This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
File:                     AS21859.roa (raw, json)
Hash identifier:          MZ7sVhaRAO4UVZoxZGY1uumh+ajZClcfaoprl1AErdQ=
Subject key identifier:   CC:25:91:40:E7:54:8C:26:CC:92:00:DC:58:86:C6:0C:42:86:25:F9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       11577094BFCD603D97D7A69A6091A709BDA3371E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
Signing time:             Thu 27 Nov 2025 05:35:34 +0000
ROA not before:           Thu 27 Nov 2025 05:30:34 +0000
ROA not after:            Thu 26 Nov 2026 05:35:34 +0000
asID:                     21859
IP address blocks:        143.20.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 10:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:57:70:94:bf:cd:60:3d:97:d7:a6:9a:60:91:a7:09:bd:a3:37:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov 27 05:30:34 2025 GMT
            Not After : Nov 26 05:35:34 2026 GMT
        Subject: CN=CC259140E7548C26CC9200DC5886C60C428625F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5a:3a:8d:de:3d:93:8e:f1:26:ee:55:6d:59:
                    16:b1:7d:aa:e3:ea:66:97:63:67:e5:46:59:d1:ac:
                    b2:53:f3:9a:52:a9:aa:31:3f:2a:94:be:0c:22:93:
                    12:d8:6d:ce:db:e8:44:99:69:46:f1:54:ab:ce:cd:
                    cd:98:7b:53:ee:43:ec:2f:84:7e:85:0f:36:8d:9e:
                    b8:c7:50:3e:38:c3:9a:8c:1b:a2:08:6c:9e:05:1a:
                    82:bb:e2:76:6c:1a:16:f6:11:bc:59:3f:95:8e:70:
                    d7:3c:b1:c2:66:4b:62:1c:61:9f:ad:75:36:b6:f1:
                    7a:c1:1a:47:c7:af:00:34:41:2c:61:60:61:dc:ed:
                    99:e3:7c:60:95:63:16:93:0f:c5:12:10:cf:82:c4:
                    55:cd:82:da:48:7a:f4:4e:d7:39:cb:85:9f:43:eb:
                    a6:f5:c4:3f:59:1e:65:73:2b:ef:4a:e2:1f:00:29:
                    eb:16:a2:a3:b5:0e:4a:df:11:a8:f4:70:84:1f:b1:
                    72:38:71:0a:02:53:84:cb:7c:07:de:a3:67:af:f3:
                    e0:6e:52:e5:02:68:f9:4b:15:46:ea:d9:e0:52:3b:
                    4a:b4:9c:cd:90:08:01:db:70:ba:e9:02:e2:a5:f7:
                    7e:a3:6f:53:e0:a9:19:e5:40:d8:b0:5b:fb:33:b1:
                    86:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:25:91:40:E7:54:8C:26:CC:92:00:DC:58:86:C6:0C:42:86:25:F9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:c1:d1:b1:d1:38:44:ba:b3:50:84:fb:84:a8:11:c3:6d:17:
         6a:94:7f:1b:c9:02:eb:37:33:f4:73:0d:45:5a:9b:2c:5d:79:
         cd:2c:b2:7f:8b:41:c0:b4:15:29:dc:fa:b7:2d:98:dc:86:10:
         f1:71:3d:30:94:c3:35:0e:e3:97:59:e1:9e:36:26:f4:93:aa:
         c2:1a:6c:e8:a5:5a:7a:8c:2d:61:cf:d0:a5:a9:60:29:d8:ad:
         62:d1:12:6a:7a:68:e1:ca:d1:f0:19:5c:6a:a5:22:da:b5:82:
         2a:5d:32:95:3b:db:fd:30:3b:94:0c:db:c4:4d:8d:ab:77:34:
         de:70:90:fe:b3:ee:41:d5:7f:96:36:21:5d:73:dd:8d:fb:98:
         94:6c:4b:8e:5b:f7:bd:1e:ea:5a:44:27:10:2c:b1:16:86:23:
         07:35:12:69:93:fc:64:59:e2:d3:21:c9:1a:e3:de:2a:10:5a:
         b6:8e:2b:12:b1:67:96:ea:b1:83:78:93:1a:5d:e3:90:f9:cb:
         f5:f8:c5:f9:ee:5f:49:21:c3:20:2e:60:17:c9:dc:31:c5:b9:
         1a:9f:2c:e4:3f:8c:32:38:bb:64:54:be:15:4c:af:88:a9:36:
         b5:21:16:8e:95:4e:a1:86:07:77:13:3f:ac:ad:f2:4b:f9:b0:
         72:a4:18:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEVdwlL/NYD2X16aaYJGnCb2jNx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMjcwNTMwMzRaFw0yNjExMjYwNTM1MzRaMDMxMTAvBgNV
BAMTKENDMjU5MTQwRTc1NDhDMjZDQzkyMDBEQzU4ODZDNjBDNDI4NjI1RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPWjqN3j2TjvEm7lVtWRaxfarj
6maXY2flRlnRrLJT85pSqaoxPyqUvgwikxLYbc7b6ESZaUbxVKvOzc2Ye1PuQ+wv
hH6FDzaNnrjHUD44w5qMG6IIbJ4FGoK74nZsGhb2EbxZP5WOcNc8scJmS2IcYZ+t
dTa28XrBGkfHrwA0QSxhYGHc7ZnjfGCVYxaTD8USEM+CxFXNgtpIevRO1znLhZ9D
66b1xD9ZHmVzK+9K4h8AKesWoqO1DkrfEaj0cIQfsXI4cQoCU4TLfAfeo2ev8+Bu
UuUCaPlLFUbq2eBSO0q0nM2QCAHbcLrpAuKl936jb1PgqRnlQNiwW/szsYZ1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzCWRQOdUjCbMkgDcWIbGDEKGJfkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFA0w
DQYJKoZIhvcNAQELBQADggEBAKrB0bHROES6s1CE+4SoEcNtF2qUfxvJAus3M/Rz
DUVamyxdec0ssn+LQcC0FSnc+rctmNyGEPFxPTCUwzUO45dZ4Z42JvSTqsIabOil
WnqMLWHP0KWpYCnYrWLREmp6aOHK0fAZXGqlItq1gipdMpU72/0wO5QM28RNjat3
NN5wkP6z7kHVf5Y2IV1z3Y37mJRsS45b970e6lpEJxAssRaGIwc1EmmT/GRZ4tMh
yRrj3ioQWraOKxKxZ5bqsYN4kxpd45D5y/X4xfnuX0khwyAuYBfJ3DHFuRqfLOQ/
jDI4u2RUvhVMr4ipNrUhFo6VTqGGB3cTP6yt8kv5sHKkGPo=
-----END CERTIFICATE-----