This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nX_QAdzwSifxskcfZILVdGVu48c.roa
File:                     nX_QAdzwSifxskcfZILVdGVu48c.roa (raw, json)
Hash identifier:          ouA+SlnoKVv8DbD3Nn75qCPDCCLaDnVWOsKdJNJzO8I=
Subject key identifier:   9D:7F:D0:01:DC:F0:4A:27:F1:B2:47:1F:64:82:D5:74:65:6E:E3:C7
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019B26ED32D5559BD8527D4ABFBBC0871BF8
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nX_QAdzwSifxskcfZILVdGVu48c.roa
Signing time:             Tue 16 Dec 2025 11:30:37 +0000
ROA not before:           Tue 16 Dec 2025 11:30:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215206
IP address blocks:        45.89.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Dec 2025 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:26:ed:32:d5:55:9b:d8:52:7d:4a:bf:bb:c0:87:1b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Dec 16 11:30:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d7fd001dcf04a27f1b2471f6482d574656ee3c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d1:2c:6c:63:24:cf:3a:1c:f3:3c:bf:22:68:
                    28:42:63:9f:c2:18:6f:0f:ae:55:fe:92:af:9a:49:
                    82:03:a5:ff:6e:b9:6f:a2:e0:73:a0:98:8a:ce:90:
                    52:6e:19:6e:ea:50:b3:8f:4f:63:d6:d8:34:16:26:
                    fd:44:32:d2:34:26:36:b6:9a:17:25:40:69:9a:a2:
                    fb:62:17:9d:56:a4:21:1f:11:da:68:26:e0:48:b6:
                    1f:9e:2c:1d:2d:7a:ec:7a:f0:5b:55:b6:73:be:b1:
                    91:5a:cf:2f:c2:67:d9:f3:01:2a:47:5d:86:f7:2b:
                    19:7f:dd:f4:ec:b1:e2:a6:1a:c9:15:1e:18:f5:4c:
                    cd:25:ba:6f:76:f1:fa:ff:32:69:95:3e:60:40:f0:
                    07:19:e6:02:8e:7e:13:c6:cb:ca:11:ab:36:5d:c1:
                    11:11:91:f6:da:34:ec:61:ae:b4:40:8c:33:3a:13:
                    68:3e:76:c6:a8:d3:e7:fc:49:75:bf:b5:96:90:12:
                    c1:80:9d:60:0a:54:3c:d6:45:46:e7:51:8d:97:b5:
                    b2:4b:30:98:41:c8:bc:61:a6:6c:49:98:e6:08:fc:
                    f7:c8:c5:7e:d0:5d:d3:ef:a4:8b:41:3a:a9:2d:b3:
                    65:c5:8e:81:19:12:71:19:4c:96:14:09:b9:28:a2:
                    96:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:7F:D0:01:DC:F0:4A:27:F1:B2:47:1F:64:82:D5:74:65:6E:E3:C7
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/nX_QAdzwSifxskcfZILVdGVu48c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:60:29:d0:c9:0c:b6:25:11:e8:92:3e:cb:5f:60:71:a6:da:
         12:c6:53:1a:c7:c7:45:cf:ff:3c:04:26:24:d0:23:3d:48:19:
         a1:41:01:63:5b:a1:34:d0:45:a8:3f:a8:dc:b7:5a:5e:31:ce:
         36:f9:47:85:29:18:58:c1:b7:7c:c0:08:da:c7:dd:64:c8:12:
         27:ed:e1:8c:38:33:f0:69:ba:61:1f:5b:97:0e:15:2d:70:af:
         fe:6d:1b:0b:db:06:a0:8a:bd:6e:4f:b9:6d:5f:8a:97:df:be:
         e0:5d:a7:81:ed:d7:e1:6d:fe:3f:b3:e6:08:9e:de:06:93:89:
         0c:a6:1a:ba:e6:09:03:3c:c8:6e:61:88:6d:a3:dc:bf:6c:68:
         52:57:a1:f7:d0:55:ea:ae:cf:89:85:fb:68:4c:f0:52:a1:9f:
         21:4f:dc:69:4e:37:8f:4e:18:84:5a:28:ec:5c:e6:b5:56:3b:
         f8:48:32:19:e2:24:a8:26:ed:25:19:48:ab:d6:cc:61:69:e9:
         49:5a:08:54:70:b9:c3:79:5e:7b:d8:2a:ab:6b:30:9a:83:6e:
         c1:9c:46:64:b2:45:ed:90:1c:b1:3b:8e:f9:f8:1f:89:dd:cd:
         f2:d9:7c:94:14:07:90:a0:bb:7d:1c:c5:43:d7:2c:16:4f:13:
         2e:60:ef:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsm7TLVVZvYUn1Kv7vAhxv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUxMjE2MTEzMDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdmZDAwMWRjZjA0YTI3ZjFiMjQ3MWY2NDgyZDU3NDY1NmVlM2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NEsbGMkzzoc8zy/ImgoQmOfwhhv
D65V/pKvmkmCA6X/brlvouBzoJiKzpBSbhlu6lCzj09j1tg0Fib9RDLSNCY2tpoX
JUBpmqL7YhedVqQhHxHaaCbgSLYfniwdLXrsevBbVbZzvrGRWs8vwmfZ8wEqR12G
9ysZf9307LHiphrJFR4Y9UzNJbpvdvH6/zJplT5gQPAHGeYCjn4TxsvKEas2XcER
EZH22jTsYa60QIwzOhNoPnbGqNPn/El1v7WWkBLBgJ1gClQ81kVG51GNl7WySzCY
Qci8YaZsSZjmCPz3yMV+0F3T76SLQTqpLbNlxY6BGRJxGUyWFAm5KKKWMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1/0AHc8Eon8bJHH2SC1XRlbuPHMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvblhfUUFkendTaWZ4c2tjZlpJTFZkR1Z1NDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVk9MA0G
CSqGSIb3DQEBCwUAA4IBAQDAYCnQyQy2JRHokj7LX2BxptoSxlMax8dFz/88BCYk
0CM9SBmhQQFjW6E00EWoP6jct1peMc42+UeFKRhYwbd8wAjax91kyBIn7eGMODPw
abphH1uXDhUtcK/+bRsL2wagir1uT7ltX4qX377gXaeB7dfhbf4/s+YInt4Gk4kM
phq65gkDPMhuYYhto9y/bGhSV6H30FXqrs+JhftoTPBSoZ8hT9xpTjePThiEWijs
XOa1Vjv4SDIZ4iSoJu0lGUir1sxhaelJWghUcLnDeV572CqrazCag27BnEZkskXt
kByxO475+B+J3c3y2XyUFAeQoLt9HMVD1ywWTxMuYO/m
-----END CERTIFICATE-----