This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133153.roa
File:                     AS133153.roa (raw, json)
Hash identifier:          NDmXTowHyRKxR8hwF4p2KdpP6dGgX1n5x6paSyz7dEc=
Subject key identifier:   EB:88:A7:D4:53:78:1D:6D:60:59:0B:ED:07:0C:24:7E:B0:B1:69:FE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2CC57E72F42FD0C923D1181DDEBBA166D918817F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133153.roa
Signing time:             Sun 25 Jan 2026 19:32:20 +0000
ROA not before:           Sun 25 Jan 2026 19:27:20 +0000
ROA not after:            Sun 24 Jan 2027 19:32:20 +0000
asID:                     133153
IP address blocks:        162.141.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Feb 2026 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:c5:7e:72:f4:2f:d0:c9:23:d1:18:1d:de:bb:a1:66:d9:18:81:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 25 19:27:20 2026 GMT
            Not After : Jan 24 19:32:20 2027 GMT
        Subject: CN=EB88A7D453781D6D60590BED070C247EB0B169FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:53:48:f8:c3:f7:f5:01:9d:48:42:1c:93:e8:
                    52:59:e0:0d:1e:2d:71:ba:d1:2d:ba:39:58:a3:dc:
                    55:d0:36:75:5a:11:bd:87:53:96:f2:a7:95:0d:89:
                    3a:f7:89:a9:dc:11:39:bb:1c:4f:22:c1:35:c8:6b:
                    7b:2f:de:c2:c0:d9:cd:c2:c6:6f:4b:4d:7c:f6:64:
                    bc:59:d0:c9:3f:f8:1b:bd:72:20:08:ac:d6:e1:ff:
                    54:ba:4d:9c:a1:21:54:ba:10:8a:a7:c8:67:87:ea:
                    06:78:6e:85:c4:92:82:46:02:8e:6d:4d:ba:e1:6c:
                    0a:9c:5c:4e:7a:c3:a1:c5:15:8b:9f:2c:7a:7e:28:
                    8a:bb:e0:4b:10:59:2e:5c:9a:bf:98:a2:00:a8:8a:
                    25:ce:29:16:a2:fc:fa:52:d6:f3:68:5f:35:cb:f1:
                    d9:37:51:0d:3a:bd:65:30:00:85:1e:31:39:6f:4e:
                    eb:07:2a:f3:cd:89:20:06:c5:ea:ae:42:0d:80:31:
                    99:dc:73:22:ad:da:e6:53:d3:bf:75:50:3e:87:33:
                    a5:38:3b:87:94:6f:d5:00:3c:2c:30:ba:df:46:24:
                    ca:3c:ef:cb:8e:ec:e3:23:29:c1:68:1f:93:2e:39:
                    47:96:50:59:63:34:76:2b:46:9e:c7:d1:03:06:2e:
                    01:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:88:A7:D4:53:78:1D:6D:60:59:0B:ED:07:0C:24:7E:B0:B1:69:FE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS133153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1f:3a:f4:62:8b:f2:a8:69:25:ea:05:8b:2c:0d:7b:0c:c9:
         95:56:03:56:b0:76:94:f1:98:51:b9:5a:a2:df:61:c2:cd:4f:
         52:b5:fc:c2:5b:a8:e1:6a:ee:44:29:32:cd:9b:1b:a9:dc:8a:
         e9:42:0d:5e:15:97:d6:bc:82:1e:c0:be:45:61:b9:cd:de:85:
         aa:2e:e7:5a:fc:d4:eb:8d:8c:17:39:0f:be:d0:06:9c:e6:2b:
         32:34:9b:5b:eb:ec:fc:2a:40:eb:6a:a6:ab:23:88:7b:3c:ea:
         4e:1b:49:5e:a6:16:ce:aa:e4:dd:f6:77:51:12:0c:6b:71:e8:
         75:26:3a:42:02:34:57:59:ea:f9:8a:ef:2d:bc:35:4f:bc:87:
         73:fb:f9:d7:36:f8:dd:58:de:27:2d:93:09:3e:c4:0e:b7:a3:
         75:6f:e6:55:64:3f:72:9b:d2:05:0e:bf:d8:34:6f:d6:c4:d1:
         dd:2b:15:91:fa:6d:4b:3e:d4:fc:1c:0f:08:ad:1c:70:30:ec:
         32:84:c0:16:52:9f:69:1f:0d:ea:f8:99:24:71:4f:2d:5b:fc:
         75:12:b5:bf:03:dc:e9:ee:00:a1:aa:b0:f4:3d:f8:f6:63:f4:
         59:c2:eb:1c:d3:e5:66:08:ad:13:5e:ee:c8:50:b8:87:be:29:
         d4:ba:a0:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULMV+cvQv0Mkj0Rgd3ruhZtkYgX8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMjUxOTI3MjBaFw0yNzAxMjQxOTMyMjBaMDMxMTAvBgNV
BAMTKEVCODhBN0Q0NTM3ODFENkQ2MDU5MEJFRDA3MEMyNDdFQjBCMTY5RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBU0j4w/f1AZ1IQhyT6FJZ4A0e
LXG60S26OVij3FXQNnVaEb2HU5byp5UNiTr3iancETm7HE8iwTXIa3sv3sLA2c3C
xm9LTXz2ZLxZ0Mk/+Bu9ciAIrNbh/1S6TZyhIVS6EIqnyGeH6gZ4boXEkoJGAo5t
TbrhbAqcXE56w6HFFYufLHp+KIq74EsQWS5cmr+YogCoiiXOKRai/PpS1vNoXzXL
8dk3UQ06vWUwAIUeMTlvTusHKvPNiSAGxequQg2AMZnccyKt2uZT0791UD6HM6U4
O4eUb9UAPCwwut9GJMo878uO7OMjKcFoH5MuOUeWUFljNHYrRp7H0QMGLgFjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU64in1FN4HW1gWQvtBwwkfrCxaf4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTMzMTUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo2Y
MA0GCSqGSIb3DQEBCwUAA4IBAQAOHzr0YovyqGkl6gWLLA17DMmVVgNWsHaU8ZhR
uVqi32HCzU9StfzCW6jhau5EKTLNmxup3IrpQg1eFZfWvIIewL5FYbnN3oWqLuda
/NTrjYwXOQ++0Aac5isyNJtb6+z8KkDraqarI4h7POpOG0lephbOquTd9ndREgxr
ceh1JjpCAjRXWer5iu8tvDVPvIdz+/nXNvjdWN4nLZMJPsQOt6N1b+ZVZD9ym9IF
Dr/YNG/WxNHdKxWR+m1LPtT8HA8IrRxwMOwyhMAWUp9pHw3q+JkkcU8tW/x1ErW/
A9zp7gChqrD0Pfj2Y/RZwusc0+VmCK0TXu7IULiHvinUuqCM
-----END CERTIFICATE-----