This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS43350.roa
File:                     AS43350.roa (raw, json)
Hash identifier:          mgj/n9bav/37ENdIAQ3Uz99MzxfUe2ZDJ0zmnlZ00PU=
Subject key identifier:   CF:3D:E9:ED:1A:A2:50:11:9A:21:87:54:4B:CF:65:03:A4:6B:54:C5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4FD7F46B6F4C2DD1C5062D3BBD1F1C34419F224E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS43350.roa
Signing time:             Tue 16 Dec 2025 11:29:29 +0000
ROA not before:           Tue 16 Dec 2025 11:24:29 +0000
ROA not after:            Tue 15 Dec 2026 11:29:29 +0000
asID:                     43350
IP address blocks:        143.20.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 17:42:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:d7:f4:6b:6f:4c:2d:d1:c5:06:2d:3b:bd:1f:1c:34:41:9f:22:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Dec 16 11:24:29 2025 GMT
            Not After : Dec 15 11:29:29 2026 GMT
        Subject: CN=CF3DE9ED1AA250119A2187544BCF6503A46B54C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:05:a0:47:78:0b:97:75:00:7f:4a:57:1e:ff:
                    1f:78:8d:9c:98:02:37:a5:ff:15:ff:1f:38:e3:62:
                    a7:73:1a:96:9a:21:68:72:cc:0a:d4:9d:0a:54:b2:
                    61:38:4a:ad:59:cc:81:e1:54:ab:77:bf:3c:81:e3:
                    d2:4a:cd:e9:24:f6:1d:75:2e:91:d6:eb:0b:d9:3a:
                    3a:44:a1:63:b4:57:9f:0f:ff:36:81:60:67:3d:53:
                    b9:15:30:37:35:ba:d4:72:af:36:2e:a7:4a:3f:78:
                    74:70:e8:ea:81:4a:be:e9:1f:c0:51:03:87:ee:9c:
                    80:54:f1:12:b1:ae:be:98:f6:46:49:e5:9d:2a:08:
                    6a:b1:92:c5:4e:bb:b3:7c:dc:8a:83:37:c3:23:83:
                    b0:2e:de:a3:82:d9:11:bc:fd:c4:fd:b0:3f:69:cb:
                    d1:3c:25:81:61:59:25:17:1e:9b:4c:c3:fb:06:8a:
                    64:5a:48:76:0b:5d:d6:61:c7:18:24:a8:81:d6:dd:
                    d3:8b:40:42:5a:cf:dd:cc:08:5f:e2:7d:5f:da:69:
                    c9:7c:88:37:1b:f6:5c:e7:aa:ce:39:a7:4c:bd:df:
                    fe:7f:91:89:38:a8:ad:c8:49:11:51:14:1c:71:38:
                    92:c8:4e:98:0a:b3:80:06:a1:74:d5:aa:f3:da:45:
                    00:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3D:E9:ED:1A:A2:50:11:9A:21:87:54:4B:CF:65:03:A4:6B:54:C5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS43350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:63:2e:48:76:43:f7:4a:ed:28:ea:36:42:84:da:64:a4:04:
         37:1e:b9:89:2b:74:fe:b2:da:14:43:e7:1c:ed:2a:ec:ab:6b:
         77:8a:da:14:53:ca:b2:61:a3:63:4d:5d:a7:0d:84:eb:17:e6:
         b1:68:e2:44:98:61:eb:4a:e2:4a:77:5d:6f:a7:7c:ce:46:a3:
         18:10:de:c2:3a:82:f3:8a:55:c6:4a:e7:33:84:b4:a4:31:07:
         74:da:55:ec:af:d3:7f:94:72:70:4e:0b:40:85:e5:1a:6f:e9:
         86:98:1c:78:58:f3:54:17:60:db:9e:24:f1:6a:0e:e2:88:56:
         6d:a8:5b:ca:f8:84:6b:13:23:0d:d0:aa:68:09:ab:a4:0c:42:
         99:80:4d:56:9a:51:f8:00:ab:ef:f1:89:64:c0:79:cd:aa:ed:
         4b:87:41:0e:c0:76:f2:c4:d2:8b:25:ca:78:69:33:14:51:b5:
         1e:64:6e:35:53:d5:17:7b:bc:ab:f2:16:8a:2b:18:9c:2d:f3:
         36:ed:b9:79:5c:31:c0:16:66:9d:54:80:1a:44:c0:3d:34:7e:
         a6:02:74:a5:53:1e:23:02:6e:7a:00:78:76:a1:7c:90:fa:98:
         69:e9:7e:61:ba:7e:7f:c4:12:c3:11:3d:1c:cb:63:78:f9:14:
         40:f4:0f:a5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUT9f0a29MLdHFBi07vR8cNEGfIk4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEyMTYxMTI0MjlaFw0yNjEyMTUxMTI5MjlaMDMxMTAvBgNV
BAMTKENGM0RFOUVEMUFBMjUwMTE5QTIxODc1NDRCQ0Y2NTAzQTQ2QjU0QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBaBHeAuXdQB/Slce/x94jZyY
Ajel/xX/HzjjYqdzGpaaIWhyzArUnQpUsmE4Sq1ZzIHhVKt3vzyB49JKzekk9h11
LpHW6wvZOjpEoWO0V58P/zaBYGc9U7kVMDc1utRyrzYup0o/eHRw6OqBSr7pH8BR
A4funIBU8RKxrr6Y9kZJ5Z0qCGqxksVOu7N83IqDN8Mjg7Au3qOC2RG8/cT9sD9p
y9E8JYFhWSUXHptMw/sGimRaSHYLXdZhxxgkqIHW3dOLQEJaz93MCF/ifV/aacl8
iDcb9lznqs45p0y93/5/kYk4qK3ISRFRFBxxOJLITpgKs4AGoXTVqvPaRQABAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzz3p7RqiUBGaIYdUS89lA6RrVMUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDMzNTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFFIw
DQYJKoZIhvcNAQELBQADggEBAMZjLkh2Q/dK7SjqNkKE2mSkBDceuYkrdP6y2hRD
5xztKuyra3eK2hRTyrJho2NNXacNhOsX5rFo4kSYYetK4kp3XW+nfM5GoxgQ3sI6
gvOKVcZK5zOEtKQxB3TaVeyv03+UcnBOC0CF5Rpv6YaYHHhY81QXYNueJPFqDuKI
Vm2oW8r4hGsTIw3QqmgJq6QMQpmATVaaUfgAq+/xiWTAec2q7UuHQQ7AdvLE0osl
ynhpMxRRtR5kbjVT1Rd7vKvyFoorGJwt8zbtuXlcMcAWZp1UgBpEwD00fqYCdKVT
HiMCbnoAeHahfJD6mGnpfmG6fn/EEsMRPRzLY3j5FED0D6U=
-----END CERTIFICATE-----