This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/_kAyTCQof302et37HvM6mt9jgEM.roa
File:                     _kAyTCQof302et37HvM6mt9jgEM.roa (raw, json)
Hash identifier:          424VJZvw+ZmGcQi0r8Ayp33km0iNLVdVw38YU4HDjGU=
Subject key identifier:   FE:40:32:4C:24:28:7F:7D:36:7A:DD:FB:1E:F3:3A:9A:DF:63:80:43
Certificate issuer:       /CN=da980a45fe487366e386b6064c2c652519f9fc93
Certificate serial:       019B7C806E3C11ABF142B8B7BE71F7CE3D6E
Authority key identifier: DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/_kAyTCQof302et37HvM6mt9jgEM.roa
Signing time:             Fri 02 Jan 2026 02:19:10 +0000
ROA not before:           Fri 02 Jan 2026 02:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209894
IP address blocks:        45.154.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 17:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:6e:3c:11:ab:f1:42:b8:b7:be:71:f7:ce:3d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da980a45fe487366e386b6064c2c652519f9fc93
        Validity
            Not Before: Jan  2 02:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe40324c24287f7d367addfb1ef33a9adf638043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:50:d9:f2:ac:d8:22:d6:24:6a:3f:ed:d8:c5:
                    ac:51:f2:19:58:04:cc:fc:1c:4c:96:e2:7c:fd:d6:
                    95:cd:1f:d6:65:13:90:12:b2:c4:9a:15:2c:06:33:
                    6b:88:db:d2:e6:77:aa:df:30:0b:98:26:be:bd:6e:
                    f2:4c:ed:ac:59:d0:d6:38:47:2a:35:25:e5:d1:08:
                    d1:db:82:1b:01:cb:04:75:0c:61:a0:7e:8b:dd:ae:
                    73:27:de:bd:31:07:15:5e:84:94:11:f6:c5:26:81:
                    2e:a7:c1:cc:fb:5b:79:93:51:90:07:d1:66:2b:cd:
                    ab:a4:31:ed:bc:a9:6e:12:26:dd:26:ac:3a:fb:10:
                    48:c5:de:f3:bb:df:77:16:1c:79:45:20:9f:36:35:
                    c7:d6:8e:cf:4b:9a:a7:6a:83:66:0f:48:a6:db:53:
                    95:ac:98:6d:63:ed:d7:ee:fa:95:45:c6:4f:02:64:
                    e8:2a:2e:e4:3a:32:5b:55:b9:90:02:06:50:9a:26:
                    97:c5:31:10:51:cd:01:05:b4:f1:ca:50:cd:33:4d:
                    2e:b4:10:fe:43:e8:fe:02:97:f0:5f:6b:c3:51:7d:
                    08:43:09:9c:d0:c0:16:3b:ba:c9:fd:ca:6c:a1:e6:
                    3a:78:b0:51:75:d0:4e:43:85:d3:2b:9d:fd:1f:75:
                    74:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:40:32:4C:24:28:7F:7D:36:7A:DD:FB:1E:F3:3A:9A:DF:63:80:43
            X509v3 Authority Key Identifier:
                keyid:DA:98:0A:45:FE:48:73:66:E3:86:B6:06:4C:2C:65:25:19:F9:FC:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/_kAyTCQof302et37HvM6mt9jgEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/410e39-b8a6-46ca-acdc-3f12aff274da/1/2pgKRf5Ic2bjhrYGTCxlJRn5_JM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:91:35:f0:bc:30:96:cb:71:e7:af:1d:bb:1c:b6:15:12:0d:
         05:41:8c:6d:46:fa:c0:2c:c1:59:42:aa:70:c7:c5:84:8c:17:
         ed:10:f7:c9:ce:51:07:2a:e7:32:11:d0:ae:69:56:51:b4:fa:
         18:91:1e:31:d1:b1:45:67:b8:68:07:e9:d3:ba:d4:00:13:35:
         42:3b:b0:12:66:a0:48:bd:74:86:8c:4c:82:72:86:b9:53:38:
         0a:76:89:ef:44:00:7e:6a:c1:18:cb:c6:e2:f5:ae:b7:b6:6f:
         a8:f0:69:3d:76:c4:b4:39:0e:91:d9:7e:90:59:31:7f:02:14:
         7c:40:db:b8:79:45:5a:dd:08:70:a5:cd:75:8c:26:1e:97:26:
         08:12:c8:d2:be:ac:c4:8e:9c:04:71:8f:ba:a0:9a:62:a5:12:
         3f:5d:43:61:4e:d4:92:a6:3e:77:d7:8b:07:ef:20:8e:10:62:
         88:85:ce:ef:c6:6c:22:1b:38:30:c9:06:ea:5b:24:58:31:ce:
         9a:14:39:1b:6b:28:0c:01:71:87:f7:27:9a:83:7c:17:7b:3b:
         31:c5:37:2a:8e:ed:d0:d6:e5:21:f8:7c:5f:87:c7:50:52:59:
         40:51:62:f7:96:23:bc:fb:3e:e9:ad:ee:c2:d2:28:e8:15:f1:
         6f:da:b3:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gG48EavxQri3vnH3zj1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOTgwYTQ1ZmU0ODczNjZlMzg2YjYwNjRjMmM2NTI1MTlm
OWZjOTMwHhcNMjYwMTAyMDIxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTQwMzI0YzI0Mjg3ZjdkMzY3YWRkZmIxZWYzM2E5YWRmNjM4MDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulDZ8qzYItYkaj/t2MWsUfIZWATM
/BxMluJ8/daVzR/WZROQErLEmhUsBjNriNvS5neq3zALmCa+vW7yTO2sWdDWOEcq
NSXl0QjR24IbAcsEdQxhoH6L3a5zJ969MQcVXoSUEfbFJoEup8HM+1t5k1GQB9Fm
K82rpDHtvKluEibdJqw6+xBIxd7zu993Fhx5RSCfNjXH1o7PS5qnaoNmD0im21OV
rJhtY+3X7vqVRcZPAmToKi7kOjJbVbmQAgZQmiaXxTEQUc0BBbTxylDNM00utBD+
Q+j+ApfwX2vDUX0IQwmc0MAWO7rJ/cpsoeY6eLBRddBOQ4XTK539H3V0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5AMkwkKH99Nnrd+x7zOprfY4BDMB8GA1UdIwQY
MBaAFNqYCkX+SHNm44a2BkwsZSUZ+fyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMt
M2YxMmFmZjI3NGRhLzEvX2tBeVRDUW9mMzAyZXQzN0h2TTZtdDlqZ0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC80MTBlMzktYjhhNi00NmNhLWFjZGMtM2YxMmFmZjI3NGRh
LzEvMnBnS1JmNUljMmJqaHJZR1RDeGxKUm41X0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpvMA0G
CSqGSIb3DQEBCwUAA4IBAQCPkTXwvDCWy3Hnrx27HLYVEg0FQYxtRvrALMFZQqpw
x8WEjBftEPfJzlEHKucyEdCuaVZRtPoYkR4x0bFFZ7hoB+nTutQAEzVCO7ASZqBI
vXSGjEyCcoa5UzgKdonvRAB+asEYy8bi9a63tm+o8Gk9dsS0OQ6R2X6QWTF/AhR8
QNu4eUVa3Qhwpc11jCYelyYIEsjSvqzEjpwEcY+6oJpipRI/XUNhTtSSpj5314sH
7yCOEGKIhc7vxmwiGzgwyQbqWyRYMc6aFDkbaygMAXGH9yeag3wXezsxxTcqju3Q
1uUh+Hxfh8dQUllAUWL3liO8+z7pre7C0ijoFfFv2rPU
-----END CERTIFICATE-----