This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/3955nhX_YEZJpLGNb2g2LYpM5qU.roa
File:                     3955nhX_YEZJpLGNb2g2LYpM5qU.roa (raw, json)
Hash identifier:          pZxjK106ITB9nYgUhk/h19PHoUNnxKmL0w73zZsgUK8=
Subject key identifier:   DF:DE:79:9E:15:FF:60:46:49:A4:B1:8D:6F:68:36:2D:8A:4C:E6:A5
Certificate issuer:       /CN=4def5b8ffbaf7d56af5d39f2f94c946d72f770f3
Certificate serial:       019B7F133BBD58699CB2FDF32A8BFA9B0717
Authority key identifier: 4D:EF:5B:8F:FB:AF:7D:56:AF:5D:39:F2:F9:4C:94:6D:72:F7:70:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/3955nhX_YEZJpLGNb2g2LYpM5qU.roa
Signing time:             Fri 02 Jan 2026 14:18:45 +0000
ROA not before:           Fri 02 Jan 2026 14:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39305
IP address blocks:        45.93.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:3b:bd:58:69:9c:b2:fd:f3:2a:8b:fa:9b:07:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4def5b8ffbaf7d56af5d39f2f94c946d72f770f3
        Validity
            Not Before: Jan  2 14:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfde799e15ff604649a4b18d6f68362d8a4ce6a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0a:72:6f:a9:fa:06:fa:16:b6:e5:83:b7:93:
                    a7:9d:44:2d:19:68:01:0d:be:30:34:ed:d6:26:ea:
                    3d:ce:a6:ad:4a:68:07:7a:97:73:77:c0:aa:42:ab:
                    f8:b1:d4:0e:9b:e1:06:a8:57:e6:21:2f:80:f2:67:
                    67:db:e5:a3:48:b1:26:00:f6:43:f2:89:f3:49:8d:
                    19:75:55:60:a6:04:c3:93:3a:a0:e4:3a:76:fb:76:
                    e2:ae:2f:ea:34:b2:e1:64:ce:c1:7b:11:a4:70:6d:
                    6a:47:aa:fc:8b:f6:93:14:c9:63:29:af:d4:88:e5:
                    63:31:6f:95:53:db:e2:1c:5a:c5:92:0e:06:fb:2f:
                    89:91:1a:6a:06:66:54:05:c9:ad:e4:77:cf:db:ff:
                    7c:28:04:f2:5c:25:9c:ea:26:a8:55:81:82:ee:8e:
                    ec:66:1a:2c:49:1b:89:cb:e0:58:de:b3:1f:58:2a:
                    93:37:9b:ca:6a:40:fe:d3:76:fb:f5:af:ac:1c:d8:
                    93:81:b9:80:4c:c5:a3:bd:e4:eb:a7:b2:f3:a8:c0:
                    ff:35:87:24:55:1c:2f:02:f7:2b:85:76:9d:5a:c0:
                    b3:f9:6a:54:6f:ed:33:ac:a5:91:7e:a7:11:49:33:
                    fd:e6:11:64:cf:fb:ee:09:48:74:5f:66:28:07:20:
                    7b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DE:79:9E:15:FF:60:46:49:A4:B1:8D:6F:68:36:2D:8A:4C:E6:A5
            X509v3 Authority Key Identifier:
                keyid:4D:EF:5B:8F:FB:AF:7D:56:AF:5D:39:F2:F9:4C:94:6D:72:F7:70:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/3955nhX_YEZJpLGNb2g2LYpM5qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:92:d5:2d:e4:ac:dc:9c:14:90:62:66:b6:96:7b:b5:6d:ec:
         85:a2:98:03:46:e8:f6:0a:07:62:26:54:8f:87:9c:d2:b4:41:
         23:18:83:dd:1c:b9:ef:93:b7:0e:10:8b:95:a9:63:ac:e8:59:
         8d:90:4f:46:d3:9f:42:ab:32:11:10:cf:ba:85:fd:50:56:9b:
         e8:04:64:a9:d6:eb:e6:41:32:6e:61:2c:30:8e:6a:93:e3:56:
         ed:bc:9a:eb:b8:d1:2c:3b:32:6b:f6:63:c1:ff:a1:df:bb:01:
         34:53:87:e2:19:31:ac:ff:5c:a6:56:04:39:59:10:48:1a:22:
         75:a9:7a:ad:7d:37:65:a4:91:db:59:86:c9:a9:02:c0:0f:e4:
         a4:b6:19:f7:62:99:a1:d3:97:68:59:e9:ec:68:4c:13:22:b6:
         5d:62:0a:55:58:c9:17:c5:0a:0f:6c:a4:c1:83:94:aa:b7:1f:
         6d:47:01:08:dc:b2:3f:11:5b:75:ad:68:56:84:02:e5:c2:2e:
         ff:2d:68:e6:07:07:7d:22:ac:80:4c:55:99:20:fc:15:27:68:
         39:11:70:c8:48:50:b7:03:f9:c4:5d:9e:1d:ba:53:7e:49:83:
         50:ca:06:bd:c3:61:09:a4:77:1f:c6:15:9c:25:9b:4e:5d:fc:
         ac:22:c2:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Ezu9WGmcsv3zKov6mwcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZWY1YjhmZmJhZjdkNTZhZjVkMzlmMmY5NGM5NDZkNzJm
NzcwZjMwHhcNMjYwMTAyMTQxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRlNzk5ZTE1ZmY2MDQ2NDlhNGIxOGQ2ZjY4MzYyZDhhNGNlNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoApyb6n6BvoWtuWDt5OnnUQtGWgB
Db4wNO3WJuo9zqatSmgHepdzd8CqQqv4sdQOm+EGqFfmIS+A8mdn2+WjSLEmAPZD
8onzSY0ZdVVgpgTDkzqg5Dp2+3biri/qNLLhZM7BexGkcG1qR6r8i/aTFMljKa/U
iOVjMW+VU9viHFrFkg4G+y+JkRpqBmZUBcmt5HfP2/98KATyXCWc6iaoVYGC7o7s
ZhosSRuJy+BY3rMfWCqTN5vKakD+03b79a+sHNiTgbmATMWjveTrp7LzqMD/NYck
VRwvAvcrhXadWsCz+WpUb+0zrKWRfqcRSTP95hFkz/vuCUh0X2YoByB7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/eeZ4V/2BGSaSxjW9oNi2KTOalMB8GA1UdIwQY
MBaAFE3vW4/7r31Wr1058vlMlG1y93DzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGU5YmpfdXZmVmF2WFRueS1VeVViWEwzY1BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80MDQyN2UtNzRmYS00YTY2LTgzN2Qt
YTUyM2JhY2RjMmJlLzEvMzk1NW5oWF9ZRVpKcExHTmIyZzJMWXBNNXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80MDQyN2UtNzRmYS00YTY2LTgzN2QtYTUyM2JhY2RjMmJl
LzEvVGU5YmpfdXZmVmF2WFRueS1VeVViWEwzY1BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV2QMA0G
CSqGSIb3DQEBCwUAA4IBAQCLktUt5KzcnBSQYma2lnu1beyFopgDRuj2CgdiJlSP
h5zStEEjGIPdHLnvk7cOEIuVqWOs6FmNkE9G059CqzIREM+6hf1QVpvoBGSp1uvm
QTJuYSwwjmqT41btvJrruNEsOzJr9mPB/6HfuwE0U4fiGTGs/1ymVgQ5WRBIGiJ1
qXqtfTdlpJHbWYbJqQLAD+Skthn3Ypmh05doWensaEwTIrZdYgpVWMkXxQoPbKTB
g5Sqtx9tRwEI3LI/EVt1rWhWhALlwi7/LWjmBwd9IqyATFWZIPwVJ2g5EXDISFC3
A/nEXZ4dulN+SYNQyga9w2EJpHcfxhWcJZtOXfysIsIZ
-----END CERTIFICATE-----