This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/UhOlZ1gWF-A2pyAb44IeBGN_OgY.roa
File:                     UhOlZ1gWF-A2pyAb44IeBGN_OgY.roa (raw, json)
Hash identifier:          eG58vuvoosMx0i4HfksqHRUHWT1C5k08ekOkTneq/NQ=
Subject key identifier:   52:13:A5:67:58:16:17:E0:36:A7:20:1B:E3:82:1E:04:63:7F:3A:06
Certificate issuer:       /CN=9338840926ac73ead5b6187919e88f10032299ca
Certificate serial:       019ADF6F0D0B7B21055B4D0AC7A9EA1B588F
Authority key identifier: 93:38:84:09:26:AC:73:EA:D5:B6:18:79:19:E8:8F:10:03:22:99:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/UhOlZ1gWF-A2pyAb44IeBGN_OgY.roa
Signing time:             Tue 02 Dec 2025 14:19:48 +0000
ROA not before:           Tue 02 Dec 2025 14:19:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214678
IP address blocks:        45.148.74.0/24 maxlen: 24
                          45.148.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 23:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:df:6f:0d:0b:7b:21:05:5b:4d:0a:c7:a9:ea:1b:58:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9338840926ac73ead5b6187919e88f10032299ca
        Validity
            Not Before: Dec  2 14:19:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5213a567581617e036a7201be3821e04637f3a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:98:60:5b:ee:83:d2:5f:d9:0c:f6:01:44:cb:
                    2a:e8:e2:e4:7a:3d:19:95:73:35:42:11:61:46:ed:
                    ce:94:8c:36:f6:ee:11:4e:e4:90:08:57:79:5d:77:
                    5c:78:0a:5e:d7:fa:0d:52:97:af:38:74:df:86:f3:
                    e1:82:8b:fc:be:07:b6:cc:36:a9:0d:04:0b:24:16:
                    39:e7:9e:02:4c:ad:20:d1:39:80:c8:8b:06:6a:9a:
                    d1:cd:1b:2b:92:e2:cf:d6:5d:73:4d:d3:fa:df:28:
                    c6:4c:df:9c:75:15:c3:53:22:2c:22:47:8d:be:68:
                    39:01:5e:d1:b4:0a:79:37:d8:0b:0f:bf:6e:0e:07:
                    c3:09:1a:7f:28:7f:19:25:e8:aa:ee:8f:19:89:26:
                    96:d0:40:4b:54:c5:c2:af:7f:af:1b:10:a3:5d:95:
                    47:4a:47:d1:9d:fb:3f:4c:f0:6b:18:0a:fd:2e:71:
                    9b:fb:90:6a:0c:33:cd:bf:d4:8b:2c:61:27:cd:6d:
                    47:6b:a7:f6:d1:45:98:5d:eb:2e:b6:a1:ed:3f:0c:
                    21:ef:fc:49:ba:0f:17:ec:4d:ca:33:ea:d0:d1:a3:
                    cc:29:b6:c5:99:23:28:3a:59:15:b3:2a:3c:7d:bb:
                    74:c2:7f:9b:2d:6a:d5:bb:53:75:c9:a7:3e:e6:b3:
                    49:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:13:A5:67:58:16:17:E0:36:A7:20:1B:E3:82:1E:04:63:7F:3A:06
            X509v3 Authority Key Identifier:
                keyid:93:38:84:09:26:AC:73:EA:D5:B6:18:79:19:E8:8F:10:03:22:99:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kziECSasc-rVthh5GeiPEAMimco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/UhOlZ1gWF-A2pyAb44IeBGN_OgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0bd4d3-d46c-483f-956e-ea7ae72bd32d/1/kziECSasc-rVthh5GeiPEAMimco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:a9:c8:1c:58:3a:d0:7b:de:77:5a:ae:07:cc:b4:78:13:0c:
         26:3b:a6:e6:37:16:be:23:49:59:14:92:c3:33:ed:6e:5f:5a:
         63:72:36:e6:a1:d7:ec:bc:2d:8c:e1:77:fe:7f:ed:fe:f6:7a:
         ed:59:a3:71:30:01:cb:b1:53:a1:b5:44:48:61:6e:c1:66:49:
         6b:a9:0f:38:5e:48:0c:e7:29:e3:e3:80:98:d2:a1:14:4d:9b:
         91:0b:b6:f3:c9:b6:9f:c9:db:12:a9:a5:6b:94:52:06:89:61:
         01:7a:ac:52:69:2b:2c:e1:50:96:5d:7b:0a:54:b8:08:bc:b3:
         2c:1d:bc:cd:8e:58:37:0d:87:ad:68:a3:19:37:2b:fb:29:8f:
         ca:f8:15:d7:16:06:be:a4:cc:ad:e4:90:72:da:10:c9:49:15:
         ff:1f:a2:d0:13:ee:d7:7d:5e:ca:fd:6e:ad:54:ac:8b:b9:52:
         b1:d5:ed:cf:b0:51:bc:26:74:fc:28:96:96:d0:aa:dc:3a:f3:
         67:43:43:2e:ca:29:18:04:24:60:5f:39:b3:87:f1:d3:e9:ad:
         78:4a:0e:2a:d9:79:c3:1f:77:b9:bf:24:cb:7d:b3:3b:34:21:
         65:90:d0:52:0e:14:ea:2f:7c:a9:fc:03:ba:1a:67:8e:a7:ac:
         eb:f0:7b:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrfbw0LeyEFW00Kx6nqG1iPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMzg4NDA5MjZhYzczZWFkNWI2MTg3OTE5ZTg4ZjEwMDMy
Mjk5Y2EwHhcNMjUxMjAyMTQxOTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjEzYTU2NzU4MTYxN2UwMzZhNzIwMWJlMzgyMWUwNDYzN2YzYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZhgW+6D0l/ZDPYBRMsq6OLkej0Z
lXM1QhFhRu3OlIw29u4RTuSQCFd5XXdceApe1/oNUpevOHTfhvPhgov8vge2zDap
DQQLJBY5554CTK0g0TmAyIsGaprRzRsrkuLP1l1zTdP63yjGTN+cdRXDUyIsIkeN
vmg5AV7RtAp5N9gLD79uDgfDCRp/KH8ZJeiq7o8ZiSaW0EBLVMXCr3+vGxCjXZVH
SkfRnfs/TPBrGAr9LnGb+5BqDDPNv9SLLGEnzW1Ha6f20UWYXesutqHtPwwh7/xJ
ug8X7E3KM+rQ0aPMKbbFmSMoOlkVsyo8fbt0wn+bLWrVu1N1yac+5rNJawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFITpWdYFhfgNqcgG+OCHgRjfzoGMB8GA1UdIwQY
MBaAFJM4hAkmrHPq1bYYeRnojxADIpnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ppRUNTYXNjLXJWdGhoNUdlaVBFQU1pbWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wYmQ0ZDMtZDQ2Yy00ODNmLTk1NmUt
ZWE3YWU3MmJkMzJkLzEvVWhPbFoxZ1dGLUEycHlBYjQ0SWVCR05fT2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wYmQ0ZDMtZDQ2Yy00ODNmLTk1NmUtZWE3YWU3MmJkMzJk
LzEva3ppRUNTYXNjLXJWdGhoNUdlaVBFQU1pbWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZRKMA0G
CSqGSIb3DQEBCwUAA4IBAQARqcgcWDrQe953Wq4HzLR4EwwmO6bmNxa+I0lZFJLD
M+1uX1pjcjbmodfsvC2M4Xf+f+3+9nrtWaNxMAHLsVOhtURIYW7BZklrqQ84XkgM
5ynj44CY0qEUTZuRC7bzybafydsSqaVrlFIGiWEBeqxSaSss4VCWXXsKVLgIvLMs
HbzNjlg3DYetaKMZNyv7KY/K+BXXFga+pMyt5JBy2hDJSRX/H6LQE+7XfV7K/W6t
VKyLuVKx1e3PsFG8JnT8KJaW0KrcOvNnQ0MuyikYBCRgXzmzh/HT6a14Sg4q2XnD
H3e5vyTLfbM7NCFlkNBSDhTqL3yp/AO6GmeOp6zr8Hsw
-----END CERTIFICATE-----