This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa
File:                     AS207612.roa (raw, json)
Hash identifier:          MKj58jOdTAYnJxN0lpmL8fidQOSRu4jvj3+6+Q8qo34=
Subject key identifier:   D9:4F:50:4F:C6:B4:28:08:DE:C1:2D:1F:E6:69:DE:61:93:BF:AB:C7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       33D17794E2BB9EA680DC3CFA5F71EA5EE95A5DB7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa
Signing time:             Thu 11 Dec 2025 03:35:05 +0000
ROA not before:           Thu 11 Dec 2025 03:30:05 +0000
ROA not after:            Thu 10 Dec 2026 03:35:05 +0000
asID:                     207612
IP address blocks:        143.20.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:d1:77:94:e2:bb:9e:a6:80:dc:3c:fa:5f:71:ea:5e:e9:5a:5d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 11 03:30:05 2025 GMT
            Not After : Dec 10 03:35:05 2026 GMT
        Subject: CN=D94F504FC6B42808DEC12D1FE669DE6193BFABC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:a0:fb:f5:3c:24:0c:81:bc:ad:97:dd:a9:
                    f8:79:dc:0a:ae:2c:50:89:8e:47:60:c1:e4:6b:95:
                    f1:dd:4e:a4:d5:2b:fc:50:b8:ee:b4:0c:17:c0:2c:
                    b9:47:14:de:a0:f8:1e:d4:70:78:8b:96:5c:32:c1:
                    a2:0e:b4:45:d4:88:13:80:dd:43:94:f1:db:c2:ec:
                    80:bc:f3:87:93:01:f4:57:08:c7:27:ea:d4:07:c7:
                    5d:a4:5e:85:c9:98:d4:5d:a1:96:3a:42:c9:c3:29:
                    22:4e:41:7f:11:87:05:67:f5:b9:7a:94:46:df:3a:
                    6f:a8:2d:32:ad:dd:47:00:e2:4d:a6:a1:b3:bc:e7:
                    be:52:68:80:3a:82:d9:2d:ae:b1:f0:96:5c:bc:3c:
                    79:c2:d2:d2:7c:26:ef:2b:61:8d:55:64:1f:df:a4:
                    81:8d:bc:80:69:aa:f9:93:c9:fa:d8:90:57:56:79:
                    3f:a2:e1:de:3a:7c:a6:bc:61:45:4e:74:15:7b:5e:
                    9d:b0:ce:e0:77:d3:35:98:ac:a7:77:a3:5a:52:93:
                    55:14:d1:8a:91:92:c5:3e:b6:07:3b:a2:59:65:3d:
                    47:16:d6:b0:8d:45:2c:15:21:7f:af:9b:13:c9:c9:
                    a3:aa:db:af:0c:5d:5f:88:8a:59:0b:54:49:98:10:
                    42:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4F:50:4F:C6:B4:28:08:DE:C1:2D:1F:E6:69:DE:61:93:BF:AB:C7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:d0:8c:22:46:64:55:d9:8b:f5:4d:12:05:bf:46:ad:19:c8:
         28:8f:5a:89:fc:f9:43:46:74:5d:fd:95:e7:d3:1a:02:1b:06:
         39:ce:66:5d:54:2c:bb:cd:47:62:5c:b4:9c:aa:0c:53:17:70:
         43:6a:61:84:15:b4:55:7f:ce:5a:a7:42:79:1b:72:8a:9c:b8:
         f2:78:23:3e:e3:0b:4b:50:a3:bd:9f:f4:18:c8:e3:b9:17:1b:
         43:44:0a:81:bb:51:fd:3b:cd:f9:39:8b:c5:f5:ad:1a:2b:35:
         fb:b7:79:a1:ff:61:3d:68:b9:fc:a8:4b:6d:45:dd:10:47:5a:
         ed:bc:62:01:b6:87:b5:d9:aa:71:67:bb:26:00:d7:8e:00:5f:
         a0:e4:30:99:7a:69:30:9f:5a:ef:8e:8d:ba:da:52:39:84:55:
         61:49:7e:64:5c:2a:74:88:d3:d2:5f:ed:10:46:b1:de:48:86:
         4b:79:60:08:06:70:11:b0:a3:8e:95:2f:e5:62:51:cf:72:f0:
         85:ae:46:de:06:f1:23:0b:d3:c4:b2:3a:a9:fc:7b:4e:5e:07:
         e9:f7:3d:8b:07:a0:60:61:18:7f:ac:f0:7c:b9:2c:e7:c5:fe:
         13:8c:28:ea:08:eb:03:8d:c4:c4:40:19:9b:80:27:91:59:fa:
         2f:e0:82:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM9F3lOK7nqaA3Dz6X3HqXulaXbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMTEwMzMwMDVaFw0yNjEyMTAwMzM1MDVaMDMxMTAvBgNV
BAMTKEQ5NEY1MDRGQzZCNDI4MDhERUMxMkQxRkU2NjlERTYxOTNCRkFCQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYuKD79TwkDIG8rZfdqfh53Aqu
LFCJjkdgweRrlfHdTqTVK/xQuO60DBfALLlHFN6g+B7UcHiLllwywaIOtEXUiBOA
3UOU8dvC7IC884eTAfRXCMcn6tQHx12kXoXJmNRdoZY6QsnDKSJOQX8RhwVn9bl6
lEbfOm+oLTKt3UcA4k2mobO8575SaIA6gtktrrHwlly8PHnC0tJ8Ju8rYY1VZB/f
pIGNvIBpqvmTyfrYkFdWeT+i4d46fKa8YUVOdBV7Xp2wzuB30zWYrKd3o1pSk1UU
0YqRksU+tgc7olllPUcW1rCNRSwVIX+vmxPJyaOq268MXV+IilkLVEmYEEIVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2U9QT8a0KAjewS0f5mneYZO/q8cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NjEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSD
MA0GCSqGSIb3DQEBCwUAA4IBAQAx0IwiRmRV2Yv1TRIFv0atGcgoj1qJ/PlDRnRd
/ZXn0xoCGwY5zmZdVCy7zUdiXLScqgxTF3BDamGEFbRVf85ap0J5G3KKnLjyeCM+
4wtLUKO9n/QYyOO5FxtDRAqBu1H9O835OYvF9a0aKzX7t3mh/2E9aLn8qEttRd0Q
R1rtvGIBtoe12apxZ7smANeOAF+g5DCZemkwn1rvjo262lI5hFVhSX5kXCp0iNPS
X+0QRrHeSIZLeWAIBnARsKOOlS/lYlHPcvCFrkbeBvEjC9PEsjqp/HtOXgfp9z2L
B6BgYRh/rPB8uSznxf4TjCjqCOsDjcTEQBmbgCeRWfov4IId
-----END CERTIFICATE-----