This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/Opf2QA1qNa28jjAr8yKuXu_bAbY.roa
File:                     Opf2QA1qNa28jjAr8yKuXu_bAbY.roa (raw, json)
Hash identifier:          ovjEoKocSUBnOUVIGPdI/qSQMjayKXITtpelF2L20jw=
Subject key identifier:   3A:97:F6:40:0D:6A:35:AD:BC:8E:30:2B:F3:22:AE:5E:EF:DB:01:B6
Certificate issuer:       /CN=81cdc17dad03bcb9bc34a9e377ab2070852dca65
Certificate serial:       019B7E37C29E5756D19FB15D3DEE77814C64
Authority key identifier: 81:CD:C1:7D:AD:03:BC:B9:BC:34:A9:E3:77:AB:20:70:85:2D:CA:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gc3Bfa0DvLm8NKnjd6sgcIUtymU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/Opf2QA1qNa28jjAr8yKuXu_bAbY.roa
Signing time:             Fri 02 Jan 2026 10:19:02 +0000
ROA not before:           Fri 02 Jan 2026 10:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8412
IP address blocks:        45.12.96.0/23 maxlen: 24
                          45.12.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/gc3Bfa0DvLm8NKnjd6sgcIUtymU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/gc3Bfa0DvLm8NKnjd6sgcIUtymU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gc3Bfa0DvLm8NKnjd6sgcIUtymU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:c2:9e:57:56:d1:9f:b1:5d:3d:ee:77:81:4c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cdc17dad03bcb9bc34a9e377ab2070852dca65
        Validity
            Not Before: Jan  2 10:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a97f6400d6a35adbc8e302bf322ae5eefdb01b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:41:b4:fc:fa:8b:21:bb:af:17:95:ad:ea:9e:
                    16:cb:a9:70:57:f1:74:76:f6:5b:d5:b4:f9:ab:cb:
                    8a:78:b2:dd:d9:8a:74:90:42:38:d0:6d:ca:0c:0a:
                    49:d2:5b:fe:29:de:97:e9:52:a0:bc:9d:e7:4d:ae:
                    e4:75:16:bc:2a:3b:d0:3e:43:8c:45:16:0d:40:f1:
                    23:aa:39:ea:ac:c9:13:85:a9:39:0e:6a:63:97:f6:
                    d6:bb:ad:82:26:42:ff:72:27:f5:65:eb:b8:5e:20:
                    78:e4:15:29:f1:31:2e:f2:ab:f0:35:3c:8e:15:b1:
                    b1:36:a2:62:64:9e:84:41:13:94:07:61:0f:fe:64:
                    a5:32:9b:05:52:44:b7:73:25:71:fc:bf:55:16:9c:
                    0a:8c:36:52:7a:a2:4c:6c:54:67:1e:b0:d2:f5:67:
                    87:37:44:60:de:ad:81:53:ed:24:68:54:8e:ef:21:
                    f2:6b:fb:48:ed:5f:e0:fb:ca:66:9d:6c:ac:3a:95:
                    e3:e0:cb:16:85:71:71:fc:35:2f:74:e1:e9:31:f3:
                    95:24:9e:20:6a:66:22:cc:2e:3d:37:26:a4:5c:6a:
                    9a:1a:7a:63:9d:d0:b0:85:c9:90:1a:65:a5:1c:a9:
                    d9:13:3a:6e:27:4c:5c:2f:5d:c8:a7:02:57:2e:01:
                    85:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:97:F6:40:0D:6A:35:AD:BC:8E:30:2B:F3:22:AE:5E:EF:DB:01:B6
            X509v3 Authority Key Identifier:
                keyid:81:CD:C1:7D:AD:03:BC:B9:BC:34:A9:E3:77:AB:20:70:85:2D:CA:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gc3Bfa0DvLm8NKnjd6sgcIUtymU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/Opf2QA1qNa28jjAr8yKuXu_bAbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/efc9f1-bec3-4771-b480-0184e81aead9/1/gc3Bfa0DvLm8NKnjd6sgcIUtymU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.96.0-45.12.98.255

    Signature Algorithm: sha256WithRSAEncryption
         85:be:6f:f0:64:67:3e:72:3c:fe:28:71:b8:06:16:b6:9a:bd:
         78:58:f7:71:6c:5f:c0:1b:5c:c3:fa:b5:28:29:e3:d7:61:e1:
         f0:38:81:03:03:32:8f:d9:93:85:46:15:8f:90:d5:04:1c:00:
         36:ae:fc:71:9e:de:7d:88:75:9f:d9:d5:d2:de:a9:ff:96:3c:
         17:9c:b5:d7:f6:5a:de:ac:a7:5f:3c:ac:5b:5b:04:2d:27:d3:
         1f:45:ff:1e:71:61:74:98:58:2f:18:cb:49:cf:53:6d:00:5c:
         d2:31:7b:57:f6:ec:87:99:4b:c1:05:24:cf:d3:99:97:20:f6:
         d7:91:c6:76:01:b0:83:ab:b7:98:55:af:eb:cc:40:5f:29:c7:
         61:a4:c1:d7:f6:f8:7e:d0:41:e6:78:19:99:76:f7:65:f4:c8:
         06:3b:a7:47:a1:61:85:ca:e7:4a:8d:73:c3:d5:82:d8:63:ba:
         4f:69:55:44:eb:f4:f2:41:7e:41:6a:ea:af:bf:9d:ff:a9:73:
         dc:70:d3:26:df:6d:0f:76:8a:e1:ec:35:08:2b:05:dd:1e:a2:
         a0:d3:5e:30:d0:4e:d8:be:b2:96:42:bc:22:0f:30:d5:fd:24:
         d2:9f:e3:c1:ce:6e:89:ea:55:c6:1a:be:31:d7:b8:b2:d2:9c:
         32:74:90:11
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt+N8KeV1bRn7FdPe53gUxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2RjMTdkYWQwM2JjYjliYzM0YTllMzc3YWIyMDcwODUy
ZGNhNjUwHhcNMjYwMTAyMTAxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk3ZjY0MDBkNmEzNWFkYmM4ZTMwMmJmMzIyYWU1ZWVmZGIwMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUG0/PqLIbuvF5Wt6p4Wy6lwV/F0
dvZb1bT5q8uKeLLd2Yp0kEI40G3KDApJ0lv+Kd6X6VKgvJ3nTa7kdRa8KjvQPkOM
RRYNQPEjqjnqrMkThak5Dmpjl/bWu62CJkL/cif1Zeu4XiB45BUp8TEu8qvwNTyO
FbGxNqJiZJ6EQROUB2EP/mSlMpsFUkS3cyVx/L9VFpwKjDZSeqJMbFRnHrDS9WeH
N0Rg3q2BU+0kaFSO7yHya/tI7V/g+8pmnWysOpXj4MsWhXFx/DUvdOHpMfOVJJ4g
amYizC49NyakXGqaGnpjndCwhcmQGmWlHKnZEzpuJ0xcL13IpwJXLgGFXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDqX9kANajWtvI4wK/Mirl7v2wG2MB8GA1UdIwQY
MBaAFIHNwX2tA7y5vDSp43erIHCFLcplMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2MzQmZhMER2TG04TktuamQ2c2djSVV0eW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9lZmM5ZjEtYmVjMy00NzcxLWI0ODAt
MDE4NGU4MWFlYWQ5LzEvT3BmMlFBMXFOYTI4ampBcjh5S3VYdV9iQWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9lZmM5ZjEtYmVjMy00NzcxLWI0ODAtMDE4NGU4MWFlYWQ5
LzEvZ2MzQmZhMER2TG04TktuamQ2c2djSVV0eW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAUtDGAD
BAAtDGIwDQYJKoZIhvcNAQELBQADggEBAIW+b/BkZz5yPP4ocbgGFraavXhY93Fs
X8AbXMP6tSgp49dh4fA4gQMDMo/Zk4VGFY+Q1QQcADau/HGe3n2IdZ/Z1dLeqf+W
PBectdf2Wt6sp188rFtbBC0n0x9F/x5xYXSYWC8Yy0nPU20AXNIxe1f27IeZS8EF
JM/TmZcg9teRxnYBsIOrt5hVr+vMQF8px2Gkwdf2+H7QQeZ4GZl292X0yAY7p0eh
YYXK50qNc8PVgthjuk9pVUTr9PJBfkFq6q+/nf+pc9xw0ybfbQ92iuHsNQgrBd0e
oqDTXjDQTti+spZCvCIPMNX9JNKf48HObonqVcYavjHXuLLSnDJ0kBE=
-----END CERTIFICATE-----