This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/pCSMBqmn-2xkRzGOrRbDhgjt1ZQ.roa
File:                     pCSMBqmn-2xkRzGOrRbDhgjt1ZQ.roa (raw, json)
Hash identifier:          qEIf3vrVO3maTFTQZWMGFxBk+5hFDaz1/E5BMr9cl+o=
Subject key identifier:   A4:24:8C:06:A9:A7:FB:6C:64:47:31:8E:AD:16:C3:86:08:ED:D5:94
Certificate issuer:       /CN=24bc98ddeefdb561aa69eca7349060d84059e192
Certificate serial:       019B7CEE014F635442AFDF19F74222707945
Authority key identifier: 24:BC:98:DD:EE:FD:B5:61:AA:69:EC:A7:34:90:60:D8:40:59:E1:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/pCSMBqmn-2xkRzGOrRbDhgjt1ZQ.roa
Signing time:             Fri 02 Jan 2026 04:18:51 +0000
ROA not before:           Fri 02 Jan 2026 04:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208905
IP address blocks:        45.133.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:01:4f:63:54:42:af:df:19:f7:42:22:70:79:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24bc98ddeefdb561aa69eca7349060d84059e192
        Validity
            Not Before: Jan  2 04:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4248c06a9a7fb6c6447318ead16c38608edd594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5b:b8:bd:55:f4:e8:57:a2:fb:8a:44:3f:02:
                    ab:da:ea:1b:b8:d2:7a:b7:0c:b4:f1:a8:47:82:ff:
                    9b:cd:76:ac:35:ab:a8:ae:59:19:31:7f:e4:85:9b:
                    1e:50:90:1d:ee:4a:32:29:27:2c:90:65:8b:04:b7:
                    63:20:25:7e:b4:d0:0b:ac:7e:b9:e8:88:6f:63:83:
                    04:48:df:5e:71:b3:d0:5d:e1:8d:92:13:84:c6:1e:
                    41:ff:19:1e:08:17:a9:93:1a:18:1a:31:4a:38:7c:
                    f9:4f:ac:95:73:f4:0e:d3:75:6c:b0:53:ed:3f:f6:
                    d2:c9:d7:ab:f3:85:77:a4:2c:10:14:9b:86:9f:a3:
                    3d:43:3d:f3:ba:f2:0b:86:91:b1:0e:63:2e:e9:49:
                    35:65:e8:a8:a3:48:aa:fe:09:b1:bc:3d:8d:a1:95:
                    b1:a3:b9:81:18:6a:90:4a:d1:0a:7a:89:57:04:1e:
                    ce:c5:c8:e1:0d:de:ae:50:da:f7:c9:75:d5:db:d5:
                    16:35:7a:7d:71:af:4b:37:c0:3d:86:dc:7f:51:7a:
                    50:8a:36:86:bb:e3:7f:9a:32:5a:c8:ad:60:1e:43:
                    30:ad:b7:68:a4:33:3b:db:05:ca:0c:ac:8d:36:fa:
                    f3:f4:89:0c:af:bd:95:c2:52:36:1d:32:b7:43:85:
                    a0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:24:8C:06:A9:A7:FB:6C:64:47:31:8E:AD:16:C3:86:08:ED:D5:94
            X509v3 Authority Key Identifier:
                keyid:24:BC:98:DD:EE:FD:B5:61:AA:69:EC:A7:34:90:60:D8:40:59:E1:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/pCSMBqmn-2xkRzGOrRbDhgjt1ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:4e:61:b2:af:96:1e:4c:3b:f9:8e:43:18:b6:4e:b8:2d:3b:
         6b:6d:2a:a7:2f:2d:20:21:fb:1a:51:dd:6c:47:fe:02:17:6d:
         db:98:7a:28:43:e3:d9:d7:4d:67:53:bd:b0:53:cc:74:cb:8f:
         6c:74:6a:cc:e6:42:54:df:25:b0:c9:a7:70:62:75:2d:00:8b:
         5e:b1:1c:0c:11:a8:b6:38:2e:81:de:07:f7:93:7e:26:43:70:
         1a:10:26:f5:b6:ee:03:54:5e:e4:85:83:66:9c:dd:fb:82:74:
         38:c6:1b:62:32:ff:db:11:04:1f:21:2a:78:58:43:90:48:0c:
         86:72:62:e0:72:71:04:22:83:fc:6d:84:43:2e:86:da:34:51:
         28:bf:bf:40:59:99:ba:a1:e0:83:1e:7f:c3:9d:bf:2a:da:76:
         a8:0c:60:d5:b0:d7:ac:f2:43:72:e0:35:86:99:06:80:87:47:
         43:75:94:1c:82:59:70:93:00:d1:1d:7a:c1:bd:60:0d:82:a0:
         ec:04:15:10:bd:77:a2:25:d3:43:5d:1b:5a:9f:4e:d4:29:0e:
         31:5b:6c:31:9d:a0:37:ee:30:01:da:a1:38:1b:cc:b0:f7:e6:
         90:23:53:6a:7e:8e:9e:28:39:b5:35:86:42:1c:71:27:fd:48:
         fa:df:8e:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87gFPY1RCr98Z90IicHlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YmM5OGRkZWVmZGI1NjFhYTY5ZWNhNzM0OTA2MGQ4NDA1
OWUxOTIwHhcNMjYwMTAyMDQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI0OGMwNmE5YTdmYjZjNjQ0NzMxOGVhZDE2YzM4NjA4ZWRkNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFu4vVX06Fei+4pEPwKr2uobuNJ6
twy08ahHgv+bzXasNauorlkZMX/khZseUJAd7koyKScskGWLBLdjICV+tNALrH65
6IhvY4MESN9ecbPQXeGNkhOExh5B/xkeCBepkxoYGjFKOHz5T6yVc/QO03VssFPt
P/bSyder84V3pCwQFJuGn6M9Qz3zuvILhpGxDmMu6Uk1Zeioo0iq/gmxvD2NoZWx
o7mBGGqQStEKeolXBB7OxcjhDd6uUNr3yXXV29UWNXp9ca9LN8A9htx/UXpQijaG
u+N/mjJayK1gHkMwrbdopDM72wXKDKyNNvrz9IkMr72VwlI2HTK3Q4WgxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQkjAapp/tsZEcxjq0Ww4YI7dWUMB8GA1UdIwQY
MBaAFCS8mN3u/bVhqmnspzSQYNhAWeGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkx5WTNlNzl0V0dxYWV5bk5KQmcyRUJaNFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84OWZlNWItNGZkYS00ZDA0LTk5YjQt
ZjQ5NzY0ZmY0OGVhLzEvcENTTUJxbW4tMnhrUnpHT3JSYkRoZ2p0MVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84OWZlNWItNGZkYS00ZDA0LTk5YjQtZjQ5NzY0ZmY0OGVh
LzEvSkx5WTNlNzl0V0dxYWV5bk5KQmcyRUJaNFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYXxMA0G
CSqGSIb3DQEBCwUAA4IBAQC1TmGyr5YeTDv5jkMYtk64LTtrbSqnLy0gIfsaUd1s
R/4CF23bmHooQ+PZ101nU72wU8x0y49sdGrM5kJU3yWwyadwYnUtAItesRwMEai2
OC6B3gf3k34mQ3AaECb1tu4DVF7khYNmnN37gnQ4xhtiMv/bEQQfISp4WEOQSAyG
cmLgcnEEIoP8bYRDLobaNFEov79AWZm6oeCDHn/Dnb8q2naoDGDVsNes8kNy4DWG
mQaAh0dDdZQcgllwkwDRHXrBvWANgqDsBBUQvXeiJdNDXRtan07UKQ4xW2wxnaA3
7jAB2qE4G8yw9+aQI1Nqfo6eKDm1NYZCHHEn/Uj6344t
-----END CERTIFICATE-----