This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/7E96DTfT004BumK2TWn6X-KStr0.roa
File:                     7E96DTfT004BumK2TWn6X-KStr0.roa (raw, json)
Hash identifier:          4dVQ5tEe28gAbBR2YECy/CnG4r5KNVR2jJdh36ss1Ro=
Subject key identifier:   EC:4F:7A:0D:37:D3:D3:4E:01:BA:62:B6:4D:69:FA:5F:E2:92:B6:BD
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019B79EC4867BD246D0F092E39118B5AF916
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/7E96DTfT004BumK2TWn6X-KStr0.roa
Signing time:             Thu 01 Jan 2026 14:18:06 +0000
ROA not before:           Thu 01 Jan 2026 14:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35608
IP address blocks:        45.136.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:48:67:bd:24:6d:0f:09:2e:39:11:8b:5a:f9:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Jan  1 14:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec4f7a0d37d3d34e01ba62b64d69fa5fe292b6bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:91:2f:38:cb:9e:5c:f0:56:27:50:bd:64:e8:
                    bd:34:5f:83:82:c0:b1:e7:6f:9e:47:20:c3:b3:0d:
                    60:d5:6a:bd:72:68:db:a7:2b:88:7f:01:b4:86:4b:
                    bc:b9:f5:0f:98:09:a5:3b:52:a3:3c:13:9a:40:81:
                    1f:e9:88:03:89:52:d6:00:96:fb:f0:43:fb:b9:ab:
                    50:16:86:e0:cd:69:6c:41:0c:e7:74:6a:f9:5e:a8:
                    a5:e3:5d:01:31:17:2d:86:0d:9d:a2:dc:82:e4:64:
                    ed:01:99:13:81:ad:72:e3:93:c8:c1:a7:c8:35:c2:
                    ca:c3:0c:6d:0b:94:a0:94:29:02:ba:be:7d:96:d1:
                    23:a6:55:41:43:2c:b4:27:34:3f:dd:3c:62:6e:75:
                    1c:93:21:68:54:74:23:5c:a1:64:b6:97:71:53:6b:
                    b9:e0:df:8b:de:1b:52:ec:b9:2f:49:a9:b1:dd:94:
                    d8:18:b5:90:a3:a3:ab:bd:52:64:48:af:ba:a4:cf:
                    72:0d:ba:13:82:48:8f:4b:a2:a2:ef:72:90:33:a3:
                    cd:bb:10:b3:dd:96:2a:d3:89:21:03:5f:3f:33:81:
                    79:d0:7c:24:51:61:20:a3:e2:05:bf:0b:71:c9:f6:
                    0d:7a:3d:23:48:55:1f:ca:99:59:dd:7e:96:1b:28:
                    21:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:4F:7A:0D:37:D3:D3:4E:01:BA:62:B6:4D:69:FA:5F:E2:92:B6:BD
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/7E96DTfT004BumK2TWn6X-KStr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:80:0f:04:0a:d3:aa:f3:20:66:0b:a1:09:48:45:81:25:d2:
         af:00:1a:f3:2e:5d:ff:95:4d:b0:8f:ff:5c:09:0e:90:20:1b:
         e5:2e:72:9a:4f:7b:3c:56:21:88:6a:6d:b4:a5:b7:24:9e:82:
         0e:9b:6e:d7:6d:b3:67:13:96:2c:73:c3:96:4f:04:30:6b:73:
         00:1c:90:aa:c3:3f:77:6c:a7:88:f9:df:4d:74:9d:77:62:85:
         8a:63:55:ab:b4:f8:fc:6c:f6:ee:8f:0b:5d:53:c1:0b:7e:97:
         2c:4b:fb:42:88:5f:30:3d:9a:e3:9c:13:e5:ec:f4:bd:69:2a:
         51:e4:ac:92:a0:73:7c:f0:bb:10:9f:58:6e:d0:1e:da:44:94:
         27:6e:de:0b:44:89:dd:de:19:37:4d:34:de:d7:18:52:ce:54:
         85:31:86:90:32:ad:f5:0c:a9:cd:63:4f:f9:d9:fa:f7:fa:1f:
         e7:71:b6:a6:26:c5:89:d3:85:69:cb:e4:84:f3:1e:bf:e5:bc:
         8c:b9:bf:b0:3c:8f:cd:ab:1d:e3:ab:bd:74:97:8a:41:b3:76:
         f8:20:81:55:59:85:42:25:21:08:14:b1:8a:49:80:cb:5b:6f:
         75:d8:92:b1:d8:83:97:1c:f3:fc:57:b5:1f:ac:d6:e4:39:56:
         22:f4:2e:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57EhnvSRtDwkuORGLWvkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjYwMTAxMTQxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzRmN2EwZDM3ZDNkMzRlMDFiYTYyYjY0ZDY5ZmE1ZmUyOTJiNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJEvOMueXPBWJ1C9ZOi9NF+DgsCx
52+eRyDDsw1g1Wq9cmjbpyuIfwG0hku8ufUPmAmlO1KjPBOaQIEf6YgDiVLWAJb7
8EP7uatQFobgzWlsQQzndGr5Xqil410BMRcthg2dotyC5GTtAZkTga1y45PIwafI
NcLKwwxtC5SglCkCur59ltEjplVBQyy0JzQ/3TxibnUckyFoVHQjXKFktpdxU2u5
4N+L3htS7LkvSamx3ZTYGLWQo6OrvVJkSK+6pM9yDboTgkiPS6Ki73KQM6PNuxCz
3ZYq04khA18/M4F50HwkUWEgo+IFvwtxyfYNej0jSFUfyplZ3X6WGyghYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxPeg0309NOAbpitk1p+l/ikra9MB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvN0U5NkRUZlQwMDRCdW1LMlRXbjZYLUtTdHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYiQMA0G
CSqGSIb3DQEBCwUAA4IBAQBmgA8ECtOq8yBmC6EJSEWBJdKvABrzLl3/lU2wj/9c
CQ6QIBvlLnKaT3s8ViGIam20pbcknoIOm27XbbNnE5Ysc8OWTwQwa3MAHJCqwz93
bKeI+d9NdJ13YoWKY1WrtPj8bPbujwtdU8ELfpcsS/tCiF8wPZrjnBPl7PS9aSpR
5KySoHN88LsQn1hu0B7aRJQnbt4LRInd3hk3TTTe1xhSzlSFMYaQMq31DKnNY0/5
2fr3+h/ncbamJsWJ04Vpy+SE8x6/5byMub+wPI/Nqx3jq710l4pBs3b4IIFVWYVC
JSEIFLGKSYDLW2912JKx2IOXHPP8V7UfrNbkOVYi9C7/
-----END CERTIFICATE-----