This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208949.roa
File:                     AS208949.roa (raw, json)
Hash identifier:          ZMgZYMt+7aBuHu4TSscxkQ0d5yXNb571zll0RDPQBAo=
Subject key identifier:   9B:21:EC:83:B5:7A:C9:B2:26:35:AB:66:58:69:3E:63:79:9E:06:17
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0A11B73BFD4051D97D3EFF457D49EFCBCEB0AFAB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208949.roa
Signing time:             Sun 14 Dec 2025 19:58:17 +0000
ROA not before:           Sun 14 Dec 2025 19:53:17 +0000
ROA not after:            Sun 13 Dec 2026 19:58:17 +0000
asID:                     208949
IP address blocks:        143.20.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 17:42:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:11:b7:3b:fd:40:51:d9:7d:3e:ff:45:7d:49:ef:cb:ce:b0:af:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 14 19:53:17 2025 GMT
            Not After : Dec 13 19:58:17 2026 GMT
        Subject: CN=9B21EC83B57AC9B22635AB6658693E63799E0617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bc:5d:5d:b8:ee:6e:fa:bd:26:4e:d7:f4:58:
                    8e:d0:53:02:09:69:c9:e7:16:de:83:c6:d1:d0:62:
                    e3:a1:4a:5a:09:dd:51:95:eb:df:7c:26:a3:96:8e:
                    30:d7:24:bb:ce:fb:fd:9c:f3:30:62:77:92:34:c6:
                    9c:34:ee:28:f4:de:de:44:5b:f9:94:e4:52:69:ab:
                    51:1c:d8:11:47:9b:e6:f5:62:d7:ee:1e:4d:75:b9:
                    6e:66:e7:19:02:7e:5b:8d:fe:9a:00:33:54:c2:93:
                    d0:6e:07:5a:ad:e8:30:95:2c:4a:84:86:76:39:cb:
                    f2:1f:1d:a8:69:24:e9:f0:ad:c9:0d:b4:2e:e9:1f:
                    bd:b7:04:62:f7:05:a5:30:18:38:13:06:90:96:ca:
                    ca:04:82:fe:df:48:6a:ba:64:59:58:10:a8:b7:ca:
                    5c:bf:f6:04:51:14:58:52:a2:22:30:54:49:5b:41:
                    2e:eb:77:80:43:d6:b0:80:ac:d7:3d:ef:d3:38:7a:
                    83:0b:73:c7:87:ec:c3:ff:dd:2b:e0:e1:41:0d:06:
                    f5:63:8b:18:69:ff:ed:b6:3a:2f:14:33:fd:2d:1f:
                    a6:df:57:3c:94:0e:47:ef:ad:5e:b9:58:2d:54:0f:
                    a2:9c:c6:f2:e4:5f:21:7c:e8:ad:42:7e:50:d5:fb:
                    3e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:21:EC:83:B5:7A:C9:B2:26:35:AB:66:58:69:3E:63:79:9E:06:17
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:e9:12:ce:a0:28:62:4d:df:9d:41:bf:d1:a2:93:02:4c:59:
         5f:91:a1:4e:bb:f0:d6:aa:29:82:9a:31:de:4c:53:b4:79:f3:
         6e:e9:86:0e:8e:c8:da:81:66:0e:54:45:f1:05:db:e2:61:da:
         41:40:db:74:7c:cf:a0:06:97:ad:71:0b:69:79:f2:c8:74:b0:
         19:56:e6:ed:e8:89:3c:13:f1:ca:9f:70:7a:fe:6d:4f:98:2e:
         76:e9:15:a2:ca:b1:c2:ae:26:e4:54:e6:8c:87:b8:c9:a0:10:
         56:ed:67:7a:7f:af:f7:46:dc:48:89:be:71:5f:56:13:14:8d:
         09:f0:9e:ea:60:68:52:1e:a6:97:62:d7:06:59:c3:bb:1a:d4:
         2b:56:65:56:35:5b:d4:f2:6c:7e:02:6b:ce:f1:ca:85:06:dc:
         aa:c6:90:a3:0d:4c:06:de:bd:35:a6:46:c2:4e:07:a3:ef:02:
         b8:98:dc:4d:8b:87:3e:57:41:11:89:f8:7a:16:cc:81:12:4f:
         e0:23:2f:e8:33:43:b5:96:28:30:c9:5e:09:20:e6:00:23:a5:
         a6:3b:c1:54:54:54:9c:4f:d6:c6:c4:3e:5e:1f:fe:9b:35:51:
         f4:4c:09:31:e5:f0:e5:06:ed:ed:75:f6:50:ea:60:57:0f:db:
         9d:c7:ce:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUChG3O/1AUdl9Pv9FfUnvy86wr6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMTQxOTUzMTdaFw0yNjEyMTMxOTU4MTdaMDMxMTAvBgNV
BAMTKDlCMjFFQzgzQjU3QUM5QjIyNjM1QUI2NjU4NjkzRTYzNzk5RTA2MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvF1duO5u+r0mTtf0WI7QUwIJ
acnnFt6DxtHQYuOhSloJ3VGV6998JqOWjjDXJLvO+/2c8zBid5I0xpw07ij03t5E
W/mU5FJpq1Ec2BFHm+b1YtfuHk11uW5m5xkCfluN/poAM1TCk9BuB1qt6DCVLEqE
hnY5y/IfHahpJOnwrckNtC7pH723BGL3BaUwGDgTBpCWysoEgv7fSGq6ZFlYEKi3
yly/9gRRFFhSoiIwVElbQS7rd4BD1rCArNc979M4eoMLc8eH7MP/3Svg4UENBvVj
ixhp/+22Oi8UM/0tH6bfVzyUDkfvrV65WC1UD6KcxvLkXyF86K1CflDV+z63AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmyHsg7V6ybImNatmWGk+Y3meBhcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA4OTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxT6
MA0GCSqGSIb3DQEBCwUAA4IBAQAl6RLOoChiTd+dQb/RopMCTFlfkaFOu/DWqimC
mjHeTFO0efNu6YYOjsjagWYOVEXxBdviYdpBQNt0fM+gBpetcQtpefLIdLAZVubt
6Ik8E/HKn3B6/m1PmC526RWiyrHCribkVOaMh7jJoBBW7Wd6f6/3RtxIib5xX1YT
FI0J8J7qYGhSHqaXYtcGWcO7GtQrVmVWNVvU8mx+AmvO8cqFBtyqxpCjDUwG3r01
pkbCTgej7wK4mNxNi4c+V0ERifh6FsyBEk/gIy/oM0O1ligwyV4JIOYAI6WmO8FU
VFScT9bGxD5eH/6bNVH0TAkx5fDlBu3tdfZQ6mBXD9udx86/
-----END CERTIFICATE-----