFICATE-----