This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fQbrkFWCEhPNbu1hyR8j_r0b60M.roa
File:                     fQbrkFWCEhPNbu1hyR8j_r0b60M.roa (raw, json)
Hash identifier:          jbrDBJXSw3JZiZBS6EObxYKJvQO6pJEX+TDEGx0U8/g=
Subject key identifier:   7D:06:EB:90:55:82:12:13:CD:6E:ED:61:C9:1F:23:FE:BD:1B:EB:43
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019B7835228F55CB45ABF115D5B30A05711F
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fQbrkFWCEhPNbu1hyR8j_r0b60M.roa
Signing time:             Thu 01 Jan 2026 06:18:26 +0000
ROA not before:           Thu 01 Jan 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203771
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:22:8f:55:cb:45:ab:f1:15:d5:b3:0a:05:71:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  1 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d06eb9055821213cd6eed61c91f23febd1beb43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ee:50:f2:04:2c:83:db:0b:ed:2b:ba:45:ca:
                    6b:68:3d:38:fa:e2:2c:af:cd:aa:ae:ef:62:b8:1a:
                    fa:3a:c2:43:56:0f:33:f2:26:ba:78:fa:cd:36:95:
                    69:19:c3:85:1e:97:57:9f:9c:2b:ea:56:b4:56:61:
                    97:e0:77:ec:9f:71:4f:37:9e:c9:80:a8:41:4b:36:
                    78:f2:39:3a:c2:fe:ba:61:ac:f9:25:9c:46:ee:02:
                    0c:ff:99:cf:25:4b:fe:4f:14:c4:68:c4:c8:f1:39:
                    e1:43:6f:a2:64:68:4b:2d:59:9a:52:f6:6c:69:a1:
                    55:1f:4c:e4:f0:79:81:de:23:f5:95:3f:c4:dd:0a:
                    e2:e3:07:97:bc:df:ea:c3:8f:5c:72:67:cf:db:04:
                    7c:59:25:d8:a3:3c:35:7c:3f:73:4f:ae:51:91:e8:
                    54:53:29:b6:87:d2:d8:7c:14:39:bb:e4:ee:db:00:
                    11:4f:c1:c2:44:0d:b9:e0:48:6d:b2:a0:25:5a:b7:
                    3c:28:59:dc:81:6b:55:64:fe:90:60:90:ae:77:0d:
                    3b:8a:c1:16:15:6c:50:db:bd:ce:b2:31:be:72:b8:
                    24:1e:41:2c:e3:3e:4d:31:09:76:01:d7:56:38:56:
                    3e:af:8f:8b:59:f3:a6:c7:01:2e:1e:46:74:e3:55:
                    b6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:06:EB:90:55:82:12:13:CD:6E:ED:61:C9:1F:23:FE:BD:1B:EB:43
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fQbrkFWCEhPNbu1hyR8j_r0b60M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:70:04:df:a7:15:19:8c:71:33:f1:62:e0:d1:db:8a:1e:cb:
         41:81:bd:ef:9e:b8:d3:45:e1:b0:28:64:f8:e3:59:fd:f0:d5:
         38:ec:c9:e3:ba:a4:23:8e:2a:d4:cc:0d:dc:78:57:ff:ab:5f:
         15:bf:05:c3:28:bc:46:e8:75:6c:d2:dc:f7:eb:42:18:81:cd:
         4b:b7:56:94:55:97:54:67:dc:c4:2d:fe:2d:56:48:28:a4:e6:
         bb:1e:6e:f1:93:9e:68:db:9c:f3:57:45:de:a3:aa:34:aa:09:
         03:bc:bf:5e:0e:ca:b2:74:35:d8:f9:98:65:08:36:a0:19:e6:
         15:6c:7e:41:48:9b:e2:1f:9b:22:f7:5d:ed:98:96:1e:87:fc:
         f9:61:a9:da:ad:e4:ea:da:94:d9:eb:40:ab:27:e7:a5:f0:78:
         1c:2f:7f:62:33:a2:1c:77:68:ad:31:c4:4b:4b:3d:30:71:d9:
         57:bc:bb:86:0d:24:f5:cf:8e:d7:89:60:ff:7f:c1:52:b8:99:
         9e:7f:df:03:09:18:a7:1d:4f:1f:b8:f8:00:c6:37:1b:12:f3:
         13:26:c3:7d:ba:a7:9e:84:bd:85:11:1b:31:71:28:49:49:51:
         80:95:9b:b5:bc:16:53:36:e8:32:5d:ac:6d:12:82:df:89:4e:
         9a:6c:62:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NSKPVctFq/EV1bMKBXEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwMTAxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA2ZWI5MDU1ODIxMjEzY2Q2ZWVkNjFjOTFmMjNmZWJkMWJlYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1u5Q8gQsg9sL7Su6RcpraD04+uIs
r82qru9iuBr6OsJDVg8z8ia6ePrNNpVpGcOFHpdXn5wr6la0VmGX4Hfsn3FPN57J
gKhBSzZ48jk6wv66Yaz5JZxG7gIM/5nPJUv+TxTEaMTI8TnhQ2+iZGhLLVmaUvZs
aaFVH0zk8HmB3iP1lT/E3Qri4weXvN/qw49ccmfP2wR8WSXYozw1fD9zT65RkehU
Uym2h9LYfBQ5u+Tu2wART8HCRA254EhtsqAlWrc8KFncgWtVZP6QYJCudw07isEW
FWxQ273OsjG+crgkHkEs4z5NMQl2AddWOFY+r4+LWfOmxwEuHkZ041W2VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0G65BVghITzW7tYckfI/69G+tDMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvZlFicmtGV0NFaFBOYnUxaHlSOGpfcjBiNjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBxcATfpxUZjHEz8WLg0duKHstBgb3vnrjTReGwKGT4
41n98NU47MnjuqQjjirUzA3ceFf/q18VvwXDKLxG6HVs0tz360IYgc1Lt1aUVZdU
Z9zELf4tVkgopOa7Hm7xk55o25zzV0Xeo6o0qgkDvL9eDsqydDXY+ZhlCDagGeYV
bH5BSJviH5si913tmJYeh/z5YanareTq2pTZ60CrJ+el8HgcL39iM6Icd2itMcRL
Sz0wcdlXvLuGDST1z47XiWD/f8FSuJmef98DCRinHU8fuPgAxjcbEvMTJsN9uqee
hL2FERsxcShJSVGAlZu1vBZTNugyXaxtEoLfiU6abGL1
-----END CERTIFICATE-----