This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          nfReirMdpYTQteo2qNcJ7kJHi7A7w29b5kW0UCVyQ30=
Subject key identifier:   25:49:AA:4A:52:5F:CF:7D:5B:ED:69:49:A8:BB:C1:B3:50:CC:52:7E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       792A41F3F5F43B820250FAF33D64E56537D99570
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
Signing time:             Wed 03 Dec 2025 08:55:13 +0000
ROA not before:           Wed 03 Dec 2025 08:50:13 +0000
ROA not after:            Wed 02 Dec 2026 08:55:13 +0000
asID:                     141158
IP address blocks:        2.57.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 21:09:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:2a:41:f3:f5:f4:3b:82:02:50:fa:f3:3d:64:e5:65:37:d9:95:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  3 08:50:13 2025 GMT
            Not After : Dec  2 08:55:13 2026 GMT
        Subject: CN=2549AA4A525FCF7D5BED6949A8BBC1B350CC527E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:59:e7:7d:e8:f8:65:d8:d9:1a:16:6c:ae:
                    ac:a1:d1:b9:ab:64:61:b1:25:ac:d9:86:03:f8:67:
                    f8:fe:2f:d5:92:4a:4a:c8:45:a3:90:17:4c:4c:91:
                    22:ff:2b:f6:4e:5b:f9:97:a0:4d:96:2b:42:76:5c:
                    69:a8:9c:c4:be:80:0c:7a:fc:d0:aa:9e:23:cb:69:
                    06:16:77:ab:cb:82:72:6b:d7:01:08:84:b2:81:d4:
                    6a:23:9a:4d:8b:31:ed:fa:39:61:a8:c0:1b:f2:44:
                    47:fe:19:50:8e:f7:e4:db:a7:9b:87:f3:a9:0d:84:
                    58:be:30:c9:c0:50:16:c3:e7:f9:ad:78:c3:c8:e7:
                    5e:b6:ec:c7:62:f7:86:74:51:67:12:cd:f0:d5:f6:
                    2a:29:35:b1:b6:41:7b:83:e5:14:0a:2f:27:e9:42:
                    16:41:10:2f:f8:b9:8e:17:78:af:48:11:d5:54:8e:
                    e1:d1:7f:d6:d6:1e:9f:ce:36:d0:24:08:87:8b:68:
                    45:55:31:29:71:f4:99:20:b6:54:8f:38:85:91:d3:
                    8b:9a:27:1a:a4:79:32:45:6b:5a:b7:4e:9b:3c:bf:
                    ef:1b:c8:46:f9:f3:e3:88:7a:49:1b:c7:a8:39:21:
                    cb:8d:38:9f:e1:e1:c1:7f:7b:cc:b6:5a:a7:c4:99:
                    51:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:49:AA:4A:52:5F:CF:7D:5B:ED:69:49:A8:BB:C1:B3:50:CC:52:7E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:82:44:62:31:40:cf:e3:02:aa:f9:fd:2e:04:7c:10:e4:1a:
         8f:f6:b2:75:5c:3e:0b:be:11:c3:bd:9a:2d:73:b6:44:d8:06:
         04:43:fe:d9:32:b2:eb:fc:74:bd:cd:e7:a1:21:97:27:7f:c9:
         a4:15:9a:9f:64:9b:a3:d3:e7:6f:f0:38:29:97:90:da:4c:f5:
         7d:69:71:b6:f2:44:cc:db:cc:c0:9a:74:d4:dd:be:c9:94:19:
         76:b7:01:93:f3:e8:8e:df:c2:d9:5a:10:4c:5c:2c:04:d0:3c:
         36:91:b8:f3:c8:ae:15:36:ee:75:97:e8:5e:0c:cf:be:00:ee:
         d5:03:8a:00:4f:f6:bd:a5:8e:35:9f:b1:ae:86:18:45:68:f0:
         25:17:a8:68:9c:e7:cf:6e:f1:10:a5:30:e4:f5:60:16:9b:02:
         56:0b:14:9c:ab:3e:43:c7:ea:a9:a2:27:23:e3:33:94:b0:a7:
         ec:26:ee:b2:46:ca:f4:b3:ae:fe:32:4b:09:c1:0f:d9:65:b8:
         89:5d:09:0a:32:31:9d:86:8d:dc:c0:69:1f:41:82:3e:a9:f8:
         e7:52:f8:9b:ed:8b:6d:dc:39:f5:f8:b1:7f:cf:e0:65:d2:84:
         ed:5d:7b:8d:19:fa:3b:ba:5b:fb:23:80:51:c0:38:9e:fd:f3:
         65:ea:8b:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeSpB8/X0O4ICUPrzPWTlZTfZlXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMDMwODUwMTNaFw0yNjEyMDIwODU1MTNaMDMxMTAvBgNV
BAMTKDI1NDlBQTRBNTI1RkNGN0Q1QkVENjk0OUE4QkJDMUIzNTBDQzUyN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa7Fnnfej4ZdjZGhZsrqyh0bmr
ZGGxJazZhgP4Z/j+L9WSSkrIRaOQF0xMkSL/K/ZOW/mXoE2WK0J2XGmonMS+gAx6
/NCqniPLaQYWd6vLgnJr1wEIhLKB1Gojmk2LMe36OWGowBvyREf+GVCO9+Tbp5uH
86kNhFi+MMnAUBbD5/mteMPI51627Mdi94Z0UWcSzfDV9iopNbG2QXuD5RQKLyfp
QhZBEC/4uY4XeK9IEdVUjuHRf9bWHp/ONtAkCIeLaEVVMSlx9JkgtlSPOIWR04ua
JxqkeTJFa1q3Tps8v+8byEb58+OIekkbx6g5IcuNOJ/h4cF/e8y2WqfEmVFBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJUmqSlJfz31b7WlJqLvBs1DMUn4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA/gkRiMUDP4wKq+f0uBHwQ5BqP9rJ1XD4LvhHD
vZotc7ZE2AYEQ/7ZMrLr/HS9zeehIZcnf8mkFZqfZJuj0+dv8Dgpl5DaTPV9aXG2
8kTM28zAmnTU3b7JlBl2twGT8+iO38LZWhBMXCwE0Dw2kbjzyK4VNu51l+heDM++
AO7VA4oAT/a9pY41n7GuhhhFaPAlF6honOfPbvEQpTDk9WAWmwJWCxScqz5Dx+qp
oicj4zOUsKfsJu6yRsr0s67+MksJwQ/ZZbiJXQkKMjGdho3cwGkfQYI+qfjnUvib
7Ytt3Dn1+LF/z+Bl0oTtXXuNGfo7ulv7I4BRwDie/fNl6otd
-----END CERTIFICATE-----