This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          eArcsSXhG2y2CQfB0/qskzRibh2kYpxjMeZ7r6CA4m4=
Subject key identifier:   A0:35:A7:78:67:81:22:43:D3:F6:8B:FF:50:BC:3E:34:1E:2D:C1:99
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3F8C944AE04AEF2494A56C9D9D5858FC2E6AB2D6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa
Signing time:             Tue 13 Jan 2026 15:55:33 +0000
ROA not before:           Tue 13 Jan 2026 15:50:33 +0000
ROA not after:            Tue 12 Jan 2027 15:55:33 +0000
asID:                     151338
IP address blocks:        150.241.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:8c:94:4a:e0:4a:ef:24:94:a5:6c:9d:9d:58:58:fc:2e:6a:b2:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 13 15:50:33 2026 GMT
            Not After : Jan 12 15:55:33 2027 GMT
        Subject: CN=A035A77867812243D3F68BFF50BC3E341E2DC199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0a:18:fd:20:22:2c:d3:15:11:8b:c3:0e:d5:
                    65:1a:0a:53:51:57:b6:0d:3b:b4:ec:ef:3e:c9:6d:
                    7e:3e:0f:1c:86:2d:68:1c:2f:2b:af:71:d9:b9:2c:
                    85:96:25:86:22:f9:cc:5d:1f:8d:10:df:d1:3b:16:
                    e5:56:4c:79:8b:51:07:24:9b:62:fc:26:38:13:bc:
                    03:56:1d:fd:e5:9c:8d:f0:20:11:5c:87:4e:89:9a:
                    4a:8e:24:be:29:3f:52:37:e2:c4:75:c3:8e:3c:12:
                    ca:e3:1d:2c:44:8f:f2:71:32:0f:d0:bc:95:f1:30:
                    a0:00:aa:d3:78:20:44:bb:b8:e4:ad:76:74:9f:60:
                    a9:4f:0a:36:5a:ab:ed:74:38:05:e8:91:80:ba:b6:
                    3b:49:89:a0:0d:4d:97:35:b3:9f:a3:e9:05:04:46:
                    bf:e2:e7:e1:6c:71:8a:46:5f:94:83:70:84:dc:24:
                    50:95:ee:2c:a6:ab:84:32:0b:46:b8:e1:56:61:57:
                    d2:f1:09:1c:99:eb:bd:7e:1a:44:f6:ad:3c:38:e4:
                    5a:54:3f:11:f3:f6:e2:ee:72:68:46:bc:ca:c5:09:
                    09:3d:54:f0:95:c0:86:c3:8a:ff:d7:d8:c9:2f:f3:
                    11:36:80:13:24:b0:ce:b6:0d:a0:ef:a7:1b:bc:f9:
                    eb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:35:A7:78:67:81:22:43:D3:F6:8B:FF:50:BC:3E:34:1E:2D:C1:99
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:ef:84:c6:19:e9:d9:8a:f9:6b:0c:4f:74:3d:5d:6c:4b:8d:
         d7:75:44:6f:cb:f8:92:27:f0:00:16:6a:30:73:b4:39:9d:db:
         9b:fd:ef:7e:64:a4:ee:74:d8:b5:47:3e:5a:80:b4:20:bf:42:
         5c:ac:b9:56:5c:eb:00:90:59:2c:31:bf:f2:16:32:d3:16:88:
         97:47:26:6f:92:24:4c:83:9b:95:38:6a:d6:2c:3f:2a:cb:f9:
         7c:19:9c:c4:a6:1b:68:be:07:47:b6:45:f1:3e:22:93:3f:82:
         32:e2:63:cf:d2:b4:87:27:3a:52:9c:66:2d:84:c5:bb:60:a6:
         b5:28:5e:f2:2a:be:e5:12:d0:8a:67:d4:e6:f1:5c:15:5c:75:
         aa:8f:a2:a1:ce:49:46:c0:8c:46:4c:25:e9:8d:9b:f4:f0:a5:
         d5:03:a1:23:e0:57:5e:cb:9e:7b:25:af:9c:45:da:54:62:23:
         f9:47:6a:04:bb:70:90:26:7f:26:04:5a:65:20:cb:9e:db:c3:
         c0:b0:67:70:28:f9:65:48:3b:4d:c4:c5:64:17:b0:48:2b:11:
         6e:76:88:ca:7a:8f:e5:3c:3e:58:dd:12:d4:12:27:b1:09:b2:
         d0:5d:28:81:dc:fb:d9:f4:8d:10:a6:6d:95:6e:6e:a2:a6:7c:
         a4:a3:ca:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUP4yUSuBK7ySUpWydnVhY/C5qstYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMTMxNTUwMzNaFw0yNzAxMTIxNTU1MzNaMDMxMTAvBgNV
BAMTKEEwMzVBNzc4Njc4MTIyNDNEM0Y2OEJGRjUwQkMzRTM0MUUyREMxOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEChj9ICIs0xURi8MO1WUaClNR
V7YNO7Ts7z7JbX4+DxyGLWgcLyuvcdm5LIWWJYYi+cxdH40Q39E7FuVWTHmLUQck
m2L8JjgTvANWHf3lnI3wIBFch06JmkqOJL4pP1I34sR1w448EsrjHSxEj/JxMg/Q
vJXxMKAAqtN4IES7uOStdnSfYKlPCjZaq+10OAXokYC6tjtJiaANTZc1s5+j6QUE
Rr/i5+FscYpGX5SDcITcJFCV7iymq4QyC0a44VZhV9LxCRyZ671+GkT2rTw45FpU
PxHz9uLucmhGvMrFCQk9VPCVwIbDiv/X2Mkv8xE2gBMksM62DaDvpxu8+euHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoDWneGeBIkPT9ov/ULw+NB4twZkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClvHM
MA0GCSqGSIb3DQEBCwUAA4IBAQCG74TGGenZivlrDE90PV1sS43XdURvy/iSJ/AA
Fmowc7Q5ndub/e9+ZKTudNi1Rz5agLQgv0JcrLlWXOsAkFksMb/yFjLTFoiXRyZv
kiRMg5uVOGrWLD8qy/l8GZzEphtovgdHtkXxPiKTP4Iy4mPP0rSHJzpSnGYthMW7
YKa1KF7yKr7lEtCKZ9Tm8VwVXHWqj6KhzklGwIxGTCXpjZv08KXVA6Ej4Fdey557
Ja+cRdpUYiP5R2oEu3CQJn8mBFplIMue28PAsGdwKPllSDtNxMVkF7BIKxFudojK
eo/lPD5Y3RLUEiexCbLQXSiB3PvZ9I0Qpm2Vbm6ipnyko8oo
-----END CERTIFICATE-----