This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          J/LV/9cjzKVOkr3VBWWZnrvGZ8eej6UFCLCPubF3L50=
Subject key identifier:   D7:B4:91:48:27:FA:50:95:DA:12:73:24:BC:9F:B9:CF:8A:5B:30:85
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4B5788DF46B25158E54CD0467DE73E32DE173F14
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Tue 16 Dec 2025 02:19:33 +0000
ROA not before:           Tue 16 Dec 2025 02:14:33 +0000
ROA not after:            Tue 15 Dec 2026 02:19:33 +0000
asID:                     834
IP address blocks:        91.198.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 09:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:57:88:df:46:b2:51:58:e5:4c:d0:46:7d:e7:3e:32:de:17:3f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 16 02:14:33 2025 GMT
            Not After : Dec 15 02:19:33 2026 GMT
        Subject: CN=D7B4914827FA5095DA127324BC9FB9CF8A5B3085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:79:d9:0e:7a:e7:dc:c1:39:ef:37:b8:86:c1:
                    61:78:08:ef:ae:f3:e4:e3:01:94:03:8f:3c:f2:67:
                    13:fd:43:30:b0:61:dd:95:13:d4:3e:42:0c:f8:f6:
                    a8:e7:f0:29:40:7c:58:a5:4d:2d:63:64:78:bb:28:
                    aa:6b:83:cf:8a:2a:97:ec:b2:ed:82:92:e1:b4:c4:
                    4b:e4:40:62:71:c1:04:18:a4:7f:73:ac:a4:49:18:
                    2e:b2:1e:ad:71:bc:48:3c:45:59:c7:13:e1:7a:ee:
                    8f:90:db:f0:6f:62:d9:90:e6:b1:a3:64:07:eb:bc:
                    d0:22:d5:b7:37:79:fb:86:54:59:bf:09:02:bf:d4:
                    dc:33:42:28:1a:a0:5c:c3:4e:d2:fe:38:cb:68:c7:
                    48:9f:1b:73:1b:0d:02:e5:f9:cf:7c:21:df:e5:01:
                    db:e2:f0:58:a8:e5:69:cc:5f:84:13:0b:48:46:9c:
                    1d:b9:5a:95:74:9f:2f:a5:5b:59:be:cc:d2:d2:4e:
                    ce:af:79:87:17:69:9a:9a:2f:52:56:ad:80:1b:2c:
                    57:42:85:c3:8e:00:b9:bf:ef:d8:ff:9c:eb:2d:b0:
                    7f:8f:c7:35:00:18:d2:d4:e7:10:c8:b1:d5:76:94:
                    2f:04:ba:14:d4:70:da:66:f5:32:be:58:99:f3:a6:
                    36:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B4:91:48:27:FA:50:95:DA:12:73:24:BC:9F:B9:CF:8A:5B:30:85
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:74:9e:5e:b1:85:4c:d1:fa:01:01:18:11:35:9b:1b:59:4b:
         4d:39:77:46:9f:15:5f:64:de:e4:7b:23:f0:b5:82:dc:2d:26:
         7d:74:60:c1:71:8e:dc:46:e5:4b:b1:fa:e4:72:84:86:e8:e0:
         de:c0:c1:51:f0:55:d7:51:df:e9:bb:69:da:f4:46:22:ff:62:
         7c:39:bd:23:01:ca:5b:23:37:9b:05:54:b1:f6:81:ad:dd:8f:
         61:88:66:79:48:2d:a3:30:d3:3b:f4:2d:57:b9:0e:cf:36:9d:
         bd:66:a8:be:3c:50:56:f3:15:c9:dd:67:4c:5d:b1:3a:d6:27:
         7d:19:1e:86:1e:57:48:98:33:9f:9c:df:a2:9b:b6:cb:37:26:
         6f:c8:66:0d:77:ff:7f:50:52:f0:0d:9b:12:8a:f8:1b:94:59:
         05:8c:58:31:28:cf:76:4c:85:70:5f:dc:8d:ef:a4:21:dc:85:
         fe:b9:3c:46:8f:79:22:26:8e:2f:1f:39:d2:f0:80:65:2d:50:
         11:c4:94:ac:30:54:86:32:87:d4:e6:3b:a5:cd:b2:bf:dc:e7:
         7e:cf:32:8d:36:8f:aa:59:ed:59:51:8a:d7:64:87:a8:8f:ef:
         4a:17:85:ce:24:f4:d0:5e:63:f4:7b:d2:63:09:70:b7:9f:b9:
         f3:f3:3d:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUS1eI30ayUVjlTNBGfec+Mt4XPxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMTYwMjE0MzNaFw0yNjEyMTUwMjE5MzNaMDMxMTAvBgNV
BAMTKEQ3QjQ5MTQ4MjdGQTUwOTVEQTEyNzMyNEJDOUZCOUNGOEE1QjMwODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/edkOeufcwTnvN7iGwWF4CO+u
8+TjAZQDjzzyZxP9QzCwYd2VE9Q+Qgz49qjn8ClAfFilTS1jZHi7KKprg8+KKpfs
su2CkuG0xEvkQGJxwQQYpH9zrKRJGC6yHq1xvEg8RVnHE+F67o+Q2/BvYtmQ5rGj
ZAfrvNAi1bc3efuGVFm/CQK/1NwzQigaoFzDTtL+OMtox0ifG3MbDQLl+c98Id/l
Advi8Fio5WnMX4QTC0hGnB25WpV0ny+lW1m+zNLSTs6veYcXaZqaL1JWrYAbLFdC
hcOOALm/79j/nOstsH+PxzUAGNLU5xDIsdV2lC8EuhTUcNpm9TK+WJnzpjZ/AgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQU17SRSCf6UJXaEnMkvJ+5z4pbMIUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8Z7MA0G
CSqGSIb3DQEBCwUAA4IBAQAXdJ5esYVM0foBARgRNZsbWUtNOXdGnxVfZN7keyPw
tYLcLSZ9dGDBcY7cRuVLsfrkcoSG6ODewMFR8FXXUd/pu2na9EYi/2J8Ob0jAcpb
IzebBVSx9oGt3Y9hiGZ5SC2jMNM79C1XuQ7PNp29Zqi+PFBW8xXJ3WdMXbE61id9
GR6GHldImDOfnN+im7bLNyZvyGYNd/9/UFLwDZsSivgblFkFjFgxKM92TIVwX9yN
76Qh3IX+uTxGj3kiJo4vHznS8IBlLVARxJSsMFSGMofU5julzbK/3Od+zzKNNo+q
We1ZUYrXZIeoj+9KF4XOJPTQXmP0e9JjCXC3n7nz8z05
-----END CERTIFICATE-----