This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/S1xGdMwCL7zcvvXwmIxBk0TUOII.roa
File:                     S1xGdMwCL7zcvvXwmIxBk0TUOII.roa (raw, json)
Hash identifier:          Dt+ahUx8ad2ugzMhIwhEEjwNwt3G09wi3vOVTLugUWQ=
Subject key identifier:   4B:5C:46:74:CC:02:2F:BC:DC:BE:F5:F0:98:8C:41:93:44:D4:38:82
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       019B77C664DA78FBE755660A81A8F237CBBD
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/S1xGdMwCL7zcvvXwmIxBk0TUOII.roa
Signing time:             Thu 01 Jan 2026 04:17:29 +0000
ROA not before:           Thu 01 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211615
IP address blocks:        45.152.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:64:da:78:fb:e7:55:66:0a:81:a8:f2:37:cb:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  1 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b5c4674cc022fbcdcbef5f0988c419344d43882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:49:27:9b:65:c0:59:60:12:b3:c5:5b:c6:86:
                    f6:8a:b3:17:cc:bb:26:07:95:ea:2e:63:ba:96:eb:
                    26:5a:d8:e1:63:6a:cb:9e:c1:56:2c:9d:64:c1:a2:
                    e6:50:93:f0:11:70:40:d0:cd:36:ef:7a:5c:25:d5:
                    74:ad:23:a7:cd:6f:33:88:4e:10:06:2d:67:b3:64:
                    4e:5c:68:fe:51:af:44:a3:0e:93:53:56:e5:d9:e3:
                    3e:38:de:f2:61:aa:a4:bc:08:21:88:09:4d:de:b4:
                    26:a8:80:69:b1:1f:59:c8:85:52:43:08:42:dc:43:
                    71:60:33:75:9e:83:bf:85:51:42:50:2c:bf:e0:6a:
                    6d:de:fe:dc:08:23:e2:a4:a3:c7:db:96:f6:98:7e:
                    6a:bd:36:3d:de:65:34:c4:39:cf:4a:ce:5e:7e:47:
                    33:58:a3:9c:54:fa:32:ba:7d:3e:16:7b:a2:bf:02:
                    03:5b:56:09:2c:a3:99:6b:36:fa:cf:fc:4c:37:b4:
                    5e:56:ed:1c:95:b3:7f:7f:9d:50:9e:12:bb:cb:fe:
                    44:17:8b:fa:cf:26:5a:3d:2f:f9:43:b5:29:b2:89:
                    b4:a1:e5:b1:95:ab:26:a9:7f:ff:9e:84:0f:af:2f:
                    c5:dc:9a:10:2f:7b:3f:d8:48:64:d0:db:3d:07:a2:
                    fe:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5C:46:74:CC:02:2F:BC:DC:BE:F5:F0:98:8C:41:93:44:D4:38:82
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/S1xGdMwCL7zcvvXwmIxBk0TUOII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d4:32:38:2a:64:7b:e5:39:4e:26:96:aa:51:1f:72:ad:32:
         7e:a2:60:c4:2d:df:8f:b2:87:37:22:19:e0:e3:10:0b:58:6b:
         70:76:a6:68:cc:ca:bf:89:38:13:c3:a8:e3:0f:49:2d:64:a6:
         e6:bc:18:bd:65:76:0a:60:4e:c7:24:dc:ec:1a:cf:b5:c5:b5:
         89:b9:1f:b8:07:a4:a9:62:4d:fd:f4:8c:90:2f:4c:5f:d1:b4:
         2c:44:e1:4e:5d:bf:48:9d:22:e9:a2:ba:32:0c:62:4c:6f:57:
         ff:3d:b7:c9:55:c3:7c:b5:03:18:85:aa:17:2a:f2:9d:32:43:
         d9:3a:32:ba:30:fe:37:76:65:cb:27:dc:a7:20:2a:90:f0:d8:
         f3:1e:4e:8d:d0:85:d3:b9:36:b1:78:40:9e:5f:88:44:a2:99:
         1a:ed:34:f0:56:36:19:22:5d:5a:84:24:8a:35:13:2f:3b:2b:
         68:6a:6b:89:c5:fa:ae:6e:a3:da:10:1d:10:38:1d:b1:c1:32:
         9f:99:0b:0d:36:be:50:9d:e3:23:84:b1:5d:96:1f:99:80:24:
         40:47:65:c0:da:8a:9e:4e:24:77:05:4d:0e:d6:84:33:76:6b:
         87:c4:56:78:50:79:6b:9c:79:42:0b:3b:0a:d7:88:3e:db:7f:
         7e:69:21:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmTaePvnVWYKgajyN8u9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjYwMTAxMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjVjNDY3NGNjMDIyZmJjZGNiZWY1ZjA5ODhjNDE5MzQ0ZDQzODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEknm2XAWWASs8Vbxob2irMXzLsm
B5XqLmO6lusmWtjhY2rLnsFWLJ1kwaLmUJPwEXBA0M0273pcJdV0rSOnzW8ziE4Q
Bi1ns2ROXGj+Ua9Eow6TU1bl2eM+ON7yYaqkvAghiAlN3rQmqIBpsR9ZyIVSQwhC
3ENxYDN1noO/hVFCUCy/4Gpt3v7cCCPipKPH25b2mH5qvTY93mU0xDnPSs5efkcz
WKOcVPoyun0+FnuivwIDW1YJLKOZazb6z/xMN7ReVu0clbN/f51QnhK7y/5EF4v6
zyZaPS/5Q7Upsom0oeWxlasmqX//noQPry/F3JoQL3s/2Ehk0Ns9B6L+hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtcRnTMAi+83L718JiMQZNE1DiCMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvUzF4R2RNd0NMN3pjdnZYd21JeEJrMFRVT0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZhGMA0G
CSqGSIb3DQEBCwUAA4IBAQB71DI4KmR75TlOJpaqUR9yrTJ+omDELd+Psoc3Ihng
4xALWGtwdqZozMq/iTgTw6jjD0ktZKbmvBi9ZXYKYE7HJNzsGs+1xbWJuR+4B6Sp
Yk399IyQL0xf0bQsROFOXb9InSLporoyDGJMb1f/PbfJVcN8tQMYhaoXKvKdMkPZ
OjK6MP43dmXLJ9ynICqQ8NjzHk6N0IXTuTaxeECeX4hEopka7TTwVjYZIl1ahCSK
NRMvOytoamuJxfqubqPaEB0QOB2xwTKfmQsNNr5QneMjhLFdlh+ZgCRAR2XA2oqe
TiR3BU0O1oQzdmuHxFZ4UHlrnHlCCzsK14g+239+aSFG
-----END CERTIFICATE-----