This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/RzegIjPR1QzKh4a_hxBHbhA-B7Q.roa
File:                     RzegIjPR1QzKh4a_hxBHbhA-B7Q.roa (raw, json)
Hash identifier:          X0vld209GqgyvupdPCzCZcV5LdmNngCSYRQVBP6Po68=
Subject key identifier:   47:37:A0:22:33:D1:D5:0C:CA:87:86:BF:87:10:47:6E:10:3E:07:B4
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019B7C128EE6F0EA43DA3DE25DA5D48981D0
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/RzegIjPR1QzKh4a_hxBHbhA-B7Q.roa
Signing time:             Fri 02 Jan 2026 00:19:09 +0000
ROA not before:           Fri 02 Jan 2026 00:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213220
IP address blocks:        45.81.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:8e:e6:f0:ea:43:da:3d:e2:5d:a5:d4:89:81:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 00:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4737a02233d1d50cca8786bf8710476e103e07b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b8:94:6f:de:ee:a0:36:84:17:f4:5b:e4:89:
                    56:23:af:8c:a4:7f:d4:db:2a:84:0a:34:d6:a1:f6:
                    e6:1b:de:82:31:f2:11:f6:05:2e:17:c5:23:77:8e:
                    e8:47:3c:b1:d0:67:3f:b5:e6:4e:bb:61:52:a2:9b:
                    01:bd:c7:72:14:53:ed:f2:5b:56:a8:67:1e:8c:e9:
                    08:ee:b7:91:3f:65:4d:cf:18:b3:1f:75:c2:f8:51:
                    64:e4:fc:59:72:50:40:f1:57:39:0f:ed:27:bb:80:
                    2a:2a:51:21:b5:07:5d:84:42:47:98:2a:cc:9c:56:
                    4b:ae:b0:7b:d9:f0:1a:d0:41:84:2c:f3:2d:8c:6d:
                    65:c7:7e:20:f8:7c:ec:43:55:4b:1a:76:9e:5e:1f:
                    1a:fc:45:db:8a:b0:0c:f1:21:94:5d:2e:7d:4c:55:
                    e3:6e:7c:91:d4:2f:61:95:75:06:22:ba:71:68:93:
                    28:4e:3f:0d:1c:20:f2:ac:f1:5a:52:40:8d:19:d7:
                    df:4a:40:93:f8:e5:ec:a4:34:95:b9:cd:51:6d:6b:
                    4c:16:8d:ef:c5:6a:b4:74:f1:0e:ad:47:27:be:f4:
                    64:5d:51:3f:e5:69:7c:20:50:be:6d:26:e7:54:5b:
                    bf:e1:b4:24:07:31:61:68:0b:9b:27:a9:b8:a3:60:
                    09:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:37:A0:22:33:D1:D5:0C:CA:87:86:BF:87:10:47:6E:10:3E:07:B4
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/RzegIjPR1QzKh4a_hxBHbhA-B7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:11:79:a7:f3:17:b6:7c:cc:0a:fa:35:0a:9c:f1:a9:59:05:
         7f:c5:88:f6:fe:18:42:2b:ba:4b:60:f6:b9:fb:39:3d:03:e1:
         3b:5e:1b:80:71:0b:fb:ba:17:36:c1:d3:7f:b0:36:da:fc:35:
         b7:e7:53:1d:e6:1a:bb:59:1d:85:7a:62:26:54:ec:42:99:f1:
         db:06:01:5a:91:ae:30:31:c5:e2:05:f1:7c:26:5e:b3:e7:0a:
         ca:6a:73:de:90:52:4e:00:7a:64:3e:80:44:36:13:92:14:9b:
         70:ae:77:ff:b4:d4:91:40:89:2f:05:f2:fe:58:c4:34:e7:b8:
         5d:9a:8f:8f:96:b8:23:69:80:79:a8:9d:fe:bb:a5:75:9d:7c:
         a2:46:d5:19:91:17:75:96:97:0d:76:e3:8d:4c:bd:90:f6:23:
         db:dd:e0:66:71:f9:5c:e3:83:d4:9a:99:2f:88:a6:13:5d:89:
         04:ef:32:f2:b6:1d:07:58:a2:2d:c7:51:a3:ee:89:78:e8:76:
         6c:e1:0d:55:2b:a8:1a:aa:ed:a9:cd:4c:9d:5c:be:e9:18:5a:
         b3:8f:9c:9e:2d:b1:7e:0a:20:15:50:ad:a4:b1:cb:50:40:85:
         b9:87:03:d1:ec:90:f3:16:56:a4:25:72:39:91:4f:8f:d1:9c:
         4a:b8:81:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eo7m8OpD2j3iXaXUiYHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwMTAyMDAxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM3YTAyMjMzZDFkNTBjY2E4Nzg2YmY4NzEwNDc2ZTEwM2UwN2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7iUb97uoDaEF/Rb5IlWI6+MpH/U
2yqECjTWofbmG96CMfIR9gUuF8Ujd47oRzyx0Gc/teZOu2FSopsBvcdyFFPt8ltW
qGcejOkI7reRP2VNzxizH3XC+FFk5PxZclBA8Vc5D+0nu4AqKlEhtQddhEJHmCrM
nFZLrrB72fAa0EGELPMtjG1lx34g+HzsQ1VLGnaeXh8a/EXbirAM8SGUXS59TFXj
bnyR1C9hlXUGIrpxaJMoTj8NHCDyrPFaUkCNGdffSkCT+OXspDSVuc1RbWtMFo3v
xWq0dPEOrUcnvvRkXVE/5Wl8IFC+bSbnVFu/4bQkBzFhaAubJ6m4o2AJ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc3oCIz0dUMyoeGv4cQR24QPge0MB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvUnplZ0lqUFIxUXpLaDRhX2h4QkhiaEEtQjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVEgMA0G
CSqGSIb3DQEBCwUAA4IBAQBrEXmn8xe2fMwK+jUKnPGpWQV/xYj2/hhCK7pLYPa5
+zk9A+E7XhuAcQv7uhc2wdN/sDba/DW351Md5hq7WR2FemImVOxCmfHbBgFaka4w
McXiBfF8Jl6z5wrKanPekFJOAHpkPoBENhOSFJtwrnf/tNSRQIkvBfL+WMQ057hd
mo+PlrgjaYB5qJ3+u6V1nXyiRtUZkRd1lpcNduONTL2Q9iPb3eBmcflc44PUmpkv
iKYTXYkE7zLyth0HWKItx1Gj7ol46HZs4Q1VK6gaqu2pzUydXL7pGFqzj5yeLbF+
CiAVUK2ksctQQIW5hwPR7JDzFlakJXI5kU+P0ZxKuIHn
-----END CERTIFICATE-----