This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS2914.roa
File:                     AS2914.roa (raw, json)
Hash identifier:          Rkdxa8C7msHlGbsACH4jmnuNdkq6Ce4T9qRDp7D7z+E=
Subject key identifier:   02:0F:DD:0F:BF:34:63:A4:6D:7A:44:B8:7D:15:08:CF:D1:EA:6A:40
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       16AF6E381ACA52FB4A14A57B23DAA21DAD65B01B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS2914.roa
Signing time:             Wed 21 Jan 2026 12:41:02 +0000
ROA not before:           Wed 21 Jan 2026 12:36:02 +0000
ROA not after:            Wed 20 Jan 2027 12:41:02 +0000
asID:                     2914
IP address blocks:        143.20.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 10:40:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:af:6e:38:1a:ca:52:fb:4a:14:a5:7b:23:da:a2:1d:ad:65:b0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 21 12:36:02 2026 GMT
            Not After : Jan 20 12:41:02 2027 GMT
        Subject: CN=020FDD0FBF3463A46D7A44B87D1508CFD1EA6A40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:94:ca:4c:c9:ea:4c:4d:b9:0d:b4:dd:eb:a4:
                    3b:23:50:ec:2b:52:0c:9b:67:7a:e4:60:31:ae:be:
                    c2:30:2c:14:cb:19:c3:ca:35:0a:09:3d:99:cd:78:
                    21:47:5d:ff:f5:8e:59:52:74:31:b4:47:2c:b0:89:
                    f5:f5:4f:d1:0f:af:c9:18:4a:b8:fb:fa:bf:5f:10:
                    99:89:53:70:43:a2:26:ee:4a:0b:4a:4c:04:55:2d:
                    80:57:d8:61:4a:c3:36:38:7b:11:1f:26:ca:1e:20:
                    31:a6:dc:8d:44:2e:9d:86:3b:9a:24:e3:b3:8e:51:
                    53:34:6a:11:ec:f8:e8:89:fc:e5:84:99:e0:a7:73:
                    68:dd:be:5a:bc:3f:67:26:94:cf:32:2b:80:0b:0b:
                    77:6c:a5:6a:f3:3c:cf:85:38:10:42:24:01:80:ee:
                    65:0b:47:ab:03:11:73:0f:5c:02:b9:2e:db:f3:55:
                    1b:d5:d7:70:a8:27:56:7b:36:3f:e2:e7:1a:87:cc:
                    ae:8f:c7:c7:ca:56:04:a4:dd:0d:ef:d8:31:bc:13:
                    56:fd:22:b2:3b:b6:17:4b:27:89:5c:c7:8d:8d:32:
                    e9:d3:b2:12:23:5b:8c:34:b2:0f:d5:81:d1:4d:31:
                    77:b4:e7:6e:ef:1c:ff:bb:79:af:b0:c4:81:a4:f0:
                    c3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0F:DD:0F:BF:34:63:A4:6D:7A:44:B8:7D:15:08:CF:D1:EA:6A:40
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS2914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:40:1d:87:40:44:37:1f:62:08:0f:91:cf:e4:95:da:8d:80:
         7b:9a:49:af:00:52:42:a2:74:d8:1f:98:f3:68:40:bb:79:92:
         e2:99:58:83:dd:7c:a1:5d:4f:af:ba:81:c2:a7:73:bb:30:a6:
         93:d2:77:b8:37:1a:57:58:b1:d1:6f:c2:b5:81:79:8a:c2:ea:
         87:6f:ef:b7:31:aa:e4:92:f2:74:ed:96:f6:12:56:8e:4b:9e:
         22:96:3f:c8:79:34:ab:82:5a:b7:89:fe:dd:92:b5:8a:75:d8:
         9f:9d:c1:00:5e:ca:ff:44:d9:51:1e:fc:ce:fd:06:de:29:11:
         ee:64:b3:fb:8c:7a:c2:5f:df:5d:b8:b4:ed:ea:c4:cd:d8:9c:
         16:37:33:d8:4b:4d:80:4e:31:5e:e8:71:a8:86:4e:e9:3a:30:
         0f:56:07:b6:e0:db:00:36:f5:64:94:08:44:85:62:86:e5:4a:
         c6:a1:49:5c:23:ae:3e:12:3d:dc:07:9e:3f:30:57:3e:a5:41:
         76:3b:dd:58:de:e0:2f:2e:ea:60:9b:91:29:1d:cf:5f:d6:62:
         fb:1f:70:cc:b5:51:cc:61:ab:20:c9:5c:9a:59:e2:44:26:f5:
         a9:c7:8a:d1:fb:2c:4f:1c:a1:69:05:52:61:14:48:e6:05:8c:
         ed:63:11:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUFq9uOBrKUvtKFKV7I9qiHa1lsBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMjExMjM2MDJaFw0yNzAxMjAxMjQxMDJaMDMxMTAvBgNV
BAMTKDAyMEZERDBGQkYzNDYzQTQ2RDdBNDRCODdEMTUwOENGRDFFQTZBNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalMpMyepMTbkNtN3rpDsjUOwr
UgybZ3rkYDGuvsIwLBTLGcPKNQoJPZnNeCFHXf/1jllSdDG0RyywifX1T9EPr8kY
Srj7+r9fEJmJU3BDoibuSgtKTARVLYBX2GFKwzY4exEfJsoeIDGm3I1ELp2GO5ok
47OOUVM0ahHs+OiJ/OWEmeCnc2jdvlq8P2cmlM8yK4ALC3dspWrzPM+FOBBCJAGA
7mULR6sDEXMPXAK5LtvzVRvV13CoJ1Z7Nj/i5xqHzK6Px8fKVgSk3Q3v2DG8E1b9
IrI7thdLJ4lcx42NMunTshIjW4w0sg/VgdFNMXe0527vHP+7ea+wxIGk8MPbAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUAg/dD780Y6RtekS4fRUIz9HqakAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8ULzAN
BgkqhkiG9w0BAQsFAAOCAQEAKUAdh0BENx9iCA+Rz+SV2o2Ae5pJrwBSQqJ02B+Y
82hAu3mS4plYg918oV1Pr7qBwqdzuzCmk9J3uDcaV1ix0W/CtYF5isLqh2/vtzGq
5JLydO2W9hJWjkueIpY/yHk0q4Jat4n+3ZK1inXYn53BAF7K/0TZUR78zv0G3ikR
7mSz+4x6wl/fXbi07erEzdicFjcz2EtNgE4xXuhxqIZO6TowD1YHtuDbADb1ZJQI
RIVihuVKxqFJXCOuPhI93AeePzBXPqVBdjvdWN7gLy7qYJuRKR3PX9Zi+x9wzLVR
zGGrIMlcmlniRCb1qceK0fssTxyhaQVSYRRI5gWM7WMR7g==
-----END CERTIFICATE-----