This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/z047C1wYzoMzrQTLBqTmrS5Dnm0.roa
File:                     z047C1wYzoMzrQTLBqTmrS5Dnm0.roa (raw, json)
Hash identifier:          ouNWfOaKbziuA8U/0m6ROGJ8ZWs2dgT2My13rJqmHIg=
Subject key identifier:   CF:4E:3B:0B:5C:18:CE:83:33:AD:04:CB:06:A4:E6:AD:2E:43:9E:6D
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EAB6B885750E6A69832C2E418117CC
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/z047C1wYzoMzrQTLBqTmrS5Dnm0.roa
Signing time:             Thu 01 Jan 2026 00:17:32 +0000
ROA not before:           Thu 01 Jan 2026 00:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28459
IP address blocks:        45.8.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:b6:b8:85:75:0e:6a:69:83:2c:2e:41:81:17:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf4e3b0b5c18ce8333ad04cb06a4e6ad2e439e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:42:75:fb:9a:ba:1c:99:7b:f0:89:08:e2:30:
                    c8:a4:66:8e:d9:3a:12:63:4a:72:b9:ae:dc:46:1e:
                    81:18:f1:4b:21:57:d0:d3:86:48:de:ed:14:ec:93:
                    2f:ad:4e:46:32:59:b5:bd:98:b7:81:bd:7d:c8:92:
                    44:91:35:b1:cf:bc:33:82:d2:45:7d:c5:ad:d0:a9:
                    5d:63:51:e8:5b:9f:65:8d:6a:7c:8d:67:e2:69:de:
                    2c:74:3f:38:9c:88:09:3c:71:28:19:01:b4:4b:b6:
                    19:fb:95:9e:81:49:b6:0b:04:16:7e:75:3f:60:0d:
                    2e:b2:e5:0c:d8:bb:01:db:fa:dd:b1:0d:c4:92:b6:
                    70:9a:74:7e:da:86:53:a1:24:a7:f7:ae:b7:05:72:
                    b8:ac:ce:54:07:13:0d:a9:79:04:db:de:d9:a0:29:
                    ec:cc:02:a2:8a:54:5d:62:94:88:02:62:a7:ed:6b:
                    8d:af:75:b1:ab:a5:71:63:97:0b:01:3d:00:c4:aa:
                    bf:f5:c2:0e:c6:94:e4:d4:af:1c:03:f3:3f:d0:ad:
                    f3:c0:c2:e3:62:de:ea:8e:3c:1e:1f:fe:19:71:f5:
                    e6:6a:63:11:ed:39:53:a1:65:07:b8:86:f7:5f:b6:
                    b5:8b:e5:a6:e3:01:ed:a2:6d:8d:83:78:e7:01:8d:
                    46:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4E:3B:0B:5C:18:CE:83:33:AD:04:CB:06:A4:E6:AD:2E:43:9E:6D
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/z047C1wYzoMzrQTLBqTmrS5Dnm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ae:61:e2:24:b9:1f:04:7f:0d:ec:63:a3:67:10:f0:ed:eb:
         18:1d:b2:97:7e:f7:3c:e7:10:87:86:fa:96:e6:a9:b6:06:12:
         bd:46:d5:14:a4:8f:c3:28:fe:d5:55:0d:66:9b:59:a1:3d:a9:
         41:7d:bb:55:01:14:4c:18:27:e5:d8:7f:96:c4:eb:83:ed:f7:
         76:95:68:ec:fb:52:95:07:41:5d:b8:26:8c:9e:61:d8:36:1d:
         30:85:bd:54:6a:ea:ec:76:90:e3:3c:c0:8b:eb:e5:5b:f9:b9:
         c5:fd:53:f5:8d:ae:db:e0:d2:18:7f:71:38:fb:f6:49:74:36:
         0c:90:7e:0a:55:75:73:b5:e3:c1:65:2c:8e:9e:81:af:5e:d3:
         ac:25:ae:33:f2:66:95:85:0f:41:8e:13:70:97:36:52:fa:9a:
         56:3a:d0:81:39:d9:2d:41:1e:c7:9e:c0:2e:22:73:ca:94:aa:
         dc:99:bd:fe:0d:93:9f:2a:49:46:6c:b1:ed:28:1d:7f:71:ce:
         1b:d8:2b:78:18:a6:e4:3d:e2:12:3a:49:ee:3f:b4:5e:23:14:
         8a:f1:c6:05:d2:e5:8f:1e:0a:6a:2f:52:43:1b:65:1e:61:43:
         61:b2:4f:af:4e:7a:63:e1:b0:51:fa:36:3e:d0:96:b4:10:76:
         4e:22:c1:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26ra4hXUOammDLC5BgRfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRlM2IwYjVjMThjZTgzMzNhZDA0Y2IwNmE0ZTZhZDJlNDM5ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0J1+5q6HJl78IkI4jDIpGaO2ToS
Y0pyua7cRh6BGPFLIVfQ04ZI3u0U7JMvrU5GMlm1vZi3gb19yJJEkTWxz7wzgtJF
fcWt0KldY1HoW59ljWp8jWfiad4sdD84nIgJPHEoGQG0S7YZ+5WegUm2CwQWfnU/
YA0usuUM2LsB2/rdsQ3EkrZwmnR+2oZToSSn9663BXK4rM5UBxMNqXkE297ZoCns
zAKiilRdYpSIAmKn7WuNr3Wxq6VxY5cLAT0AxKq/9cIOxpTk1K8cA/M/0K3zwMLj
Yt7qjjweH/4ZcfXmamMR7TlToWUHuIb3X7a1i+Wm4wHtom2Ng3jnAY1GtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9OOwtcGM6DM60Eywak5q0uQ55tMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvejA0N0Mxd1l6b016clFUTEJxVG1yUzVEbm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjLMA0G
CSqGSIb3DQEBCwUAA4IBAQCJrmHiJLkfBH8N7GOjZxDw7esYHbKXfvc85xCHhvqW
5qm2BhK9RtUUpI/DKP7VVQ1mm1mhPalBfbtVARRMGCfl2H+WxOuD7fd2lWjs+1KV
B0FduCaMnmHYNh0whb1UaursdpDjPMCL6+Vb+bnF/VP1ja7b4NIYf3E4+/ZJdDYM
kH4KVXVztePBZSyOnoGvXtOsJa4z8maVhQ9BjhNwlzZS+ppWOtCBOdktQR7HnsAu
InPKlKrcmb3+DZOfKklGbLHtKB1/cc4b2Ct4GKbkPeISOknuP7ReIxSK8cYF0uWP
HgpqL1JDG2UeYUNhsk+vTnpj4bBR+jY+0Ja0EHZOIsFJ
-----END CERTIFICATE-----