This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/1uEYEr4aUEIS5erchF-G3_love8.roa
File:                     1uEYEr4aUEIS5erchF-G3_love8.roa (raw, json)
Hash identifier:          zNpv/vmV75AmB5KpVV8l8ngcfpgQVlAN2sGn4iX8/ng=
Subject key identifier:   D6:E1:18:12:BE:1A:50:42:12:E5:EA:DC:84:5F:86:DF:F9:68:BD:EF
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       019B7C7EFBDE969E19B9C742D12FBD66717B
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/1uEYEr4aUEIS5erchF-G3_love8.roa
Signing time:             Fri 02 Jan 2026 02:17:35 +0000
ROA not before:           Fri 02 Jan 2026 02:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136988
IP address blocks:        45.146.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7e:fb:de:96:9e:19:b9:c7:42:d1:2f:bd:66:71:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Jan  2 02:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6e11812be1a504212e5eadc845f86dff968bdef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:29:76:22:cb:69:a7:65:19:f8:ed:72:ae:70:
                    ff:ce:99:ef:37:3c:57:0c:35:a9:16:1a:03:59:91:
                    8c:0e:4e:c6:2b:7a:f9:08:1f:6d:33:70:8b:c0:42:
                    8e:63:65:e8:d2:3a:fd:52:37:aa:25:db:67:cf:23:
                    16:46:e7:fa:37:6d:00:9f:40:ff:32:a1:f1:00:5a:
                    32:4a:1e:33:4f:82:43:e7:ea:5b:d6:d2:19:29:b7:
                    48:d5:30:e6:f7:66:14:8a:9b:dc:9d:57:4d:55:3a:
                    66:ae:a0:45:25:fa:88:ec:d9:49:49:94:f8:0a:c7:
                    d9:32:22:d3:e4:1b:e2:f4:ce:c9:5c:ad:f1:9e:c9:
                    49:0e:49:e2:63:73:df:b9:9c:f7:c7:71:6d:97:33:
                    cc:a8:78:55:bd:6f:15:c2:0d:46:15:bb:01:ad:6d:
                    be:02:d9:42:35:5d:d9:9c:0a:11:05:c1:06:06:30:
                    cf:98:7e:da:c3:ad:49:2a:bc:83:c8:99:92:33:6c:
                    6d:70:27:45:0d:f8:f5:cb:67:0d:19:c3:b5:44:81:
                    06:1a:74:47:10:39:e7:77:93:0d:57:27:2b:7b:7d:
                    b1:be:8a:32:23:15:a2:f7:30:12:5a:13:09:0e:0a:
                    c7:9f:9b:1d:ba:c3:76:9d:83:63:f5:5e:57:f0:8c:
                    c5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E1:18:12:BE:1A:50:42:12:E5:EA:DC:84:5F:86:DF:F9:68:BD:EF
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/1uEYEr4aUEIS5erchF-G3_love8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:16:ac:a2:5e:0d:5a:c0:89:0f:3e:4e:fa:0b:67:d2:7e:40:
         19:51:c7:86:30:45:83:78:88:93:9e:e6:85:ef:72:91:43:9d:
         39:16:eb:fe:4b:69:ee:b9:b5:30:25:f9:8f:77:07:be:49:5b:
         c6:8f:90:42:2b:0f:8d:ba:fc:14:05:6e:e0:26:db:53:ca:cf:
         98:4b:52:22:5e:72:29:7e:95:56:fc:e9:d3:88:83:68:db:8a:
         64:d5:a6:5f:e7:f1:58:c3:9b:a0:8c:8e:16:a4:ff:48:27:38:
         b0:8f:d2:b4:f0:41:a4:89:2b:f4:d8:3b:20:1f:1f:fc:d9:01:
         68:5c:8f:50:f3:09:0b:e7:b3:ba:17:3e:0b:26:39:32:9e:80:
         25:81:0e:71:a7:b4:cd:65:31:0c:db:39:eb:05:4d:b2:89:59:
         e7:ab:15:ba:03:1d:0a:e7:d6:0b:d2:50:86:17:f9:7f:43:40:
         c3:d3:3d:e6:e9:cb:5f:43:df:dd:ea:8f:9a:58:82:dd:2d:6c:
         4f:54:90:a4:96:c5:94:fc:1a:55:8f:af:bd:e6:5a:1c:0f:f7:
         16:01:db:47:c8:37:fb:5a:fd:8c:45:f8:82:3c:f7:a4:b5:40:
         b0:eb:5b:df:e6:ff:fd:10:a0:17:52:51:b9:3a:7e:44:d7:7c:
         ce:a7:41:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fvvelp4ZucdC0S+9ZnF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjYwMTAyMDIxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmUxMTgxMmJlMWE1MDQyMTJlNWVhZGM4NDVmODZkZmY5NjhiZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSl2Istpp2UZ+O1yrnD/zpnvNzxX
DDWpFhoDWZGMDk7GK3r5CB9tM3CLwEKOY2Xo0jr9UjeqJdtnzyMWRuf6N20An0D/
MqHxAFoySh4zT4JD5+pb1tIZKbdI1TDm92YUipvcnVdNVTpmrqBFJfqI7NlJSZT4
CsfZMiLT5Bvi9M7JXK3xnslJDkniY3PfuZz3x3FtlzPMqHhVvW8Vwg1GFbsBrW2+
AtlCNV3ZnAoRBcEGBjDPmH7aw61JKryDyJmSM2xtcCdFDfj1y2cNGcO1RIEGGnRH
EDnnd5MNVycre32xvooyIxWi9zASWhMJDgrHn5sdusN2nYNj9V5X8IzF0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbhGBK+GlBCEuXq3IRfht/5aL3vMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvMXVFWUVyNGFVRUlTNWVyY2hGLUczX2xvdmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLcMA0G
CSqGSIb3DQEBCwUAA4IBAQCuFqyiXg1awIkPPk76C2fSfkAZUceGMEWDeIiTnuaF
73KRQ505Fuv+S2nuubUwJfmPdwe+SVvGj5BCKw+NuvwUBW7gJttTys+YS1IiXnIp
fpVW/OnTiINo24pk1aZf5/FYw5ugjI4WpP9IJziwj9K08EGkiSv02DsgHx/82QFo
XI9Q8wkL57O6Fz4LJjkynoAlgQ5xp7TNZTEM2znrBU2yiVnnqxW6Ax0K59YL0lCG
F/l/Q0DD0z3m6ctfQ9/d6o+aWILdLWxPVJCklsWU/BpVj6+95locD/cWAdtHyDf7
Wv2MRfiCPPektUCw61vf5v/9EKAXUlG5On5E13zOp0Gq
-----END CERTIFICATE-----