This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/R3ml3p2UCbj2WZwYh-kGTkhVCeI.roa
File:                     R3ml3p2UCbj2WZwYh-kGTkhVCeI.roa (raw, json)
Hash identifier:          61bHqaM6yloEoaMB3RQ50xunau9HQvm40J9/cQnFMg0=
Subject key identifier:   47:79:A5:DE:9D:94:09:B8:F6:59:9C:18:87:E9:06:4E:48:55:09:E2
Certificate issuer:       /CN=d4fbc74cd1f87a0bf16c482f6201c9b9eb244ea2
Certificate serial:       019B7C7FE497CD5AA77A75962A558B3A2655
Authority key identifier: D4:FB:C7:4C:D1:F8:7A:0B:F1:6C:48:2F:62:01:C9:B9:EB:24:4E:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1PvHTNH4egvxbEgvYgHJueskTqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/R3ml3p2UCbj2WZwYh-kGTkhVCeI.roa
Signing time:             Fri 02 Jan 2026 02:18:34 +0000
ROA not before:           Fri 02 Jan 2026 02:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203201
IP address blocks:        45.145.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/1PvHTNH4egvxbEgvYgHJueskTqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/1PvHTNH4egvxbEgvYgHJueskTqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1PvHTNH4egvxbEgvYgHJueskTqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:e4:97:cd:5a:a7:7a:75:96:2a:55:8b:3a:26:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4fbc74cd1f87a0bf16c482f6201c9b9eb244ea2
        Validity
            Not Before: Jan  2 02:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4779a5de9d9409b8f6599c1887e9064e485509e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:38:2c:ae:17:b2:3d:b0:d3:ad:0f:a6:f7:
                    1c:a4:c1:1e:7c:f8:b2:4e:67:1e:2d:ee:c4:a0:3f:
                    e4:f1:f0:29:19:75:c2:36:ac:22:29:1c:bc:bf:53:
                    7f:f4:38:0f:1d:5b:fd:1d:18:8e:ca:50:3b:ff:1c:
                    fb:0a:29:95:db:3b:c3:92:57:96:c5:ba:95:6d:f6:
                    13:15:ba:b0:50:6e:4b:1c:96:bb:7a:53:03:0b:53:
                    32:63:46:11:eb:da:c2:43:58:21:84:1d:92:d4:c7:
                    82:3f:a4:35:59:31:33:aa:00:10:a6:09:77:ac:6d:
                    bf:fd:6c:c8:db:cd:ea:60:3a:13:e2:30:ca:03:e5:
                    75:1b:2b:7a:b0:7e:0e:f9:46:31:65:b4:d5:72:80:
                    bd:25:a4:dc:97:b5:b5:71:38:d2:0e:b2:1b:01:c8:
                    32:f6:5e:73:7f:20:3e:36:13:57:d0:67:73:56:f4:
                    68:39:65:08:10:f1:74:c4:0e:88:db:89:2e:7e:fd:
                    df:f5:2b:3b:e3:b7:94:38:a8:2d:34:ec:f3:59:46:
                    fa:93:de:79:ff:9e:9d:29:42:7b:85:ce:72:50:dd:
                    10:42:51:c6:ec:03:72:99:ad:bf:8f:6b:ea:3f:de:
                    45:90:66:00:47:82:40:41:73:61:a6:16:c0:b2:af:
                    10:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:79:A5:DE:9D:94:09:B8:F6:59:9C:18:87:E9:06:4E:48:55:09:E2
            X509v3 Authority Key Identifier:
                keyid:D4:FB:C7:4C:D1:F8:7A:0B:F1:6C:48:2F:62:01:C9:B9:EB:24:4E:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1PvHTNH4egvxbEgvYgHJueskTqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/R3ml3p2UCbj2WZwYh-kGTkhVCeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/87312c-69c4-4813-b740-1c9667730534/1/1PvHTNH4egvxbEgvYgHJueskTqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:88:9b:38:8d:4b:70:a1:f5:6b:f4:b0:1d:c0:68:3c:dd:16:
         7c:31:dc:8a:7c:7d:46:4b:0a:cd:53:85:93:16:67:ab:7d:f1:
         52:3e:60:20:91:37:02:cd:9a:d3:0c:1e:1b:1a:dd:3a:33:aa:
         11:cc:81:49:45:87:36:94:29:3f:4a:e6:4a:6c:11:76:25:3b:
         31:73:a7:d0:1a:da:e5:b1:8b:e7:c5:7a:9e:a1:d3:5c:0d:2f:
         20:68:dd:2f:00:27:b4:82:9e:c5:73:3c:17:f8:a4:a9:9b:8e:
         bb:00:61:77:d8:4c:1e:03:58:4a:55:e7:78:66:cc:4e:b2:b5:
         8d:94:ed:47:88:9f:ad:d8:a9:f7:ee:10:0b:b5:bc:5b:77:45:
         4a:86:6b:f5:52:98:86:b1:b4:07:d5:e1:53:6d:87:2f:df:c0:
         64:5f:a1:82:79:fc:18:fc:a3:81:b1:55:0b:97:74:14:0a:eb:
         ae:79:74:ce:1a:1c:39:40:3c:a3:26:bf:d3:51:03:ae:4b:e5:
         2d:4f:42:37:0e:14:9e:d5:d5:da:e3:b8:85:80:49:8d:44:c3:
         3a:6b:33:6c:76:ae:d5:5e:b4:59:7e:0a:00:9b:41:39:a4:07:
         7c:87:18:05:6f:0f:98:16:eb:ba:b7:45:e6:b8:7d:bf:db:2d:
         90:5f:40:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f+SXzVqnenWWKlWLOiZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZmJjNzRjZDFmODdhMGJmMTZjNDgyZjYyMDFjOWI5ZWIy
NDRlYTIwHhcNMjYwMTAyMDIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc5YTVkZTlkOTQwOWI4ZjY1OTljMTg4N2U5MDY0ZTQ4NTUwOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZY4LK4Xsj2w060PpvccpMEefPiy
TmceLe7EoD/k8fApGXXCNqwiKRy8v1N/9DgPHVv9HRiOylA7/xz7CimV2zvDkleW
xbqVbfYTFbqwUG5LHJa7elMDC1MyY0YR69rCQ1ghhB2S1MeCP6Q1WTEzqgAQpgl3
rG2//WzI283qYDoT4jDKA+V1Gyt6sH4O+UYxZbTVcoC9JaTcl7W1cTjSDrIbAcgy
9l5zfyA+NhNX0GdzVvRoOWUIEPF0xA6I24kufv3f9Ss747eUOKgtNOzzWUb6k955
/56dKUJ7hc5yUN0QQlHG7ANyma2/j2vqP95FkGYAR4JAQXNhphbAsq8QZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd5pd6dlAm49lmcGIfpBk5IVQniMB8GA1UdIwQY
MBaAFNT7x0zR+HoL8WxIL2IBybnrJE6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVB2SFROSDRlZ3Z4YkVndllnSEp1ZXNrVHFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84NzMxMmMtNjljNC00ODEzLWI3NDAt
MWM5NjY3NzMwNTM0LzEvUjNtbDNwMlVDYmoyV1p3WWgta0dUa2hWQ2VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84NzMxMmMtNjljNC00ODEzLWI3NDAtMWM5NjY3NzMwNTM0
LzEvMVB2SFROSDRlZ3Z4YkVndllnSEp1ZXNrVHFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZHMMA0G
CSqGSIb3DQEBCwUAA4IBAQCXiJs4jUtwofVr9LAdwGg83RZ8MdyKfH1GSwrNU4WT
FmerffFSPmAgkTcCzZrTDB4bGt06M6oRzIFJRYc2lCk/SuZKbBF2JTsxc6fQGtrl
sYvnxXqeodNcDS8gaN0vACe0gp7FczwX+KSpm467AGF32EweA1hKVed4ZsxOsrWN
lO1HiJ+t2Kn37hALtbxbd0VKhmv1UpiGsbQH1eFTbYcv38BkX6GCefwY/KOBsVUL
l3QUCuuueXTOGhw5QDyjJr/TUQOuS+UtT0I3DhSe1dXa47iFgEmNRMM6azNsdq7V
XrRZfgoAm0E5pAd8hxgFbw+YFuu6t0XmuH2/2y2QX0Cd
-----END CERTIFICATE-----