This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa
File:                     AS136557.roa (raw, json)
Hash identifier:          uOofXPpfgxPAW2zsYPUdKysXaB6WNyKnkW0GZWFmWDs=
Subject key identifier:   C4:6C:C6:93:CF:5C:44:0D:1A:0F:C1:B7:B2:E2:79:77:02:9A:44:0B
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       766158E1F8F449F88412A3C7F7109A9F3E479B52
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa
Signing time:             Thu 15 Jan 2026 09:55:33 +0000
ROA not before:           Thu 15 Jan 2026 09:50:33 +0000
ROA not after:            Thu 14 Jan 2027 09:55:33 +0000
asID:                     136557
IP address blocks:        91.124.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:61:58:e1:f8:f4:49:f8:84:12:a3:c7:f7:10:9a:9f:3e:47:9b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jan 15 09:50:33 2026 GMT
            Not After : Jan 14 09:55:33 2027 GMT
        Subject: CN=C46CC693CF5C440D1A0FC1B7B2E27977029A440B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:db:4f:09:45:e3:b3:1e:9d:e8:8e:30:04:7c:
                    0b:3b:81:c3:6f:03:4a:a9:55:1e:f3:95:b0:59:ee:
                    2e:f0:97:c0:ed:e2:ba:8a:79:e4:5b:f0:21:fa:1f:
                    92:63:42:9a:2e:a6:ca:ab:67:9a:f5:e4:13:22:5e:
                    b6:ff:8c:4e:14:aa:15:1f:82:bb:bd:38:f6:3e:cb:
                    08:0f:c9:74:a9:5c:34:9a:d1:2e:1b:a3:d8:1b:eb:
                    49:45:3c:4b:09:ff:ff:f7:f4:0e:e1:cf:f0:76:67:
                    45:72:e0:86:1e:ba:4a:b4:60:0e:d3:e6:60:51:1b:
                    93:2b:d2:9f:29:5e:69:f6:6b:58:9c:20:13:5a:ca:
                    9c:d9:a6:a6:4f:ff:ba:58:0f:40:03:3b:69:25:8a:
                    56:20:7d:86:d3:23:dc:1d:4f:63:f1:a9:1f:0c:e2:
                    4d:d3:a1:3f:bf:e3:49:16:5d:19:87:0b:ec:91:d5:
                    78:41:58:38:5a:f0:0c:a9:34:24:cc:1b:e7:62:d6:
                    f4:09:28:dc:ce:18:a6:49:26:f3:0b:90:59:98:4e:
                    97:1c:fb:d1:08:82:51:99:ed:bd:e9:22:85:30:00:
                    21:a6:63:3e:db:e9:6f:27:fe:4f:21:1a:75:d6:b6:
                    b5:eb:98:e7:49:ae:2b:9c:b0:ed:03:5b:69:31:64:
                    14:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:6C:C6:93:CF:5C:44:0D:1A:0F:C1:B7:B2:E2:79:77:02:9A:44:0B
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS136557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:50:a8:58:63:22:3a:58:3b:25:6f:b7:34:30:24:4d:08:a3:
         fd:fb:64:fc:ca:ae:ab:38:28:dd:96:cd:d0:b0:e4:4a:1c:40:
         61:e8:3c:1d:79:2f:55:8b:73:2e:dc:ec:49:29:0e:5c:d3:7a:
         e0:70:ad:da:87:2d:21:43:f1:89:f9:76:0b:eb:c3:70:cd:69:
         ce:24:50:03:bd:3e:29:51:3f:5b:bf:49:52:87:3e:48:4c:cd:
         b8:5e:91:14:4c:ee:3c:ea:e4:d5:be:6a:05:64:58:32:53:b6:
         bc:fe:fd:22:13:c4:3a:cd:ab:82:3f:83:d3:5e:8d:16:ce:ca:
         b5:20:9c:dc:6d:5a:f0:04:9b:74:00:d1:a3:88:84:aa:0e:39:
         14:ca:24:81:d7:9d:72:3e:23:f4:b9:7d:df:82:ae:d3:96:f0:
         fc:95:82:28:19:21:3f:e1:cc:f2:6c:52:8b:c5:7f:a8:f0:7c:
         65:1d:0b:04:a7:ee:af:04:b1:3e:b1:65:c7:a5:8c:a5:d8:05:
         91:c2:c8:59:86:70:99:df:dc:76:bb:ab:51:c5:d3:19:cb:1f:
         24:bc:39:5d:1d:ef:d4:b0:22:0d:05:59:86:ca:0d:ba:86:fb:
         cf:9a:44:d1:34:8a:e8:e2:3f:58:b8:73:b2:8b:36:4a:1d:64:
         2d:ac:4c:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdmFY4fj0SfiEEqPH9xCanz5Hm1IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAxMTUwOTUwMzNaFw0yNzAxMTQwOTU1MzNaMDMxMTAvBgNV
BAMTKEM0NkNDNjkzQ0Y1QzQ0MEQxQTBGQzFCN0IyRTI3OTc3MDI5QTQ0MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL208JReOzHp3ojjAEfAs7gcNv
A0qpVR7zlbBZ7i7wl8Dt4rqKeeRb8CH6H5JjQpoupsqrZ5r15BMiXrb/jE4UqhUf
gru9OPY+ywgPyXSpXDSa0S4bo9gb60lFPEsJ///39A7hz/B2Z0Vy4IYeukq0YA7T
5mBRG5Mr0p8pXmn2a1icIBNaypzZpqZP/7pYD0ADO2klilYgfYbTI9wdT2PxqR8M
4k3ToT+/40kWXRmHC+yR1XhBWDha8AypNCTMG+di1vQJKNzOGKZJJvMLkFmYTpcc
+9EIglGZ7b3pIoUwACGmYz7b6W8n/k8hGnXWtrXrmOdJriucsO0DW2kxZBRzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxGzGk89cRA0aD8G3suJ5dwKaRAswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTM2NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3wM
MA0GCSqGSIb3DQEBCwUAA4IBAQAuUKhYYyI6WDslb7c0MCRNCKP9+2T8yq6rOCjd
ls3QsORKHEBh6DwdeS9Vi3Mu3OxJKQ5c03rgcK3ahy0hQ/GJ+XYL68NwzWnOJFAD
vT4pUT9bv0lShz5ITM24XpEUTO486uTVvmoFZFgyU7a8/v0iE8Q6zauCP4PTXo0W
zsq1IJzcbVrwBJt0ANGjiISqDjkUyiSB151yPiP0uX3fgq7TlvD8lYIoGSE/4czy
bFKLxX+o8HxlHQsEp+6vBLE+sWXHpYyl2AWRwshZhnCZ39x2u6tRxdMZyx8kvDld
He/UsCINBVmGyg26hvvPmkTRNIro4j9YuHOyizZKHWQtrEzp
-----END CERTIFICATE-----