This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa
File:                     AS203656.roa (raw, json)
Hash identifier:          EAuKYDAa0p2/VCCXwIz0YLD8qraXJwdqIm7ZmUNU+38=
Subject key identifier:   01:94:F5:5B:B6:DE:B1:3D:A9:F2:65:F8:D0:53:F3:57:3B:11:EA:4F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       362FA37A0A624B11A643F0A416B48AE8709101BE
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa
Signing time:             Sat 13 Dec 2025 15:14:01 +0000
ROA not before:           Sat 13 Dec 2025 15:09:01 +0000
ROA not after:            Sat 12 Dec 2026 15:14:01 +0000
asID:                     203656
IP address blocks:        143.20.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 17:42:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:2f:a3:7a:0a:62:4b:11:a6:43:f0:a4:16:b4:8a:e8:70:91:01:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 13 15:09:01 2025 GMT
            Not After : Dec 12 15:14:01 2026 GMT
        Subject: CN=0194F55BB6DEB13DA9F265F8D053F3573B11EA4F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ff:16:ba:1e:95:93:2f:f0:5a:ed:25:e4:3d:
                    6c:8e:e7:07:25:a8:fe:72:93:4c:a1:2a:fa:d9:c8:
                    df:fc:c5:a8:62:0c:17:e1:40:61:27:26:ee:79:b4:
                    c7:be:cf:58:b9:74:d3:92:b5:0d:fb:b6:e1:26:28:
                    0d:f8:b4:e4:e2:43:5e:07:20:ca:de:84:9a:0a:f6:
                    c5:cb:0e:97:b8:fd:91:e3:fe:76:ba:a8:dc:5b:45:
                    e6:fe:23:aa:ac:f8:e6:cd:b3:1c:19:93:04:d2:fc:
                    98:55:80:3a:c2:d7:ac:e9:ae:41:6c:bf:69:a2:6b:
                    ca:34:9e:22:56:92:c4:0b:89:c7:03:d7:c2:99:82:
                    1b:d0:57:5d:8e:ad:64:fc:ce:bc:38:f3:6f:25:2f:
                    51:91:19:04:66:c9:db:42:a6:cb:01:5a:ba:d2:e7:
                    0b:a6:7a:80:cf:ab:c9:f5:0a:d6:25:9a:03:e4:e9:
                    85:72:d7:c6:a0:da:50:18:9a:c5:55:3d:42:10:a0:
                    4a:c7:e1:41:b1:f0:50:c8:3e:60:32:5d:b6:f7:61:
                    ce:70:d7:3d:43:91:80:27:ec:ff:52:0a:3b:5d:f8:
                    1d:3d:03:db:46:8d:d3:20:00:55:37:4d:e8:b1:82:
                    7b:36:9f:1f:ce:4f:b4:a2:32:aa:de:9f:57:d9:29:
                    34:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:94:F5:5B:B6:DE:B1:3D:A9:F2:65:F8:D0:53:F3:57:3B:11:EA:4F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:c0:76:bb:9f:be:33:14:c1:39:fc:b6:aa:74:27:43:03:b8:
         4b:d9:50:e8:d4:20:59:1c:db:e8:4a:e0:a6:94:15:d4:58:b7:
         fa:32:23:61:95:5f:75:ab:5e:76:6a:18:57:93:50:2d:44:3a:
         e3:96:df:a3:ba:e9:b4:53:e3:86:96:ff:df:56:83:d3:77:f5:
         d6:fd:12:dc:99:2e:8f:db:4a:a7:19:77:07:38:71:ab:7f:7c:
         d0:f0:e4:3f:01:87:71:49:6e:81:d6:80:67:cb:46:72:18:0d:
         3b:04:cf:c0:60:ba:a9:f8:da:c6:06:7d:7a:c7:fc:68:34:40:
         e4:a3:9f:78:29:14:bb:9a:15:e0:17:10:e5:40:49:49:41:8a:
         fb:1a:dc:7d:d6:8e:23:fe:65:57:c4:65:d2:6b:83:bd:ac:27:
         cc:0b:d7:3e:b9:a4:eb:0e:e8:87:01:22:44:62:dc:72:d5:c2:
         49:a9:5a:04:77:9c:f4:11:f4:b4:ff:44:f1:f4:3e:00:dd:c6:
         ee:a7:0d:22:2d:c5:ba:39:c8:90:bb:31:51:05:30:fd:e0:3b:
         ee:ba:5c:13:fc:d2:a3:cf:3c:60:1c:6a:8a:89:52:7a:fa:ff:
         8c:4b:e0:61:d6:9a:e6:d6:37:b4:b7:d8:06:cd:c8:1b:ca:1e:
         80:9d:86:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNi+jegpiSxGmQ/CkFrSK6HCRAb4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMTMxNTA5MDFaFw0yNjEyMTIxNTE0MDFaMDMxMTAvBgNV
BAMTKDAxOTRGNTVCQjZERUIxM0RBOUYyNjVGOEQwNTNGMzU3M0IxMUVBNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv/xa6HpWTL/Ba7SXkPWyO5wcl
qP5yk0yhKvrZyN/8xahiDBfhQGEnJu55tMe+z1i5dNOStQ37tuEmKA34tOTiQ14H
IMrehJoK9sXLDpe4/ZHj/na6qNxbReb+I6qs+ObNsxwZkwTS/JhVgDrC16zprkFs
v2mia8o0niJWksQLiccD18KZghvQV12OrWT8zrw4828lL1GRGQRmydtCpssBWrrS
5wumeoDPq8n1CtYlmgPk6YVy18ag2lAYmsVVPUIQoErH4UGx8FDIPmAyXbb3Yc5w
1z1DkYAn7P9SCjtd+B09A9tGjdMgAFU3Teixgns2nx/OT7SiMqren1fZKTTbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAZT1W7besT2p8mX40FPzVzsR6k8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAzNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSx
MA0GCSqGSIb3DQEBCwUAA4IBAQClwHa7n74zFME5/LaqdCdDA7hL2VDo1CBZHNvo
SuCmlBXUWLf6MiNhlV91q152ahhXk1AtRDrjlt+juum0U+OGlv/fVoPTd/XW/RLc
mS6P20qnGXcHOHGrf3zQ8OQ/AYdxSW6B1oBny0ZyGA07BM/AYLqp+NrGBn16x/xo
NEDko594KRS7mhXgFxDlQElJQYr7Gtx91o4j/mVXxGXSa4O9rCfMC9c+uaTrDuiH
ASJEYtxy1cJJqVoEd5z0EfS0/0Tx9D4A3cbupw0iLcW6OciQuzFRBTD94DvuulwT
/NKjzzxgHGqKiVJ6+v+MS+Bh1prm1je0t9gGzcgbyh6AnYbN
-----END CERTIFICATE-----