This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa
File:                     AS138995.roa (raw, json)
Hash identifier:          CpaXIpS7D2QosGHcQQykgPOjofL2IyWv8bTf8bdwfsA=
Subject key identifier:   5C:21:B3:BA:59:C2:12:4C:AA:EC:B5:C2:09:6E:1C:F0:51:EC:DB:93
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1D5CC56FB0295E1A72CBF7D5157F3981DFE799BC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa
Signing time:             Tue 09 Dec 2025 06:11:28 +0000
ROA not before:           Tue 09 Dec 2025 06:06:28 +0000
ROA not after:            Tue 08 Dec 2026 06:11:28 +0000
asID:                     138995
IP address blocks:        103.214.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 15:46:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:5c:c5:6f:b0:29:5e:1a:72:cb:f7:d5:15:7f:39:81:df:e7:99:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Dec  9 06:06:28 2025 GMT
            Not After : Dec  8 06:11:28 2026 GMT
        Subject: CN=5C21B3BA59C2124CAAECB5C2096E1CF051ECDB93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1b:40:ce:0a:13:35:a8:42:87:27:f5:6f:7c:
                    ef:0f:7a:40:1c:1d:d9:02:0c:43:59:fd:1e:82:7d:
                    fd:0b:63:24:4e:30:f8:6c:ff:dc:35:ef:07:e3:b3:
                    db:49:7d:1d:42:e8:c8:bb:b8:d9:8a:9f:93:66:82:
                    8d:ad:be:4f:f9:b5:f8:3a:ae:6c:61:bb:1d:eb:06:
                    ed:db:42:41:25:33:42:c5:19:9f:53:f1:a8:93:38:
                    cc:5d:99:63:e6:8d:2c:42:2b:a6:66:d8:8b:42:68:
                    07:6d:25:43:e5:ec:ec:9e:eb:86:fc:a6:72:bd:87:
                    fb:06:a1:cb:29:31:ed:1d:b4:79:4c:81:1b:21:72:
                    19:95:4c:4a:7c:de:cd:27:e4:cc:26:05:17:9d:fb:
                    8d:af:d4:a0:fa:a5:11:4c:11:db:af:5e:ae:5c:52:
                    f3:73:ce:0b:9d:b0:39:fe:61:d7:fe:07:cb:0a:9b:
                    35:c3:76:fa:97:82:7f:6c:0b:e6:d0:c2:35:25:82:
                    d0:31:8e:ba:54:e9:32:e6:3f:d1:85:c7:bd:9b:4c:
                    2a:33:bc:9e:ac:d9:5f:e2:d0:0d:9e:eb:c0:89:28:
                    fb:30:62:f5:a6:91:7e:db:20:36:59:72:2d:e9:e4:
                    dd:fa:85:5d:f7:ef:a1:45:88:57:62:3c:10:65:d1:
                    52:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:21:B3:BA:59:C2:12:4C:AA:EC:B5:C2:09:6E:1C:F0:51:EC:DB:93
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:1d:de:2b:7b:c8:fb:ec:7c:dd:6b:b0:df:89:e6:ee:e0:82:
         ed:ed:4c:50:f5:8e:52:3e:ed:ab:27:80:68:2d:f1:ce:35:ff:
         f1:9c:95:9a:b1:de:f2:5e:f7:b9:54:35:e2:e4:92:dc:e2:77:
         58:1d:76:c5:ba:f2:cd:89:4c:1d:35:54:51:35:df:b1:e8:2d:
         c8:f7:e5:cf:f2:15:6c:f2:22:88:40:99:80:67:72:e8:7c:f5:
         92:d7:7d:9d:57:f5:b7:77:e3:bc:cd:d0:5d:0a:d8:f4:45:a8:
         c1:94:e1:78:77:69:07:85:c4:93:66:e1:96:a4:77:41:5f:72:
         e9:65:61:80:14:e4:19:5a:ad:c6:a4:b3:bc:ad:8c:87:86:b5:
         65:dc:9f:42:b1:2f:b9:2c:b7:6b:c9:bb:d0:37:ee:76:f2:8a:
         e6:2e:1d:6f:fb:4e:97:b7:d5:93:19:6c:e4:68:3d:ce:4c:13:
         16:f5:03:91:24:0a:ab:86:83:1f:31:78:21:f0:5f:14:e5:26:
         e6:a0:af:55:55:05:be:f1:3c:e5:69:c0:b5:38:10:a0:40:b3:
         2d:a5:71:fc:a8:26:34:39:b9:5e:bc:08:b3:2b:78:04:51:7a:
         dd:b6:bb:e9:9d:9f:92:d0:43:9b:80:90:72:8f:97:49:d7:96:
         6a:66:4d:fb
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUHVzFb7ApXhpyy/fVFX85gd/nmbwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEyMDkwNjA2MjhaFw0yNjEyMDgwNjExMjhaMDMxMTAvBgNV
BAMTKDVDMjFCM0JBNTlDMjEyNENBQUVDQjVDMjA5NkUxQ0YwNTFFQ0RCOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmG0DOChM1qEKHJ/VvfO8PekAc
HdkCDENZ/R6Cff0LYyROMPhs/9w17wfjs9tJfR1C6Mi7uNmKn5Nmgo2tvk/5tfg6
rmxhux3rBu3bQkElM0LFGZ9T8aiTOMxdmWPmjSxCK6Zm2ItCaAdtJUPl7Oye64b8
pnK9h/sGocspMe0dtHlMgRshchmVTEp83s0n5MwmBRed+42v1KD6pRFMEduvXq5c
UvNzzgudsDn+Ydf+B8sKmzXDdvqXgn9sC+bQwjUlgtAxjrpU6TLmP9GFx72bTCoz
vJ6s2V/i0A2e68CJKPswYvWmkX7bIDZZci3p5N36hV3376FFiFdiPBBl0VJBAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUXCGzulnCEkyq7LXCCW4c8FHs25MwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTM4OTk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ9ZGMA0GCSqGSIb3DQEBCwUAA4IBAQBgHd4re8j7
7Hzda7Dfiebu4ILt7UxQ9Y5SPu2rJ4BoLfHONf/xnJWasd7yXve5VDXi5JLc4ndY
HXbFuvLNiUwdNVRRNd+x6C3I9+XP8hVs8iKIQJmAZ3LofPWS132dV/W3d+O8zdBd
Ctj0RajBlOF4d2kHhcSTZuGWpHdBX3LpZWGAFOQZWq3GpLO8rYyHhrVl3J9CsS+5
LLdrybvQN+528ormLh1v+06Xt9WTGWzkaD3OTBMW9QORJAqrhoMfMXgh8F8U5Sbm
oK9VVQW+8TzlacC1OBCgQLMtpXH8qCY0OblevAizK3gEUXrdtrvpnZ+S0EObgJBy
j5dJ15ZqZk37
-----END CERTIFICATE-----