This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/Usp7Cq9yEBn4Ro61mUJFM6lZCmQ.roa
File:                     Usp7Cq9yEBn4Ro61mUJFM6lZCmQ.roa (raw, json)
Hash identifier:          Q8czcZicRwqawMLCHXgEajjrnDJKLDPALwwosSnt964=
Subject key identifier:   52:CA:7B:0A:AF:72:10:19:F8:46:8E:B5:99:42:45:33:A9:59:0A:64
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       019B7F820D1AEC643572D39B2F26F856578C
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/Usp7Cq9yEBn4Ro61mUJFM6lZCmQ.roa
Signing time:             Fri 02 Jan 2026 16:19:47 +0000
ROA not before:           Fri 02 Jan 2026 16:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208342
IP address blocks:        45.13.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:0d:1a:ec:64:35:72:d3:9b:2f:26:f8:56:57:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  2 16:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52ca7b0aaf721019f8468eb599424533a9590a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:56:c4:c8:4b:3c:58:94:98:50:e4:0f:89:91:
                    76:ee:c3:46:2b:d3:e7:cf:eb:9d:2c:b2:02:4b:ba:
                    98:20:82:cb:cb:eb:34:9a:d2:c8:ff:e2:ca:20:cd:
                    e4:6d:9b:73:6b:1e:53:36:d5:28:a2:f3:8d:60:0a:
                    07:4c:ef:0e:94:08:87:35:69:5f:2d:d0:89:22:0c:
                    04:48:a5:ad:fb:81:70:2c:64:57:62:f1:47:3b:a2:
                    cb:4c:f9:cb:32:ac:0f:c3:25:a3:40:60:10:07:af:
                    98:92:62:db:32:32:c0:bf:4b:a8:40:3a:79:e0:5b:
                    9b:61:f3:c6:cc:1e:26:13:f0:9e:97:bc:aa:58:0d:
                    e3:e8:e4:dd:b2:61:02:ee:67:81:c3:72:b9:e9:8f:
                    36:d7:28:bd:ea:bc:87:24:ba:17:ae:77:dd:ac:f8:
                    ce:e6:63:9a:1f:f4:2a:86:1f:9d:26:ca:32:6e:d1:
                    8d:cf:1a:c2:a1:6f:74:36:a5:21:cb:b4:3b:1f:99:
                    aa:1c:d3:79:d3:db:79:f1:6b:58:95:bb:1a:d4:e4:
                    80:75:6c:d9:01:ef:9f:6d:f1:46:b5:c9:42:7f:26:
                    3d:12:a9:b2:b4:50:06:6b:44:ce:db:5b:fc:f6:94:
                    17:5a:ae:b5:6b:8f:c1:de:aa:89:82:30:0d:a3:85:
                    92:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:CA:7B:0A:AF:72:10:19:F8:46:8E:B5:99:42:45:33:A9:59:0A:64
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/Usp7Cq9yEBn4Ro61mUJFM6lZCmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:ca:b8:96:fd:4c:fe:85:39:cc:84:17:5e:86:bb:6d:2b:7a:
         f9:a1:b4:ae:b1:d1:06:8a:c1:f8:c1:e4:ba:84:27:6f:77:1e:
         cc:1d:9b:bf:8b:6f:f7:98:1a:44:1e:0d:9e:39:24:ba:9d:4c:
         61:33:a4:7d:9f:7e:25:13:d4:e9:a0:c6:6b:7e:76:31:09:dd:
         d3:26:6a:78:d2:6e:46:6f:52:ee:c0:0b:35:20:e3:af:ce:a2:
         f8:ae:2c:30:af:78:4b:5b:04:51:62:3b:a7:30:50:4c:4a:9c:
         f3:a0:48:99:94:66:49:58:f4:e8:f6:c8:2a:20:7d:6e:67:ac:
         63:19:57:7b:3c:58:2b:18:33:c1:24:d2:a4:9a:2d:ec:ba:ca:
         35:07:79:68:a1:26:aa:20:e0:db:3b:12:10:4d:f5:51:fe:b9:
         ab:5a:5f:98:cf:38:39:e3:e9:52:27:40:29:9c:3c:59:68:a0:
         31:02:bd:bb:6c:16:0e:06:5f:9f:9e:9b:59:e1:60:5d:a1:79:
         61:f2:87:79:c1:93:6d:6c:e0:4d:c3:f6:e3:27:5d:f2:98:f9:
         5a:51:db:49:f8:98:f5:49:b5:52:b2:26:39:e5:71:98:93:d2:
         39:89:24:a9:1d:69:9c:0f:26:a2:6b:e8:50:2a:7d:7b:b9:ad:
         4a:e1:89:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gg0a7GQ1ctObLyb4VleMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjYwMTAyMTYxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmNhN2IwYWFmNzIxMDE5Zjg0NjhlYjU5OTQyNDUzM2E5NTkwYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilbEyEs8WJSYUOQPiZF27sNGK9Pn
z+udLLICS7qYIILLy+s0mtLI/+LKIM3kbZtzax5TNtUoovONYAoHTO8OlAiHNWlf
LdCJIgwESKWt+4FwLGRXYvFHO6LLTPnLMqwPwyWjQGAQB6+YkmLbMjLAv0uoQDp5
4FubYfPGzB4mE/Cel7yqWA3j6OTdsmEC7meBw3K56Y821yi96ryHJLoXrnfdrPjO
5mOaH/Qqhh+dJsoybtGNzxrCoW90NqUhy7Q7H5mqHNN509t58WtYlbsa1OSAdWzZ
Ae+fbfFGtclCfyY9EqmytFAGa0TO21v89pQXWq61a4/B3qqJgjANo4WSowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLKewqvchAZ+EaOtZlCRTOpWQpkMB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvVXNwN0NxOXlFQm40Um82MW1VSkZNNmxaQ21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ0MMA0G
CSqGSIb3DQEBCwUAA4IBAQBLyriW/Uz+hTnMhBdehrttK3r5obSusdEGisH4weS6
hCdvdx7MHZu/i2/3mBpEHg2eOSS6nUxhM6R9n34lE9TpoMZrfnYxCd3TJmp40m5G
b1LuwAs1IOOvzqL4riwwr3hLWwRRYjunMFBMSpzzoEiZlGZJWPTo9sgqIH1uZ6xj
GVd7PFgrGDPBJNKkmi3suso1B3looSaqIODbOxIQTfVR/rmrWl+Yzzg54+lSJ0Ap
nDxZaKAxAr27bBYOBl+fnptZ4WBdoXlh8od5wZNtbOBNw/bjJ13ymPlaUdtJ+Jj1
SbVSsiY55XGYk9I5iSSpHWmcDyaia+hQKn17ua1K4Ynp
-----END CERTIFICATE-----