This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa
File:                     AS24940.roa (raw, json)
Hash identifier:          WLIdDBW4W3va+z3AOnekX9x+gv45/suXUnR1EGnIWvg=
Subject key identifier:   99:E7:D9:F3:C3:64:EF:FA:D7:55:6D:1D:6A:0F:FD:2C:C7:AF:FC:EB
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       78608E47ED1871E0FD6AB2F88B2CE2A13B2FCED4
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa
Signing time:             Thu 01 Jan 2026 12:55:33 +0000
ROA not before:           Thu 01 Jan 2026 12:50:33 +0000
ROA not after:            Thu 31 Dec 2026 12:55:33 +0000
asID:                     24940
IP address blocks:        139.28.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:21:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:60:8e:47:ed:18:71:e0:fd:6a:b2:f8:8b:2c:e2:a1:3b:2f:ce:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan  1 12:50:33 2026 GMT
            Not After : Dec 31 12:55:33 2026 GMT
        Subject: CN=99E7D9F3C364EFFAD7556D1D6A0FFD2CC7AFFCEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6d:b0:a3:e7:46:58:f4:8f:8a:df:10:26:d9:
                    80:9c:b2:1b:ce:21:4d:6c:c4:89:78:dd:fd:86:d7:
                    79:ce:86:c2:45:9c:41:85:c9:9c:48:fa:e9:a9:e4:
                    7f:4f:7e:e7:1e:41:fd:ab:01:f4:11:ee:9b:6b:d9:
                    c8:48:3e:cb:23:a2:c7:46:14:e9:99:34:6a:32:db:
                    3c:2a:bc:5e:30:4c:93:9e:a7:06:e1:79:e0:1b:43:
                    86:d6:60:be:0a:8d:4f:15:ba:91:c8:28:37:93:77:
                    3d:77:7f:ed:24:08:e6:3b:93:91:ff:02:6c:c6:44:
                    d2:c5:c2:45:6a:5b:83:ea:3a:71:5b:48:aa:f9:b8:
                    a2:bf:41:d4:da:6a:f1:c1:22:e4:4d:3d:54:89:2d:
                    98:9b:31:e7:98:af:3c:ca:5e:bd:13:9b:9b:70:12:
                    4e:5b:c7:ec:67:f3:a3:00:56:e7:b8:ea:db:cb:28:
                    6b:ef:41:2e:dd:4b:d8:71:4d:f3:25:7b:92:0b:d3:
                    48:73:70:87:54:19:5c:cd:72:eb:35:62:e4:5e:2d:
                    52:85:81:38:4e:4c:ee:ce:e2:74:42:8b:e5:a6:47:
                    d4:d4:25:b3:11:b7:5d:10:7e:a0:19:46:1d:f1:3e:
                    28:a7:d6:90:79:e2:09:d2:16:5a:d4:a4:89:dc:c8:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E7:D9:F3:C3:64:EF:FA:D7:55:6D:1D:6A:0F:FD:2C:C7:AF:FC:EB
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS24940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:09:3c:49:21:a1:d4:7e:b3:cf:ca:9c:8b:2a:1a:92:d2:2c:
         5f:01:c6:59:92:dc:34:1b:49:25:23:df:29:11:8f:d3:96:26:
         db:88:32:9e:73:a8:3c:fb:1b:ba:3e:1d:03:c9:3f:4c:39:6f:
         4d:3a:04:14:42:b7:4c:29:10:df:7c:31:bc:97:43:31:79:a4:
         31:76:7a:3e:60:b3:84:aa:5f:21:e6:ad:22:43:61:51:1b:b3:
         21:12:09:5e:56:1e:d2:1b:e0:2c:74:77:9c:7a:ed:37:f3:e1:
         a5:c4:e4:4b:ae:b1:b1:f6:86:c6:2e:33:79:eb:cc:ea:6b:5f:
         5d:4e:35:90:40:62:75:bb:46:d9:d6:b9:40:61:d8:23:23:ef:
         b8:47:ea:e6:72:c9:61:03:4c:a7:83:d1:f2:9b:e9:ff:6d:cb:
         64:39:0d:56:24:ca:74:8d:90:a1:ee:c9:65:16:00:c4:c2:71:
         51:54:91:c9:16:da:bf:94:71:d2:5b:c4:68:c7:03:db:43:f3:
         75:53:a0:98:b2:ad:f3:ed:c7:3e:3e:e5:a9:86:f6:73:53:36:
         e9:f7:82:b8:e1:26:97:8f:7d:d4:43:15:9e:27:12:bf:c6:29:
         e2:8e:5d:83:ba:ea:54:40:36:33:1d:81:b8:c6:de:64:7d:18:
         dd:4e:bd:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeGCOR+0YceD9arL4iyzioTsvztQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNjAxMDExMjUwMzNaFw0yNjEyMzExMjU1MzNaMDMxMTAvBgNV
BAMTKDk5RTdEOUYzQzM2NEVGRkFENzU1NkQxRDZBMEZGRDJDQzdBRkZDRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChbbCj50ZY9I+K3xAm2YCcshvO
IU1sxIl43f2G13nOhsJFnEGFyZxI+ump5H9PfuceQf2rAfQR7ptr2chIPssjosdG
FOmZNGoy2zwqvF4wTJOepwbheeAbQ4bWYL4KjU8VupHIKDeTdz13f+0kCOY7k5H/
AmzGRNLFwkVqW4PqOnFbSKr5uKK/QdTaavHBIuRNPVSJLZibMeeYrzzKXr0Tm5tw
Ek5bx+xn86MAVue46tvLKGvvQS7dS9hxTfMle5IL00hzcIdUGVzNcus1YuReLVKF
gThOTO7O4nRCi+WmR9TUJbMRt10QfqAZRh3xPiin1pB54gnSFlrUpIncyJvFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUmefZ88Nk7/rXVW0dag/9LMev/OswHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjQ5NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGLHPIw
DQYJKoZIhvcNAQELBQADggEBAAoJPEkhodR+s8/KnIsqGpLSLF8BxlmS3DQbSSUj
3ykRj9OWJtuIMp5zqDz7G7o+HQPJP0w5b006BBRCt0wpEN98MbyXQzF5pDF2ej5g
s4SqXyHmrSJDYVEbsyESCV5WHtIb4Cx0d5x67Tfz4aXE5EuusbH2hsYuM3nrzOpr
X11ONZBAYnW7RtnWuUBh2CMj77hH6uZyyWEDTKeD0fKb6f9ty2Q5DVYkynSNkKHu
yWUWAMTCcVFUkckW2r+UcdJbxGjHA9tD83VToJiyrfPtxz4+5amG9nNTNun3grjh
JpePfdRDFZ4nEr/GKeKOXYO66lRANjMdgbjG3mR9GN1OvYg=
-----END CERTIFICATE-----