This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
File:                     AS13627.roa (raw, json)
Hash identifier:          RfdHNHzsv9yEiQI4p7tl+WylpGc1iBXwtD2P2Mp2+Bk=
Subject key identifier:   9C:4E:FD:6B:48:73:98:52:70:C8:BC:24:E6:6D:C0:A4:C2:B7:F1:B5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1CC028F6F3C902AD069B4FA8CD3CDF929782AF9B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
Signing time:             Thu 11 Dec 2025 08:24:23 +0000
ROA not before:           Thu 11 Dec 2025 08:19:23 +0000
ROA not after:            Thu 10 Dec 2026 08:24:23 +0000
asID:                     13627
IP address blocks:        185.137.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c0:28:f6:f3:c9:02:ad:06:9b:4f:a8:cd:3c:df:92:97:82:af:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 11 08:19:23 2025 GMT
            Not After : Dec 10 08:24:23 2026 GMT
        Subject: CN=9C4EFD6B4873985270C8BC24E66DC0A4C2B7F1B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:21:9c:95:c1:3c:4a:43:f8:6f:d1:2c:ea:09:
                    63:2f:6e:ca:e4:06:2c:1b:f3:65:9f:a7:e8:5a:01:
                    f2:3c:ce:17:11:ea:64:52:e1:86:37:9b:cc:29:06:
                    94:9f:2e:c6:31:5a:38:a5:ce:73:5d:d5:33:31:e7:
                    ad:57:97:a8:a0:85:35:84:19:df:95:65:8b:7e:75:
                    1f:93:53:92:a0:b7:c2:b9:78:ef:53:1e:d5:27:de:
                    e8:70:69:f9:41:93:6e:69:2f:ff:51:80:93:8a:ed:
                    87:d8:6f:e8:02:97:ad:68:40:e9:15:b3:15:92:1b:
                    da:82:0c:a8:59:3e:e6:95:49:bc:3c:88:12:87:91:
                    42:fe:f7:17:57:0f:93:a3:b2:ac:2a:df:4f:97:74:
                    51:f8:63:c3:89:9b:0f:6a:d2:52:e6:2a:a2:76:1e:
                    a4:13:ee:90:09:65:c3:3b:06:7e:12:63:ce:ab:3b:
                    16:fd:5a:70:2c:cc:95:54:08:43:77:ce:76:9a:20:
                    8a:9a:fd:38:99:27:b1:63:c7:f0:92:9c:56:22:a6:
                    f9:07:cd:7a:ae:10:77:10:b3:56:34:29:cb:ee:e2:
                    65:18:1b:0d:f5:2c:d7:a7:2e:d9:e6:99:63:86:00:
                    49:d7:5c:08:25:66:e1:23:f4:51:30:15:ba:80:97:
                    fd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4E:FD:6B:48:73:98:52:70:C8:BC:24:E6:6D:C0:A4:C2:B7:F1:B5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:fb:74:b0:9f:c1:10:97:0b:7f:82:5f:58:aa:5a:4a:a4:a9:
         7a:ab:c7:dd:b9:dc:94:a0:d2:03:71:e5:62:0e:36:1b:5c:ff:
         3c:52:b2:a0:80:54:9b:8d:ec:b3:c2:c5:1f:2e:4c:e6:b8:e6:
         6f:a5:84:1f:03:eb:cb:ef:8c:6e:3d:fd:4a:20:fc:93:19:7e:
         f5:80:2b:aa:c5:22:6e:39:d5:7f:ef:ad:af:c1:eb:00:be:29:
         f8:20:43:e0:8c:01:c0:c4:a4:8f:4d:96:1d:be:09:a9:5f:ef:
         78:e0:be:bb:6d:94:f4:65:b1:9b:2b:5f:c9:e7:55:db:d9:b3:
         6a:43:50:4b:a6:9b:77:74:c6:b2:83:5e:b0:e2:7a:2e:55:3f:
         e5:01:0c:ab:bd:b4:cf:d0:98:c9:12:92:82:09:b7:93:96:9e:
         15:62:8c:1e:0d:94:e2:64:43:f0:a0:7a:57:df:70:1b:50:4c:
         35:1b:28:c3:66:20:ed:7c:a5:e3:bd:ca:a1:3c:b5:d8:5a:68:
         da:61:fb:98:6e:03:f8:7d:04:b4:0e:7e:61:d0:59:f0:5c:d2:
         fd:43:8f:c2:3c:33:64:36:45:de:db:86:39:f0:d1:52:ea:21:
         f5:4e:52:79:c9:d9:f1:a3:ce:bb:40:b6:20:e6:1a:3e:09:f7:
         0d:c7:01:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUHMAo9vPJAq0Gm0+ozTzfkpeCr5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMTEwODE5MjNaFw0yNjEyMTAwODI0MjNaMDMxMTAvBgNV
BAMTKDlDNEVGRDZCNDg3Mzk4NTI3MEM4QkMyNEU2NkRDMEE0QzJCN0YxQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWIZyVwTxKQ/hv0SzqCWMvbsrk
Biwb82Wfp+haAfI8zhcR6mRS4YY3m8wpBpSfLsYxWjilznNd1TMx561Xl6ighTWE
Gd+VZYt+dR+TU5Kgt8K5eO9THtUn3uhwaflBk25pL/9RgJOK7YfYb+gCl61oQOkV
sxWSG9qCDKhZPuaVSbw8iBKHkUL+9xdXD5Ojsqwq30+XdFH4Y8OJmw9q0lLmKqJ2
HqQT7pAJZcM7Bn4SY86rOxb9WnAszJVUCEN3znaaIIqa/TiZJ7Fjx/CSnFYipvkH
zXquEHcQs1Y0Kcvu4mUYGw31LNenLtnmmWOGAEnXXAglZuEj9FEwFbqAl/2zAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUnE79a0hzmFJwyLwk5m3ApMK38bUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM2Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5iV4w
DQYJKoZIhvcNAQELBQADggEBAJT7dLCfwRCXC3+CX1iqWkqkqXqrx9253JSg0gNx
5WIONhtc/zxSsqCAVJuN7LPCxR8uTOa45m+lhB8D68vvjG49/Uog/JMZfvWAK6rF
Im451X/vra/B6wC+KfggQ+CMAcDEpI9Nlh2+Calf73jgvrttlPRlsZsrX8nnVdvZ
s2pDUEumm3d0xrKDXrDiei5VP+UBDKu9tM/QmMkSkoIJt5OWnhVijB4NlOJkQ/Cg
elffcBtQTDUbKMNmIO18peO9yqE8tdhaaNph+5huA/h9BLQOfmHQWfBc0v1Dj8I8
M2Q2Rd7bhjnw0VLqIfVOUnnJ2fGjzrtAtiDmGj4J9w3HAfE=
-----END CERTIFICATE-----