This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/NwpxsBvkXInCfE7s58C2EVrv1wo.roa
File:                     NwpxsBvkXInCfE7s58C2EVrv1wo.roa (raw, json)
Hash identifier:          T0KsGiCR7aM3uhR3oT8/7BFXwqzPIAkn3MY+dfdaeXY=
Subject key identifier:   37:0A:71:B0:1B:E4:5C:89:C2:7C:4E:EC:E7:C0:B6:11:5A:EF:D7:0A
Certificate issuer:       /CN=f10101fbfa863fe45eae2bf6b97e0efe7ec83125
Certificate serial:       019B7758F41AFCD8A1860506D21924225BA0
Authority key identifier: F1:01:01:FB:FA:86:3F:E4:5E:AE:2B:F6:B9:7E:0E:FE:7E:C8:31:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/NwpxsBvkXInCfE7s58C2EVrv1wo.roa
Signing time:             Thu 01 Jan 2026 02:17:56 +0000
ROA not before:           Thu 01 Jan 2026 02:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49223
IP address blocks:        45.67.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f4:1a:fc:d8:a1:86:05:06:d2:19:24:22:5b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10101fbfa863fe45eae2bf6b97e0efe7ec83125
        Validity
            Not Before: Jan  1 02:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=370a71b01be45c89c27c4eece7c0b6115aefd70a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:43:f9:a8:fa:47:5a:a4:9a:2b:08:36:62:92:
                    3f:4c:74:55:c8:3b:f3:0c:b5:76:f1:ce:78:74:3c:
                    16:10:49:f6:dd:19:68:32:9a:05:eb:7a:81:d5:8b:
                    30:40:31:62:67:c5:bb:95:fd:72:86:85:5c:64:2b:
                    cf:66:73:ab:b2:e7:9b:48:36:b5:1e:92:c5:3e:72:
                    70:cf:bd:92:e7:ee:a8:e3:96:c1:3e:57:df:0c:f5:
                    fc:da:32:c7:0a:a9:48:33:a8:47:90:c7:75:6f:de:
                    45:62:85:3f:18:a4:40:6f:79:a7:d8:0c:49:87:6c:
                    d4:ce:8c:c0:7a:62:ff:ca:66:25:ce:6d:ba:84:de:
                    e0:87:e6:68:5f:6f:f6:e6:63:bf:b6:93:ae:30:ca:
                    73:18:f7:ba:cf:f5:94:44:3e:9e:73:6a:09:68:ee:
                    96:0d:8e:91:47:22:c2:19:48:48:65:37:fb:43:f5:
                    41:c7:64:79:79:77:51:4a:56:d4:9d:78:f2:25:46:
                    a2:38:12:60:a6:2a:b0:4b:95:c5:41:b8:98:c4:65:
                    2d:32:96:15:fb:e2:72:25:d4:f8:33:f0:20:63:45:
                    8e:d8:1d:2f:ef:cc:4e:5c:6d:0e:da:9a:87:7d:7f:
                    2e:1c:de:b3:e1:13:c9:d8:d0:48:68:7a:3f:f6:6c:
                    86:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0A:71:B0:1B:E4:5C:89:C2:7C:4E:EC:E7:C0:B6:11:5A:EF:D7:0A
            X509v3 Authority Key Identifier:
                keyid:F1:01:01:FB:FA:86:3F:E4:5E:AE:2B:F6:B9:7E:0E:FE:7E:C8:31:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QEB-_qGP-Reriv2uX4O_n7IMSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/NwpxsBvkXInCfE7s58C2EVrv1wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e1f80c-d920-42d4-891f-de2641d44fa0/1/8QEB-_qGP-Reriv2uX4O_n7IMSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:0c:0b:8f:db:e0:b8:78:85:49:e1:7c:f7:a7:53:9d:6f:90:
         db:c0:10:7c:01:07:48:ce:2e:3b:c4:f4:f0:93:31:d7:29:7f:
         79:fe:45:6f:6e:a3:50:09:63:39:2f:32:96:f5:fd:1d:db:ea:
         ca:94:1c:6d:21:58:29:81:4b:a5:76:83:c6:2c:e0:99:b9:d3:
         87:1e:30:ab:a2:a4:d9:ce:46:e6:c7:c2:fc:f3:a1:0f:e7:72:
         fd:3e:71:ac:c4:9c:fc:a7:67:bd:45:6e:15:6f:dd:6f:b9:ea:
         78:28:be:5e:21:1a:6d:97:8b:3f:40:83:03:6d:b5:e0:61:ec:
         78:1e:89:5e:35:4c:8a:7c:de:86:79:b3:51:f6:3e:27:88:c3:
         52:41:09:54:33:e7:5b:e5:97:13:ba:3c:2c:60:37:8e:34:19:
         55:a9:50:51:a0:cd:76:ac:23:7e:44:0b:cb:bc:d2:3c:e4:de:
         04:5a:3f:c6:1a:f3:3e:4d:f6:08:ff:cb:a2:34:18:a8:9a:d0:
         f2:84:76:bc:7b:f2:b7:ae:5a:d3:c2:03:95:43:a4:9c:05:d8:
         07:46:e4:f6:87:51:75:93:39:16:74:f5:6a:be:a7:d6:fe:51:
         a3:fa:95:0a:57:77:7e:90:9f:26:de:b0:3c:3d:85:53:10:7e:
         31:20:eb:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WPQa/NihhgUG0hkkIlugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMDEwMWZiZmE4NjNmZTQ1ZWFlMmJmNmI5N2UwZWZlN2Vj
ODMxMjUwHhcNMjYwMTAxMDIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBhNzFiMDFiZTQ1Yzg5YzI3YzRlZWNlN2MwYjYxMTVhZWZkNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0P5qPpHWqSaKwg2YpI/THRVyDvz
DLV28c54dDwWEEn23RloMpoF63qB1YswQDFiZ8W7lf1yhoVcZCvPZnOrsuebSDa1
HpLFPnJwz72S5+6o45bBPlffDPX82jLHCqlIM6hHkMd1b95FYoU/GKRAb3mn2AxJ
h2zUzozAemL/ymYlzm26hN7gh+ZoX2/25mO/tpOuMMpzGPe6z/WURD6ec2oJaO6W
DY6RRyLCGUhIZTf7Q/VBx2R5eXdRSlbUnXjyJUaiOBJgpiqwS5XFQbiYxGUtMpYV
++JyJdT4M/AgY0WO2B0v78xOXG0O2pqHfX8uHN6z4RPJ2NBIaHo/9myG8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcKcbAb5FyJwnxO7OfAthFa79cKMB8GA1UdIwQY
MBaAFPEBAfv6hj/kXq4r9rl+Dv5+yDElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFFFQi1fcUdQLVJlcml2MnVYNE9fbjdJTVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9lMWY4MGMtZDkyMC00MmQ0LTg5MWYt
ZGUyNjQxZDQ0ZmEwLzEvTndweHNCdmtYSW5DZkU3czU4QzJFVnJ2MXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9lMWY4MGMtZDkyMC00MmQ0LTg5MWYtZGUyNjQxZDQ0ZmEw
LzEvOFFFQi1fcUdQLVJlcml2MnVYNE9fbjdJTVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUMUMA0G
CSqGSIb3DQEBCwUAA4IBAQBdDAuP2+C4eIVJ4Xz3p1Odb5DbwBB8AQdIzi47xPTw
kzHXKX95/kVvbqNQCWM5LzKW9f0d2+rKlBxtIVgpgUuldoPGLOCZudOHHjCroqTZ
zkbmx8L886EP53L9PnGsxJz8p2e9RW4Vb91vuep4KL5eIRptl4s/QIMDbbXgYex4
HoleNUyKfN6GebNR9j4niMNSQQlUM+db5ZcTujwsYDeONBlVqVBRoM12rCN+RAvL
vNI85N4EWj/GGvM+TfYI/8uiNBiomtDyhHa8e/K3rlrTwgOVQ6ScBdgHRuT2h1F1
kzkWdPVqvqfW/lGj+pUKV3d+kJ8m3rA8PYVTEH4xIOtd
-----END CERTIFICATE-----