This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/5S9zgsI7YdgCuLrcxrJgJGgaXio.roa
File:                     5S9zgsI7YdgCuLrcxrJgJGgaXio.roa (raw, json)
Hash identifier:          0SOHInOOcBkpkEBjrdDgxxRvZ1Vm8a53UcIVrdFkYco=
Subject key identifier:   E5:2F:73:82:C2:3B:61:D8:02:B8:BA:DC:C6:B2:60:24:68:1A:5E:2A
Certificate issuer:       /CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
Certificate serial:       019B797E244017A5E6B6B0FB0E764B085E8E
Authority key identifier: D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/5S9zgsI7YdgCuLrcxrJgJGgaXio.roa
Signing time:             Thu 01 Jan 2026 12:17:48 +0000
ROA not before:           Thu 01 Jan 2026 12:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214988
IP address blocks:        45.145.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:24:40:17:a5:e6:b6:b0:fb:0e:76:4b:08:5e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
        Validity
            Not Before: Jan  1 12:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e52f7382c23b61d802b8badcc6b26024681a5e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:49:4d:6e:ce:a5:25:a5:50:4a:dd:5c:3c:57:
                    08:f9:5d:09:9f:60:2d:fe:ac:dd:55:47:65:04:fc:
                    38:0c:65:f3:71:a7:26:4e:29:ca:29:90:91:d6:25:
                    e1:95:49:8c:e6:ab:c1:2f:38:5c:64:2a:cf:e8:ac:
                    9e:a3:b9:f3:96:ea:c6:40:29:1d:fc:fe:72:db:4f:
                    9e:27:6b:b6:65:75:70:0d:6c:86:00:1f:23:e9:20:
                    9b:39:1c:53:0d:81:a0:1e:ae:07:ad:2d:e5:8d:ba:
                    1f:31:fc:0e:5a:df:f2:88:66:b7:12:45:a5:49:13:
                    1e:a4:30:3e:36:93:c8:05:ec:6a:05:04:c3:20:08:
                    06:05:16:91:4a:a3:eb:f5:a5:a7:e5:27:0a:71:73:
                    6d:51:7f:57:5f:4b:40:ea:05:82:c5:27:79:a8:e4:
                    4d:97:db:08:a5:d5:6d:89:1f:a2:37:8a:d6:31:2a:
                    24:dd:c0:0a:84:09:15:28:a3:2a:0f:38:ac:ce:ae:
                    41:67:a9:27:2d:7a:30:61:ec:38:9e:32:11:05:5c:
                    96:a7:85:35:95:1a:91:89:3c:b8:b6:2f:e7:04:66:
                    d1:d3:f3:c4:00:57:b7:e5:dd:b9:e8:ed:5b:2f:f1:
                    de:07:7d:9d:d5:95:f7:7b:fa:6b:b8:ad:ef:12:17:
                    86:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:2F:73:82:C2:3B:61:D8:02:B8:BA:DC:C6:B2:60:24:68:1A:5E:2A
            X509v3 Authority Key Identifier:
                keyid:D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/5S9zgsI7YdgCuLrcxrJgJGgaXio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:20:ef:1a:1c:97:9a:b0:86:65:62:f7:e7:12:f5:15:52:6d:
         03:c3:19:05:a2:a0:fd:b5:e8:9e:7b:a5:a6:aa:1c:1d:34:35:
         43:86:a6:7a:f5:4c:a8:98:3e:61:57:59:9c:90:83:39:b5:44:
         45:06:19:48:b9:c4:0c:32:e5:ed:77:e3:b4:78:cc:9c:0a:01:
         b4:99:30:ba:14:d6:8d:be:1e:15:44:1a:eb:69:6b:8c:81:67:
         a4:18:12:ab:6b:b3:aa:8f:24:35:01:a9:eb:87:26:5c:45:4e:
         b1:2b:78:8b:db:1f:b5:ae:57:a0:21:8c:96:75:10:fb:21:91:
         77:cb:33:2d:8e:47:75:5c:9c:c7:5f:69:7d:62:5c:c6:0f:4a:
         63:45:c8:c5:42:01:fe:b3:21:0c:82:81:be:d3:5a:a3:3c:10:
         44:fb:68:3b:2f:9d:76:5d:46:ea:7e:8e:45:3e:6a:44:c9:cd:
         04:35:fa:a9:83:fe:70:e3:3e:fb:05:22:f0:98:9d:4f:b7:20:
         f4:29:2b:78:98:b7:6a:17:e7:01:e4:9d:79:d3:b1:a1:fd:a9:
         9b:43:2a:3d:ba:9a:d8:41:d9:80:04:5b:ea:2d:78:88:88:41:
         39:4a:47:a4:d1:53:47:f0:7a:08:f8:22:c6:ee:ff:02:8a:02:
         ea:56:a4:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fiRAF6XmtrD7DnZLCF6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2RjMzVlYmNkODhkZDBlMmE4ZGIzYTVhMDg2NTRiYzNi
ZTAyNjIwHhcNMjYwMTAxMTIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTJmNzM4MmMyM2I2MWQ4MDJiOGJhZGNjNmIyNjAyNDY4MWE1ZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0lNbs6lJaVQSt1cPFcI+V0Jn2At
/qzdVUdlBPw4DGXzcacmTinKKZCR1iXhlUmM5qvBLzhcZCrP6Kyeo7nzlurGQCkd
/P5y20+eJ2u2ZXVwDWyGAB8j6SCbORxTDYGgHq4HrS3ljbofMfwOWt/yiGa3EkWl
SRMepDA+NpPIBexqBQTDIAgGBRaRSqPr9aWn5ScKcXNtUX9XX0tA6gWCxSd5qORN
l9sIpdVtiR+iN4rWMSok3cAKhAkVKKMqDziszq5BZ6knLXowYew4njIRBVyWp4U1
lRqRiTy4ti/nBGbR0/PEAFe35d256O1bL/HeB32d1ZX3e/pruK3vEheGRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUvc4LCO2HYAri63MayYCRoGl4qMB8GA1UdIwQY
MBaAFNB9w1682I3Q4qjbOloIZUvDvgJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEt
Y2JhYTQyYTYyNzI3LzEvNVM5emdzSTdZZGdDdUxyY3hySmdKR2dhWGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEtY2JhYTQyYTYyNzI3
LzEvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZGMMA0G
CSqGSIb3DQEBCwUAA4IBAQAGIO8aHJeasIZlYvfnEvUVUm0DwxkFoqD9teiee6Wm
qhwdNDVDhqZ69UyomD5hV1mckIM5tURFBhlIucQMMuXtd+O0eMycCgG0mTC6FNaN
vh4VRBrraWuMgWekGBKra7OqjyQ1AanrhyZcRU6xK3iL2x+1rlegIYyWdRD7IZF3
yzMtjkd1XJzHX2l9YlzGD0pjRcjFQgH+syEMgoG+01qjPBBE+2g7L512XUbqfo5F
PmpEyc0ENfqpg/5w4z77BSLwmJ1PtyD0KSt4mLdqF+cB5J1507Gh/ambQyo9uprY
QdmABFvqLXiIiEE5Skek0VNH8HoI+CLG7v8CigLqVqQa
-----END CERTIFICATE-----