This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/0dbyZwebQgTGMD5-wPhJH6_Pd5I.roa
File:                     0dbyZwebQgTGMD5-wPhJH6_Pd5I.roa (raw, json)
Hash identifier:          rG5nZgpv1Ah9jz+mC9094dW59+5lFAhfWaH5ssnQtAk=
Subject key identifier:   D1:D6:F2:67:07:9B:42:04:C6:30:3E:7E:C0:F8:49:1F:AF:CF:77:92
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019B77593D2402B47BFB2EF0AE7F365C7C2F
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/0dbyZwebQgTGMD5-wPhJH6_Pd5I.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        45.95.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3d:24:02:b4:7b:fb:2e:f0:ae:7f:36:5c:7c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1d6f267079b4204c6303e7ec0f8491fafcf7792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d3:8c:bc:bf:ea:bd:13:d6:65:73:4f:e4:51:
                    ba:df:51:11:1b:9a:4c:04:69:83:48:21:2e:ed:23:
                    b3:05:a7:20:21:ee:90:f7:9a:f7:12:80:c7:09:f8:
                    f1:cf:70:33:1e:90:8a:54:5e:38:90:90:bf:1a:38:
                    18:60:e3:c3:27:aa:b8:2f:a2:9e:bc:b4:9c:a1:47:
                    b0:8d:62:c5:ba:9c:22:11:49:c2:64:93:25:ae:ce:
                    32:1e:63:06:61:f3:a5:ef:d1:84:54:ec:00:7d:c5:
                    d1:f8:be:e8:29:6f:14:f1:31:e6:82:79:3e:6b:ab:
                    d8:e9:7a:6b:72:a8:ed:a9:93:c0:56:24:24:d9:dc:
                    82:ee:98:3b:02:e8:40:c1:76:56:27:fa:d4:32:37:
                    ab:e0:3a:5e:0d:c1:bc:75:e5:43:9f:47:cc:c8:58:
                    3f:89:72:3b:8f:66:8b:48:fa:92:4b:33:4f:8f:7f:
                    3e:87:08:04:e1:82:09:84:7c:2b:0c:d7:d7:5a:b2:
                    59:fe:89:8d:0c:d7:bf:29:1c:7c:3e:45:25:66:6a:
                    4c:58:36:92:bb:d1:84:0b:94:dc:99:31:03:c1:d0:
                    0a:b5:91:0c:5a:c9:d1:a3:85:58:36:75:96:07:78:
                    76:8a:75:c5:cf:25:55:66:40:70:a0:59:26:b3:ce:
                    6e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D6:F2:67:07:9B:42:04:C6:30:3E:7E:C0:F8:49:1F:AF:CF:77:92
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/0dbyZwebQgTGMD5-wPhJH6_Pd5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:b7:c1:60:6c:43:9c:38:6e:80:55:3e:87:f7:71:62:26:ad:
         ff:2a:4b:7d:52:4c:ee:11:70:5d:5d:13:e0:c3:04:e5:db:78:
         ff:9f:91:73:b9:aa:c8:a4:36:3f:d6:ed:ea:86:5e:3d:95:70:
         f9:a4:83:09:b1:51:e8:bb:57:14:4c:21:9b:5d:6a:e3:c2:3e:
         25:23:7a:8d:f2:d9:b7:c8:a3:9b:55:9f:09:10:c2:50:72:04:
         c2:90:fd:3d:ca:63:ce:dd:72:09:92:3b:ef:ce:c0:96:45:3a:
         4b:5a:cb:a1:bc:98:e4:8e:aa:3d:33:f1:7a:f9:8a:49:cc:54:
         ec:85:f1:92:cf:ee:f1:cf:c2:e2:05:c2:0b:18:16:58:f6:32:
         60:0c:28:8c:9e:d5:b6:d8:76:f3:af:28:7e:ad:8f:2a:04:1f:
         85:d7:e1:b9:41:36:fd:73:91:2d:ed:5e:42:ee:a5:41:a5:5a:
         9e:26:a7:f9:fc:8a:c9:82:af:10:c5:da:6a:82:b5:80:c8:ae:
         cc:d1:fc:29:4e:37:44:8a:b7:a2:06:96:60:17:9c:da:57:90:
         ce:1e:a8:f4:83:7b:65:9a:8a:45:b8:68:d9:22:f4:b1:1c:0d:
         81:30:04:0b:05:9b:b8:3a:7b:f4:10:ee:02:1f:b4:63:a4:3e:
         82:fc:f6:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WT0kArR7+y7wrn82XHwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQ2ZjI2NzA3OWI0MjA0YzYzMDNlN2VjMGY4NDkxZmFmY2Y3NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9OMvL/qvRPWZXNP5FG631ERG5pM
BGmDSCEu7SOzBacgIe6Q95r3EoDHCfjxz3AzHpCKVF44kJC/GjgYYOPDJ6q4L6Ke
vLScoUewjWLFupwiEUnCZJMlrs4yHmMGYfOl79GEVOwAfcXR+L7oKW8U8THmgnk+
a6vY6XprcqjtqZPAViQk2dyC7pg7AuhAwXZWJ/rUMjer4DpeDcG8deVDn0fMyFg/
iXI7j2aLSPqSSzNPj38+hwgE4YIJhHwrDNfXWrJZ/omNDNe/KRx8PkUlZmpMWDaS
u9GEC5TcmTEDwdAKtZEMWsnRo4VYNnWWB3h2inXFzyVVZkBwoFkms85ugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHW8mcHm0IExjA+fsD4SR+vz3eSMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvMGRieVp3ZWJRZ1RHTUQ1LXdQaEpINl9QZDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8jMA0G
CSqGSIb3DQEBCwUAA4IBAQCwt8FgbEOcOG6AVT6H93FiJq3/Kkt9UkzuEXBdXRPg
wwTl23j/n5FzuarIpDY/1u3qhl49lXD5pIMJsVHou1cUTCGbXWrjwj4lI3qN8tm3
yKObVZ8JEMJQcgTCkP09ymPO3XIJkjvvzsCWRTpLWsuhvJjkjqo9M/F6+YpJzFTs
hfGSz+7xz8LiBcILGBZY9jJgDCiMntW22Hbzryh+rY8qBB+F1+G5QTb9c5Et7V5C
7qVBpVqeJqf5/IrJgq8QxdpqgrWAyK7M0fwpTjdEireiBpZgF5zaV5DOHqj0g3tl
mopFuGjZIvSxHA2BMAQLBZu4Onv0EO4CH7RjpD6C/Pba
-----END CERTIFICATE-----