This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Cia5lk6gl6DngDZPQZGa9LgelPc.roa
File:                     Cia5lk6gl6DngDZPQZGa9LgelPc.roa (raw, json)
Hash identifier:          qjIKCGU6Dk+2X2/DFgsh5pjmVsy6yBNlqK4sm1CVIEs=
Subject key identifier:   0A:26:B9:96:4E:A0:97:A0:E7:80:36:4F:41:91:9A:F4:B8:1E:94:F7
Certificate issuer:       /CN=7b732b6e5710ba8289cff4bb226b75bc4b07819f
Certificate serial:       019A9D5F450F96FF3F7E2937095F151ABBDE
Authority key identifier: 7B:73:2B:6E:57:10:BA:82:89:CF:F4:BB:22:6B:75:BC:4B:07:81:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Cia5lk6gl6DngDZPQZGa9LgelPc.roa
Signing time:             Wed 19 Nov 2025 18:27:37 +0000
ROA not before:           Wed 19 Nov 2025 18:27:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207471
IP address blocks:        45.87.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:5f:45:0f:96:ff:3f:7e:29:37:09:5f:15:1a:bb:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b732b6e5710ba8289cff4bb226b75bc4b07819f
        Validity
            Not Before: Nov 19 18:27:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a26b9964ea097a0e780364f41919af4b81e94f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:48:3a:5c:3e:df:ac:39:7e:8b:2b:68:0c:02:
                    9a:9c:a1:10:72:e3:f1:5d:77:7b:36:2f:12:c1:28:
                    95:b2:ab:ea:eb:8a:49:67:69:b6:fa:27:c9:d8:fe:
                    d7:9c:91:88:de:31:b2:10:32:b4:74:8b:d3:29:66:
                    54:3e:f4:d3:ca:84:0e:76:46:41:50:10:5d:35:30:
                    23:0a:ae:15:27:3b:55:94:40:15:ca:6c:71:cd:99:
                    ff:3c:f5:58:83:a7:f0:9c:ef:88:37:9e:55:56:a0:
                    25:4c:a6:28:21:ee:08:39:a7:9d:c2:f6:79:6c:ad:
                    c6:ac:91:ed:c7:8d:38:6b:ad:3f:52:41:ce:d8:82:
                    b8:44:bf:53:d6:c2:df:7d:9f:a7:55:92:a4:d5:b0:
                    f2:da:6b:93:ef:fd:0a:58:dd:16:ed:0c:5d:f6:0b:
                    6c:86:4a:e1:df:3c:82:da:25:8a:eb:7d:83:40:6a:
                    87:0c:f7:cd:a5:9f:0f:ee:65:13:b8:27:39:e3:20:
                    b4:94:d6:de:05:0d:b9:b5:34:d9:7f:0f:13:bc:44:
                    9f:96:79:63:a0:88:ff:f1:cb:09:92:e6:e0:a9:17:
                    36:c7:ea:79:e2:81:84:32:fc:39:34:c6:9a:60:65:
                    79:74:a9:7e:38:fe:c5:06:50:49:14:b9:f9:f8:67:
                    64:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:26:B9:96:4E:A0:97:A0:E7:80:36:4F:41:91:9A:F4:B8:1E:94:F7
            X509v3 Authority Key Identifier:
                keyid:7B:73:2B:6E:57:10:BA:82:89:CF:F4:BB:22:6B:75:BC:4B:07:81:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3MrblcQuoKJz_S7Imt1vEsHgZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/Cia5lk6gl6DngDZPQZGa9LgelPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/3391ce-a795-401f-839d-a4d0d10c9016/1/e3MrblcQuoKJz_S7Imt1vEsHgZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:3f:50:0d:fa:0d:1e:da:ba:8a:0b:bd:27:7d:9c:42:e1:69:
         1a:96:b4:e5:f0:64:81:51:e0:0d:7d:ef:c9:04:c4:b1:55:93:
         a2:63:86:a8:94:d2:df:98:8a:98:58:32:de:c7:fb:52:12:94:
         f6:af:fb:0a:45:38:2f:b9:ef:8a:b3:91:a3:1d:45:cc:24:ab:
         86:93:f5:ae:e2:b3:f7:64:88:b0:3c:e7:fc:8b:99:66:b3:10:
         67:a2:fa:0a:66:6d:fc:1d:39:6f:ed:46:17:e0:ab:f2:0a:2e:
         f2:61:0f:62:56:94:34:f2:8a:f7:19:0b:30:8a:f2:b5:1f:d8:
         03:72:dc:27:a8:f1:0a:f7:43:af:f8:1b:61:38:c1:c5:e1:40:
         83:01:5f:64:a0:b0:0e:88:20:52:aa:80:84:88:e4:30:f1:d5:
         1e:28:ea:f4:c6:21:61:11:b5:51:5f:6e:43:44:2e:89:6a:ba:
         0e:63:e6:e6:08:43:e0:f5:70:52:21:bd:34:1f:3c:a4:02:aa:
         7c:1b:e8:f4:7f:69:db:62:73:e9:d2:69:a5:9a:0e:85:43:8f:
         af:bc:09:32:32:67:59:9a:2f:39:68:80:a4:7a:80:9f:8d:57:
         71:0d:44:c0:44:6d:a0:f0:ae:93:80:85:ab:28:66:80:a7:5c:
         44:98:6c:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqdX0UPlv8/fik3CV8VGrveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNzMyYjZlNTcxMGJhODI4OWNmZjRiYjIyNmI3NWJjNGIw
NzgxOWYwHhcNMjUxMTE5MTgyNzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI2Yjk5NjRlYTA5N2EwZTc4MDM2NGY0MTkxOWFmNGI4MWU5NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUg6XD7frDl+iytoDAKanKEQcuPx
XXd7Ni8SwSiVsqvq64pJZ2m2+ifJ2P7XnJGI3jGyEDK0dIvTKWZUPvTTyoQOdkZB
UBBdNTAjCq4VJztVlEAVymxxzZn/PPVYg6fwnO+IN55VVqAlTKYoIe4IOaedwvZ5
bK3GrJHtx404a60/UkHO2IK4RL9T1sLffZ+nVZKk1bDy2muT7/0KWN0W7Qxd9gts
hkrh3zyC2iWK632DQGqHDPfNpZ8P7mUTuCc54yC0lNbeBQ25tTTZfw8TvESflnlj
oIj/8csJkubgqRc2x+p54oGEMvw5NMaaYGV5dKl+OP7FBlBJFLn5+Gdk1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAomuZZOoJeg54A2T0GRmvS4HpT3MB8GA1UdIwQY
MBaAFHtzK25XELqCic/0uyJrdbxLB4GfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTNNcmJsY1F1b0tKel9TN0ltdDF2RXNIZ1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zMzkxY2UtYTc5NS00MDFmLTgzOWQt
YTRkMGQxMGM5MDE2LzEvQ2lhNWxrNmdsNkRuZ0RaUFFaR2E5TGdlbFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zMzkxY2UtYTc5NS00MDFmLTgzOWQtYTRkMGQxMGM5MDE2
LzEvZTNNcmJsY1F1b0tKel9TN0ltdDF2RXNIZ1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVffMA0G
CSqGSIb3DQEBCwUAA4IBAQB1P1AN+g0e2rqKC70nfZxC4WkalrTl8GSBUeANfe/J
BMSxVZOiY4aolNLfmIqYWDLex/tSEpT2r/sKRTgvue+Ks5GjHUXMJKuGk/Wu4rP3
ZIiwPOf8i5lmsxBnovoKZm38HTlv7UYX4KvyCi7yYQ9iVpQ08or3GQswivK1H9gD
ctwnqPEK90Ov+BthOMHF4UCDAV9koLAOiCBSqoCEiOQw8dUeKOr0xiFhEbVRX25D
RC6JaroOY+bmCEPg9XBSIb00HzykAqp8G+j0f2nbYnPp0mmlmg6FQ4+vvAkyMmdZ
mi85aICkeoCfjVdxDUTARG2g8K6TgIWrKGaAp1xEmGzX
-----END CERTIFICATE-----