This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          otNGJIeQGz4+18EnR+P7uqfZvhLohBdaPqLvjpFJF4g=
Subject key identifier:   FB:D3:B4:60:C0:A7:78:10:3F:85:93:75:57:90:2E:D4:18:55:E9:A2
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       6CC865F3CECC07C5A2DF42F062C19A81F7C740D8
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa
Signing time:             Thu 18 Dec 2025 08:48:54 +0000
ROA not before:           Thu 18 Dec 2025 08:43:54 +0000
ROA not after:            Thu 17 Dec 2026 08:48:54 +0000
asID:                     25198
IP address blocks:        193.32.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:c8:65:f3:ce:cc:07:c5:a2:df:42:f0:62:c1:9a:81:f7:c7:40:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Dec 18 08:43:54 2025 GMT
            Not After : Dec 17 08:48:54 2026 GMT
        Subject: CN=FBD3B460C0A778103F85937557902ED41855E9A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:69:75:7f:66:c6:f6:2d:bb:61:b8:f0:43:89:
                    92:bc:2e:73:9e:20:a8:af:8b:56:01:80:a9:8b:d8:
                    81:99:0d:d1:f4:dd:c4:82:0b:4e:65:80:41:4b:19:
                    07:fe:54:1e:e1:dd:ca:f4:4a:78:91:42:83:29:82:
                    77:1b:dd:1f:cd:2a:97:4c:3c:a7:c7:fe:82:d9:83:
                    9e:68:d9:b5:ec:a6:8d:bf:c2:10:1a:ea:69:9b:bd:
                    8c:92:af:78:d9:e2:71:9c:9b:9c:ec:0e:93:06:87:
                    aa:78:35:23:4e:cb:a4:ec:9b:ca:42:a0:da:50:51:
                    23:e2:fd:b2:88:e6:16:86:69:40:af:db:32:ef:4e:
                    1f:c9:bc:c9:61:83:a3:8c:a4:c1:d5:26:04:c8:92:
                    04:ec:58:c3:ac:84:d6:0c:2b:f3:a3:bf:f2:92:96:
                    45:fb:e5:ef:c8:81:91:89:c2:98:5e:b4:db:39:73:
                    61:4e:8c:b9:42:8f:19:e1:bf:da:36:39:33:3d:71:
                    36:61:84:fa:09:70:6e:fa:fd:af:e5:c4:11:64:14:
                    f6:2b:fa:2b:bd:7a:1c:6e:69:ee:f5:0d:70:1c:c5:
                    7f:b7:b9:d8:b9:8c:d9:7c:0b:a8:60:d2:e9:9a:ad:
                    a2:0d:86:06:da:93:79:36:ec:21:de:f2:3c:31:6c:
                    c6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D3:B4:60:C0:A7:78:10:3F:85:93:75:57:90:2E:D4:18:55:E9:A2
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:33:2f:bd:bd:4f:29:60:40:45:f9:43:ff:e4:cb:87:07:ca:
         54:93:73:54:d8:62:5b:a4:3d:c1:23:dc:da:2e:ff:18:bb:23:
         bb:39:0f:c0:1e:5f:3c:c3:07:1a:93:ac:da:63:7e:44:5b:96:
         42:4b:2a:e6:77:d1:23:2c:f2:2d:0d:0b:ba:07:43:40:12:25:
         6b:19:77:f3:c0:ee:42:c4:87:5c:6c:16:f6:fb:6e:ee:29:55:
         13:ec:30:e7:6e:98:38:df:74:a3:89:53:be:48:d6:c7:27:3e:
         64:e0:94:3b:15:4a:2d:f3:e1:8e:fb:41:0e:58:d8:5d:73:98:
         b4:91:f6:66:ef:7c:ff:39:f1:07:e4:7d:b7:9c:07:5a:f0:73:
         b5:96:5f:3a:a2:b0:dd:d0:df:80:76:a7:7e:ab:98:27:f8:24:
         75:94:ac:40:41:05:b4:b2:cf:bf:c5:ab:b8:32:6d:e0:7e:19:
         13:95:35:8f:60:d0:e5:5f:20:1e:32:2e:38:d2:fb:13:80:70:
         35:91:64:9f:c8:52:0a:02:e0:77:9c:7a:f7:59:6e:a2:6a:1e:
         fa:c6:61:69:a3:44:2f:eb:7a:12:a5:94:2a:a8:ab:e9:02:1c:
         a0:bf:b6:8e:fe:52:b0:aa:8f:be:12:3a:68:a5:ee:45:60:95:
         c1:09:45:fd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbMhl887MB8Wi30LwYsGagffHQNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEyMTgwODQzNTRaFw0yNjEyMTcwODQ4NTRaMDMxMTAvBgNV
BAMTKEZCRDNCNDYwQzBBNzc4MTAzRjg1OTM3NTU3OTAyRUQ0MTg1NUU5QTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaXV/Zsb2LbthuPBDiZK8LnOe
IKivi1YBgKmL2IGZDdH03cSCC05lgEFLGQf+VB7h3cr0SniRQoMpgncb3R/NKpdM
PKfH/oLZg55o2bXspo2/whAa6mmbvYySr3jZ4nGcm5zsDpMGh6p4NSNOy6Tsm8pC
oNpQUSPi/bKI5haGaUCv2zLvTh/JvMlhg6OMpMHVJgTIkgTsWMOshNYMK/Ojv/KS
lkX75e/IgZGJwphetNs5c2FOjLlCjxnhv9o2OTM9cTZhhPoJcG76/a/lxBFkFPYr
+iu9ehxuae71DXAcxX+3udi5jNl8C6hg0umaraINhgbak3k27CHe8jwxbMY5AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+9O0YMCneBA/hZN1V5Au1BhV6aIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBILsw
DQYJKoZIhvcNAQELBQADggEBAE0zL729TylgQEX5Q//ky4cHylSTc1TYYlukPcEj
3Nou/xi7I7s5D8AeXzzDBxqTrNpjfkRblkJLKuZ30SMs8i0NC7oHQ0ASJWsZd/PA
7kLEh1xsFvb7bu4pVRPsMOdumDjfdKOJU75I1scnPmTglDsVSi3z4Y77QQ5Y2F1z
mLSR9mbvfP858QfkfbecB1rwc7WWXzqisN3Q34B2p36rmCf4JHWUrEBBBbSyz7/F
q7gybeB+GROVNY9g0OVfIB4yLjjS+xOAcDWRZJ/IUgoC4HecevdZbqJqHvrGYWmj
RC/rehKllCqoq+kCHKC/to7+UrCqj74SOmil7kVglcEJRf0=
-----END CERTIFICATE-----