This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/mNBBgKm6_yJQvs00m_igfi48DU0.roa
File:                     mNBBgKm6_yJQvs00m_igfi48DU0.roa (raw, json)
Hash identifier:          VfVCA1B9bUSr+I9VT6pAPSKz/tBVJaLIu5iTuGtuCBc=
Subject key identifier:   98:D0:41:80:A9:BA:FF:22:50:BE:CD:34:9B:F8:A0:7E:2E:3C:0D:4D
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       019B7D5D00158F7E80765A9192A967C5765C
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/mNBBgKm6_yJQvs00m_igfi48DU0.roa
Signing time:             Fri 02 Jan 2026 06:20:05 +0000
ROA not before:           Fri 02 Jan 2026 06:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200195
IP address blocks:        45.143.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:00:15:8f:7e:80:76:5a:91:92:a9:67:c5:76:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 06:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98d04180a9baff2250becd349bf8a07e2e3c0d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d3:e3:31:52:5f:f7:74:8a:a7:fc:c6:d4:f5:
                    59:45:7d:f5:e5:f8:a6:d4:d7:d5:81:50:ae:43:e4:
                    0d:71:59:d8:d6:1d:11:3f:01:8b:56:e5:d6:47:9e:
                    fe:4e:c5:0c:d3:2c:04:01:e8:25:32:4f:ff:de:41:
                    ce:7d:10:85:6d:02:99:a0:27:3f:3a:aa:24:92:9b:
                    c3:15:cc:67:92:e9:f9:81:95:5e:a1:8d:2f:5b:d0:
                    a7:1d:a5:f3:b8:18:3e:37:d2:66:29:2f:f0:53:ec:
                    8c:6e:7e:db:c6:ca:af:17:1e:88:69:fe:5b:b2:a8:
                    d1:a8:24:35:b0:b3:17:94:41:14:31:78:8c:0e:4c:
                    30:dc:9d:ff:09:c1:a7:aa:0f:e3:a3:97:1a:41:c6:
                    d2:7e:5f:37:f3:11:3a:22:d2:2c:46:27:fa:bb:ba:
                    23:52:a8:09:5d:a3:df:3a:5d:e5:95:23:54:d5:67:
                    03:b9:6f:c4:64:9f:db:5c:e2:bc:5c:69:ed:1d:3c:
                    7a:24:d6:a3:76:2d:37:ff:9c:8d:7c:f0:ca:60:b7:
                    f0:5a:85:78:e3:a0:f9:14:aa:41:26:61:6e:44:ed:
                    af:fe:3b:9b:4a:40:7d:88:89:c7:81:5e:4d:39:e0:
                    b8:cb:e8:ac:4f:a9:6a:53:8c:99:04:4e:28:4d:15:
                    51:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D0:41:80:A9:BA:FF:22:50:BE:CD:34:9B:F8:A0:7E:2E:3C:0D:4D
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/mNBBgKm6_yJQvs00m_igfi48DU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f0:f2:e6:11:3a:c8:fb:d3:9e:80:39:c5:7f:70:3d:8c:94:
         f9:92:b6:a3:8b:eb:a1:3c:ef:68:cb:8f:7d:75:4a:4c:09:69:
         56:17:f6:87:01:98:af:1f:dc:6b:0c:71:5a:ae:a9:c4:6c:5f:
         09:14:06:91:29:22:5e:b2:1b:7c:b8:c3:92:17:9d:46:06:91:
         ec:4b:0d:ee:a3:f1:be:1b:4f:19:9b:7f:f1:fb:6d:21:32:7c:
         66:6a:59:d7:e2:fb:9f:a6:03:fb:3d:ed:61:5a:f4:38:16:d9:
         58:a9:28:54:3d:06:c0:cd:06:9b:34:c6:43:88:fe:ee:78:88:
         d2:01:33:c9:bf:6f:d2:76:d1:8e:eb:74:8f:28:25:a9:1f:6b:
         d1:2e:c7:f7:eb:9d:75:ed:32:b3:4c:03:98:e8:84:7e:d3:2a:
         39:e3:f7:c3:8a:f0:29:38:c2:1a:51:b5:f9:25:49:99:d3:1d:
         ea:0e:1d:63:66:4b:01:8f:ed:13:a7:44:a2:c5:c1:f9:f8:7c:
         a7:28:fc:89:3d:6d:51:16:70:27:3e:f1:53:e8:12:eb:31:57:
         fc:0c:fa:ec:09:04:b0:a8:b7:92:a8:01:16:1d:e6:fd:ec:ce:
         1e:dd:df:32:1e:32:1a:55:78:cc:c0:89:44:2c:8c:8e:2e:a3:
         21:da:2b:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQAVj36AdlqRkqlnxXZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjYwMTAyMDYyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQwNDE4MGE5YmFmZjIyNTBiZWNkMzQ5YmY4YTA3ZTJlM2MwZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9PjMVJf93SKp/zG1PVZRX315fim
1NfVgVCuQ+QNcVnY1h0RPwGLVuXWR57+TsUM0ywEAeglMk//3kHOfRCFbQKZoCc/
OqokkpvDFcxnkun5gZVeoY0vW9CnHaXzuBg+N9JmKS/wU+yMbn7bxsqvFx6Iaf5b
sqjRqCQ1sLMXlEEUMXiMDkww3J3/CcGnqg/jo5caQcbSfl838xE6ItIsRif6u7oj
UqgJXaPfOl3llSNU1WcDuW/EZJ/bXOK8XGntHTx6JNajdi03/5yNfPDKYLfwWoV4
46D5FKpBJmFuRO2v/jubSkB9iInHgV5NOeC4y+isT6lqU4yZBE4oTRVRDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjQQYCpuv8iUL7NNJv4oH4uPA1NMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvbU5CQmdLbTZfeUpRdnMwMG1faWdmaTQ4RFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY/JMA0G
CSqGSIb3DQEBCwUAA4IBAQAR8PLmETrI+9OegDnFf3A9jJT5kraji+uhPO9oy499
dUpMCWlWF/aHAZivH9xrDHFarqnEbF8JFAaRKSJesht8uMOSF51GBpHsSw3uo/G+
G08Zm3/x+20hMnxmalnX4vufpgP7Pe1hWvQ4FtlYqShUPQbAzQabNMZDiP7ueIjS
ATPJv2/SdtGO63SPKCWpH2vRLsf365117TKzTAOY6IR+0yo54/fDivApOMIaUbX5
JUmZ0x3qDh1jZksBj+0Tp0SixcH5+HynKPyJPW1RFnAnPvFT6BLrMVf8DPrsCQSw
qLeSqAEWHeb97M4e3d8yHjIaVXjMwIlELIyOLqMh2isz
-----END CERTIFICATE-----