This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/RoJCbChu4UCP6HbU25IvOtcjfaQ.roa
File:                     RoJCbChu4UCP6HbU25IvOtcjfaQ.roa (raw, json)
Hash identifier:          ZExXuwYNhboyV3wplBFPIwIw4SZUYPtrZTHjOMct0iE=
Subject key identifier:   46:82:42:6C:28:6E:E1:40:8F:E8:76:D4:DB:92:2F:3A:D7:23:7D:A4
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       019B79103DD882F301175C9853EE5CE7BC99
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/RoJCbChu4UCP6HbU25IvOtcjfaQ.roa
Signing time:             Thu 01 Jan 2026 10:17:46 +0000
ROA not before:           Thu 01 Jan 2026 10:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.95.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:3d:d8:82:f3:01:17:5c:98:53:ee:5c:e7:bc:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Jan  1 10:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4682426c286ee1408fe876d4db922f3ad7237da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:56:5c:49:10:49:ac:d8:a6:14:05:3b:75:
                    26:c4:be:14:05:20:65:1f:bc:44:5e:c8:ab:fa:53:
                    e4:dc:2e:d7:e5:de:78:77:fe:23:4e:60:60:26:12:
                    d7:b9:57:5b:74:2a:14:ee:73:0a:90:a9:7c:6b:6c:
                    f5:28:0e:e1:57:34:d9:dc:7e:e2:3d:47:58:c0:ec:
                    24:6a:f0:7a:8b:b8:61:a0:5b:42:d6:26:a2:33:79:
                    fc:45:54:b0:44:d7:39:34:b6:e4:03:11:5d:81:c1:
                    1a:1c:6e:b8:75:88:80:ae:e1:b2:fc:89:35:cc:67:
                    ae:63:23:b6:8f:fe:c2:3c:c1:a4:61:e1:cb:94:15:
                    0a:d1:b0:1d:f6:80:73:0c:1c:ca:db:4d:34:b3:1d:
                    95:c3:01:b5:86:a5:8f:3b:74:68:ac:e6:96:9a:d5:
                    c3:25:a0:ed:e7:2c:b7:39:9e:b1:de:a2:8e:93:7e:
                    c8:ae:9e:ed:c0:99:c0:c1:df:ad:a2:8c:b5:87:1a:
                    92:c0:37:b2:a4:c1:15:28:b4:fd:65:ca:9e:7b:39:
                    ec:f4:9d:5f:94:67:6c:0e:c1:31:b9:a3:24:a9:2d:
                    14:bb:18:56:52:6b:52:18:56:e9:14:82:eb:68:af:
                    0d:fb:50:8a:38:7f:5c:b0:66:7a:1a:69:75:bc:f8:
                    a6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:82:42:6C:28:6E:E1:40:8F:E8:76:D4:DB:92:2F:3A:D7:23:7D:A4
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/RoJCbChu4UCP6HbU25IvOtcjfaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ba:09:dc:c4:23:10:ba:23:5b:76:bb:76:58:1c:6f:fa:3f:
         1c:4c:aa:e3:07:8e:1a:ad:37:6c:12:fd:8c:b9:ab:81:2f:dc:
         09:13:f5:89:07:42:8a:7e:6f:57:28:d0:eb:e5:e8:28:45:be:
         b6:7e:7e:f5:fd:6b:f3:56:85:4d:d9:df:68:27:19:b6:b7:64:
         ef:88:c4:bf:ac:81:a3:73:aa:56:5f:d6:0c:14:c3:60:2a:6d:
         b8:a1:9a:ed:cc:52:c2:41:dd:f1:ca:15:3a:04:dd:d3:8d:d9:
         27:49:5a:d2:6e:04:2c:d8:31:1e:45:99:96:e5:b0:dc:24:23:
         2f:1e:d2:ca:7d:54:60:67:aa:84:28:1c:d3:f9:84:00:06:d9:
         77:21:a7:79:b0:ff:9f:09:b8:fd:47:99:93:06:29:ff:7f:c1:
         21:2e:24:6d:c2:f0:8e:14:e5:12:22:9b:c4:c4:dd:24:d6:65:
         02:eb:e2:7c:6a:e1:c2:fc:87:b1:99:eb:4e:33:86:f8:38:64:
         ec:67:fe:ce:d3:a1:5e:67:0f:7a:07:7a:4d:46:c3:ff:97:65:
         59:51:4e:f8:3a:ed:57:d3:da:7c:eb:21:b2:04:d5:2e:21:01:
         e8:29:2a:6c:62:e8:ad:08:97:fe:bf:c1:a7:99:0d:e7:7a:e6:
         8a:3b:8d:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ED3YgvMBF1yYU+5c57yZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjYwMTAxMTAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjgyNDI2YzI4NmVlMTQwOGZlODc2ZDRkYjkyMmYzYWQ3MjM3ZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrtWXEkQSazYphQFO3UmxL4UBSBl
H7xEXsir+lPk3C7X5d54d/4jTmBgJhLXuVdbdCoU7nMKkKl8a2z1KA7hVzTZ3H7i
PUdYwOwkavB6i7hhoFtC1iaiM3n8RVSwRNc5NLbkAxFdgcEaHG64dYiAruGy/Ik1
zGeuYyO2j/7CPMGkYeHLlBUK0bAd9oBzDBzK2000sx2VwwG1hqWPO3RorOaWmtXD
JaDt5yy3OZ6x3qKOk37Irp7twJnAwd+tooy1hxqSwDeypMEVKLT9Zcqeezns9J1f
lGdsDsExuaMkqS0UuxhWUmtSGFbpFILraK8N+1CKOH9csGZ6Gml1vPimMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaCQmwobuFAj+h21NuSLzrXI32kMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvUm9KQ2JDaHU0VUNQNkhiVTI1SXZPdGNqZmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/PMA0G
CSqGSIb3DQEBCwUAA4IBAQBqugncxCMQuiNbdrt2WBxv+j8cTKrjB44arTdsEv2M
uauBL9wJE/WJB0KKfm9XKNDr5egoRb62fn71/WvzVoVN2d9oJxm2t2TviMS/rIGj
c6pWX9YMFMNgKm24oZrtzFLCQd3xyhU6BN3TjdknSVrSbgQs2DEeRZmW5bDcJCMv
HtLKfVRgZ6qEKBzT+YQABtl3Iad5sP+fCbj9R5mTBin/f8EhLiRtwvCOFOUSIpvE
xN0k1mUC6+J8auHC/IexmetOM4b4OGTsZ/7O06FeZw96B3pNRsP/l2VZUU74Ou1X
09p86yGyBNUuIQHoKSpsYuitCJf+v8GnmQ3neuaKO41z
-----END CERTIFICATE-----