This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/rZIzlxjNqrmdhiYj8eZcD_DAyYQ.roa
File:                     rZIzlxjNqrmdhiYj8eZcD_DAyYQ.roa (raw, json)
Hash identifier:          HtYYyQJMTgOPk/TpOD1+JZFhzQ3pNzbNJ5gyclYza/w=
Subject key identifier:   AD:92:33:97:18:CD:AA:B9:9D:86:26:23:F1:E6:5C:0F:F0:C0:C9:84
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019B77593BA05EC28C3D6F996A03FBDD92B8
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/rZIzlxjNqrmdhiYj8eZcD_DAyYQ.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42979
IP address blocks:        45.95.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3b:a0:5e:c2:8c:3d:6f:99:6a:03:fb:dd:92:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad92339718cdaab99d862623f1e65c0ff0c0c984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:65:7d:4c:b3:d8:05:c4:bc:f3:dd:cf:9a:cb:
                    62:61:3a:23:a3:bd:1c:f2:58:24:ce:fa:f6:d0:a2:
                    76:18:e5:81:49:57:2b:4e:6a:fb:de:55:ad:2f:46:
                    b9:59:dc:88:6d:23:7a:d8:b8:d9:bf:8c:06:23:11:
                    d3:e7:80:57:2f:8c:68:46:7d:7a:94:a9:0f:51:b6:
                    b7:e9:b4:bc:72:d7:8f:da:1c:e9:f9:18:b7:24:2a:
                    e3:30:16:8b:62:a4:82:a3:c9:13:d4:71:14:9b:a6:
                    0f:4a:e3:29:89:d7:cc:ab:eb:87:bb:70:ad:01:0a:
                    0c:67:7d:f6:ef:82:64:b2:32:85:ae:cd:e6:a2:2e:
                    06:c2:ea:1a:92:41:d4:c4:f0:49:41:b2:0f:a9:07:
                    2f:37:68:45:bd:63:e7:57:af:8a:9a:7a:d9:3d:21:
                    f0:0f:23:c7:51:92:a8:45:90:fe:82:98:7a:e4:75:
                    79:92:a8:ad:ae:d7:53:cc:6d:7c:98:22:a9:df:ae:
                    ef:7e:8b:82:69:ae:98:f5:c4:27:62:7e:c7:17:2d:
                    14:ec:c4:cb:59:9d:d0:ed:b2:3d:0a:dc:25:6a:81:
                    99:41:10:7e:53:11:8a:f1:79:f6:34:47:2d:87:91:
                    79:9f:62:ed:37:e1:9f:a9:2a:8d:82:e0:d1:3a:b6:
                    ad:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:92:33:97:18:CD:AA:B9:9D:86:26:23:F1:E6:5C:0F:F0:C0:C9:84
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/rZIzlxjNqrmdhiYj8eZcD_DAyYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e0:6a:86:a5:1c:16:a8:4d:2a:38:5d:39:33:99:09:ca:d2:
         04:24:ee:4b:37:db:9e:5f:65:87:5a:f5:31:3e:98:25:93:95:
         f4:4f:4e:f6:ab:a0:1f:94:e0:c3:30:77:69:26:79:c6:34:f7:
         5f:6b:6e:04:f4:df:c9:73:53:3d:24:de:db:25:62:ae:c4:d6:
         b1:68:c8:5d:1d:18:f6:17:08:c1:63:be:fe:03:5a:49:66:8c:
         f6:d7:96:4a:6b:28:f5:f0:46:96:50:9e:ea:a7:b9:95:d8:8b:
         cd:d0:b8:0a:21:2f:b0:a7:f6:e7:3a:13:a0:28:81:57:b5:c8:
         0a:1d:bf:3b:cd:1b:d1:d0:64:16:60:df:59:a6:78:5f:d7:5d:
         c7:72:b4:35:fb:c0:50:ef:0c:bb:f5:1b:5f:1a:6c:4b:37:d1:
         96:f9:56:52:e3:64:89:77:59:44:02:59:bc:73:6f:ec:72:9b:
         97:a4:1e:f7:d4:d0:30:f4:7b:5b:41:a2:2c:b0:85:3c:ea:ca:
         ab:57:b4:f2:4c:70:84:23:95:9e:8e:36:87:9c:b6:e3:f4:4c:
         ce:d2:4d:d6:59:42:71:de:11:5c:09:03:38:2a:12:48:ec:90:
         5d:70:83:26:6a:00:74:74:98:32:f6:de:fc:ea:b9:08:7e:66:
         4b:87:89:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WTugXsKMPW+ZagP73ZK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDkyMzM5NzE4Y2RhYWI5OWQ4NjI2MjNmMWU2NWMwZmYwYzBjOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGV9TLPYBcS8893PmstiYTojo70c
8lgkzvr20KJ2GOWBSVcrTmr73lWtL0a5WdyIbSN62LjZv4wGIxHT54BXL4xoRn16
lKkPUba36bS8cteP2hzp+Ri3JCrjMBaLYqSCo8kT1HEUm6YPSuMpidfMq+uHu3Ct
AQoMZ33274JksjKFrs3moi4GwuoakkHUxPBJQbIPqQcvN2hFvWPnV6+KmnrZPSHw
DyPHUZKoRZD+gph65HV5kqitrtdTzG18mCKp367vfouCaa6Y9cQnYn7HFy0U7MTL
WZ3Q7bI9CtwlaoGZQRB+UxGK8Xn2NEcth5F5n2LtN+GfqSqNguDROrat6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2SM5cYzaq5nYYmI/HmXA/wwMmEMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvclpJemx4ak5xcm1kaGlZajhlWmNEX0RBeVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8hMA0G
CSqGSIb3DQEBCwUAA4IBAQAs4GqGpRwWqE0qOF05M5kJytIEJO5LN9ueX2WHWvUx
Ppglk5X0T072q6AflODDMHdpJnnGNPdfa24E9N/Jc1M9JN7bJWKuxNaxaMhdHRj2
FwjBY77+A1pJZoz215ZKayj18EaWUJ7qp7mV2IvN0LgKIS+wp/bnOhOgKIFXtcgK
Hb87zRvR0GQWYN9Zpnhf113HcrQ1+8BQ7wy79RtfGmxLN9GW+VZS42SJd1lEAlm8
c2/scpuXpB731NAw9HtbQaIssIU86sqrV7TyTHCEI5WejjaHnLbj9EzO0k3WWUJx
3hFcCQM4KhJI7JBdcIMmagB0dJgy9t786rkIfmZLh4nK
-----END CERTIFICATE-----