This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/g3FGPWoJ07D3yi5Cz0Nc3v5SHqU.roa
File:                     g3FGPWoJ07D3yi5Cz0Nc3v5SHqU.roa (raw, json)
Hash identifier:          PD1VLaYmOX8RMrmBkbxccsjwKT4mPOIGe7e1j90D+sc=
Subject key identifier:   83:71:46:3D:6A:09:D3:B0:F7:CA:2E:42:CF:43:5C:DE:FE:52:1E:A5
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       019AB17E991B65016F4C35ED850EB9DB2C3F
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/g3FGPWoJ07D3yi5Cz0Nc3v5SHqU.roa
Signing time:             Sun 23 Nov 2025 16:14:15 +0000
ROA not before:           Sun 23 Nov 2025 16:14:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        45.89.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 01:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b1:7e:99:1b:65:01:6f:4c:35:ed:85:0e:b9:db:2c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: Nov 23 16:14:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8371463d6a09d3b0f7ca2e42cf435cdefe521ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:28:b0:35:d7:b0:66:65:73:52:64:51:a4:c6:
                    51:ef:5d:06:12:76:17:9f:46:92:d8:a1:2e:f6:b7:
                    6c:c2:93:bf:93:ee:7d:90:02:a8:68:27:a6:ba:1f:
                    a9:5b:13:ab:6a:c0:4e:75:7f:86:48:33:d2:b4:ba:
                    3e:3e:bf:7d:88:45:9c:d2:78:36:50:2a:28:e4:95:
                    e3:8b:3e:f7:b1:42:53:38:1c:6b:d1:14:49:64:ea:
                    2b:ce:b5:7c:fc:d0:68:46:c1:da:83:f4:b5:7e:ba:
                    a4:32:6d:c9:47:1c:8d:6d:91:ca:ca:7a:df:53:61:
                    91:b7:f3:cf:8e:0e:0f:13:a7:e6:c9:7c:86:a8:50:
                    98:4a:b9:4b:9f:da:18:6f:32:69:be:79:b0:1e:d4:
                    52:cd:3d:ce:c3:55:91:e0:70:17:36:13:2c:fe:02:
                    8e:ef:40:75:51:f9:17:1f:90:b2:c6:b1:c7:21:e0:
                    7c:da:8c:57:f2:7b:61:a0:9a:22:52:33:35:d8:84:
                    fa:9d:81:17:27:36:9a:29:4d:42:52:27:9e:31:4a:
                    9e:20:7a:35:c6:85:cc:0d:cb:ed:31:f7:f1:32:95:
                    f8:50:40:75:76:d1:08:ed:c7:e6:07:b3:8b:9b:2c:
                    3d:b4:02:48:49:63:7e:af:df:24:d0:71:4c:27:ba:
                    ae:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:71:46:3D:6A:09:D3:B0:F7:CA:2E:42:CF:43:5C:DE:FE:52:1E:A5
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/g3FGPWoJ07D3yi5Cz0Nc3v5SHqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f5:60:73:e3:f8:5c:dd:c4:17:de:18:8b:4f:2a:3f:5e:c4:
         cc:42:fa:d1:45:f5:f1:61:db:18:4f:40:77:22:f7:d5:d7:4d:
         47:b4:bb:f7:71:0a:5b:16:ba:0a:fb:56:63:1b:f1:bd:7b:04:
         89:8c:3d:fd:cd:7b:12:3e:57:70:65:fb:be:df:e6:55:da:27:
         a2:72:40:bd:1d:2b:07:8b:c3:6c:5f:63:5d:6c:e5:82:f4:0a:
         14:d3:4b:b1:a9:3e:d0:4d:4b:4a:f2:d1:5a:6b:fa:7a:b8:dc:
         1d:cc:15:5e:bd:77:e6:ce:f4:0e:b9:5d:01:38:67:ca:00:6c:
         3f:a7:11:2b:17:57:ab:3e:6d:44:10:3a:69:70:23:23:40:51:
         96:92:53:bf:6b:6f:92:f5:3c:c3:dd:0b:70:34:54:be:d9:9c:
         1f:5e:d7:d8:01:2e:f1:7e:f6:14:6f:1e:b6:21:7d:32:ac:99:
         7b:3e:39:98:ea:4e:b2:f4:4d:30:21:4e:8d:87:0e:69:f1:57:
         45:cd:31:20:3e:07:ec:2e:e0:3d:e0:5f:36:bb:24:93:08:ed:
         6a:c8:df:90:86:5b:03:53:0d:42:4f:b2:a1:e9:0d:cf:4d:37:
         ee:76:81:e6:81:f5:46:a4:c5:db:c4:3a:1f:99:a1:ae:3e:0c:
         ee:4d:cc:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqxfpkbZQFvTDXthQ652yw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjUxMTIzMTYxNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzcxNDYzZDZhMDlkM2IwZjdjYTJlNDJjZjQzNWNkZWZlNTIxZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yiwNdewZmVzUmRRpMZR710GEnYX
n0aS2KEu9rdswpO/k+59kAKoaCemuh+pWxOrasBOdX+GSDPStLo+Pr99iEWc0ng2
UCoo5JXjiz73sUJTOBxr0RRJZOorzrV8/NBoRsHag/S1frqkMm3JRxyNbZHKynrf
U2GRt/PPjg4PE6fmyXyGqFCYSrlLn9oYbzJpvnmwHtRSzT3Ow1WR4HAXNhMs/gKO
70B1UfkXH5CyxrHHIeB82oxX8nthoJoiUjM12IT6nYEXJzaaKU1CUieeMUqeIHo1
xoXMDcvtMffxMpX4UEB1dtEI7cfmB7OLmyw9tAJISWN+r98k0HFMJ7quYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINxRj1qCdOw98ouQs9DXN7+Uh6lMB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvZzNGR1BXb0owN0QzeWk1Q3owTmMzdjVTSHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVnfMA0G
CSqGSIb3DQEBCwUAA4IBAQAF9WBz4/hc3cQX3hiLTyo/XsTMQvrRRfXxYdsYT0B3
IvfV101HtLv3cQpbFroK+1ZjG/G9ewSJjD39zXsSPldwZfu+3+ZV2ieickC9HSsH
i8NsX2NdbOWC9AoU00uxqT7QTUtK8tFaa/p6uNwdzBVevXfmzvQOuV0BOGfKAGw/
pxErF1erPm1EEDppcCMjQFGWklO/a2+S9TzD3QtwNFS+2ZwfXtfYAS7xfvYUbx62
IX0yrJl7PjmY6k6y9E0wIU6Nhw5p8VdFzTEgPgfsLuA94F82uySTCO1qyN+QhlsD
Uw1CT7Kh6Q3PTTfudoHmgfVGpMXbxDofmaGuPgzuTczx
-----END CERTIFICATE-----
Generated at Sat Dec 6 10:02:38 2025 by rpki-client