This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
File:                     AS141968.roa (raw, json)
Hash identifier:          MRSv3+JJX5Z2vQfLO08dbpimwpHdtySTGVQ7vtjdCsc=
Subject key identifier:   36:E4:7A:F0:FA:A3:55:30:B1:D5:6F:AC:70:FA:8B:56:73:31:9A:64
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3927B1C1E903D004CB0101241E4FF5872A478D7E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa
Signing time:             Sun 21 Dec 2025 13:55:32 +0000
ROA not before:           Sun 21 Dec 2025 13:50:32 +0000
ROA not after:            Sun 20 Dec 2026 13:55:32 +0000
asID:                     141968
IP address blocks:        45.149.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:27:b1:c1:e9:03:d0:04:cb:01:01:24:1e:4f:f5:87:2a:47:8d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 21 13:50:32 2025 GMT
            Not After : Dec 20 13:55:32 2026 GMT
        Subject: CN=36E47AF0FAA35530B1D56FAC70FA8B5673319A64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c7:71:db:46:e9:01:71:d1:67:56:6f:ec:d2:
                    b1:dc:a6:1d:85:e5:00:12:6d:49:d6:a8:28:2d:75:
                    97:fd:8f:90:52:58:f5:89:da:32:d7:ff:fc:5e:40:
                    e5:f9:c5:a5:df:60:ca:3c:51:ea:09:ec:d2:9a:83:
                    05:11:4b:d0:2a:c7:53:5a:15:06:8e:44:c3:6d:4d:
                    85:d2:fe:12:39:eb:8a:1f:18:c1:e2:e8:fd:da:fe:
                    ff:69:28:7f:33:24:fe:eb:3b:2f:ba:85:ca:ea:43:
                    e8:f8:86:eb:0b:2d:35:e3:6a:0a:43:50:69:4e:ca:
                    37:f2:19:82:d6:2e:93:7b:85:37:35:c7:d5:b0:e0:
                    f7:8c:c2:92:dc:96:73:f8:a0:bc:b6:4f:eb:cd:8b:
                    82:a9:b4:95:83:c2:1d:27:c3:2e:57:77:30:d5:7f:
                    3a:5b:38:8b:82:4d:74:26:2d:06:57:a0:09:b5:09:
                    ae:c0:d5:80:91:64:61:9b:1a:2c:58:b9:2d:c8:a4:
                    bd:c8:9d:9b:c2:f5:45:d2:c7:ba:12:b7:b0:19:92:
                    45:ab:13:dc:ed:0a:df:d4:db:8b:1f:db:27:f7:f0:
                    bd:6b:73:c4:44:60:b9:f8:81:4c:37:ad:1f:fe:da:
                    2b:a0:04:64:98:26:2a:e7:ad:69:1e:f5:8f:15:eb:
                    e2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E4:7A:F0:FA:A3:55:30:B1:D5:6F:AC:70:FA:8B:56:73:31:9A:64
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS141968.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:7d:9c:55:79:b3:16:5d:5b:7e:f9:1b:7c:e6:5c:6b:5a:bb:
         f1:cb:79:16:d7:e5:1d:cb:c6:c5:5d:3c:9f:52:8b:b3:4a:dd:
         6d:3a:72:f7:e4:a4:9f:66:e3:c8:b1:6a:50:aa:e1:0e:9d:8a:
         85:77:d7:e3:a8:1e:c0:35:6e:0a:53:2e:cc:01:86:83:97:8d:
         23:47:4b:97:44:f6:a3:60:c9:4a:59:17:6b:18:8e:2b:c4:23:
         39:60:25:99:6b:ae:fc:b9:95:16:f2:8c:aa:5d:4f:d4:7a:11:
         25:f7:6c:14:ac:d7:4d:56:1f:93:30:a0:20:2f:ef:db:62:90:
         59:d2:ed:c2:45:da:aa:6b:64:86:98:b1:cc:a9:73:e1:75:5d:
         e3:f1:e1:eb:fd:16:0d:0b:a2:48:15:3d:b4:6e:98:d8:b4:1e:
         59:3c:e2:87:1b:35:8e:77:55:24:d6:87:55:da:d0:65:12:6a:
         ff:73:8d:6e:80:fe:58:20:ae:9d:f3:e8:63:f1:f0:13:5f:dc:
         b3:c9:14:83:12:dd:1f:b7:a2:d6:a5:68:43:b6:63:3e:44:eb:
         4f:1f:9c:fb:c2:b9:07:04:ed:5b:4c:a7:c0:8c:7c:54:d7:f7:
         c8:f1:d6:ea:c3:08:1b:57:02:eb:34:13:d7:af:14:02:a7:ae:
         6a:6b:a3:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOSexwekD0ATLAQEkHk/1hypHjX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEyMjExMzUwMzJaFw0yNjEyMjAxMzU1MzJaMDMxMTAvBgNV
BAMTKDM2RTQ3QUYwRkFBMzU1MzBCMUQ1NkZBQzcwRkE4QjU2NzMzMTlBNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2x3HbRukBcdFnVm/s0rHcph2F
5QASbUnWqCgtdZf9j5BSWPWJ2jLX//xeQOX5xaXfYMo8UeoJ7NKagwURS9Aqx1Na
FQaORMNtTYXS/hI564ofGMHi6P3a/v9pKH8zJP7rOy+6hcrqQ+j4husLLTXjagpD
UGlOyjfyGYLWLpN7hTc1x9Ww4PeMwpLclnP4oLy2T+vNi4KptJWDwh0nwy5XdzDV
fzpbOIuCTXQmLQZXoAm1Ca7A1YCRZGGbGixYuS3IpL3InZvC9UXSx7oSt7AZkkWr
E9ztCt/U24sf2yf38L1rc8REYLn4gUw3rR/+2iugBGSYJirnrWke9Y8V6+IJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNuR68PqjVTCx1W+scPqLVnMxmmQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTQxOTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZW7
MA0GCSqGSIb3DQEBCwUAA4IBAQBPfZxVebMWXVt++Rt85lxrWrvxy3kW1+Udy8bF
XTyfUouzSt1tOnL35KSfZuPIsWpQquEOnYqFd9fjqB7ANW4KUy7MAYaDl40jR0uX
RPajYMlKWRdrGI4rxCM5YCWZa678uZUW8oyqXU/UehEl92wUrNdNVh+TMKAgL+/b
YpBZ0u3CRdqqa2SGmLHMqXPhdV3j8eHr/RYNC6JIFT20bpjYtB5ZPOKHGzWOd1Uk
1odV2tBlEmr/c41ugP5YIK6d8+hj8fATX9yzyRSDEt0ft6LWpWhDtmM+ROtPH5z7
wrkHBO1bTKfAjHxU1/fI8dbqwwgbVwLrNBPXrxQCp65qa6Nj
-----END CERTIFICATE-----