This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/rDFkTX5m2EO34s7P6mELh2PpTv8.roa
File:                     rDFkTX5m2EO34s7P6mELh2PpTv8.roa (raw, json)
Hash identifier:          tZ+O4/AWsb0SLsjDMIyQ8MdUzk2kAVytgwYcD7IQjCo=
Subject key identifier:   AC:31:64:4D:7E:66:D8:43:B7:E2:CE:CF:EA:61:0B:87:63:E9:4E:FF
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019AB65AD0BF6B250A4A23C1E042757E8CDC
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/rDFkTX5m2EO34s7P6mELh2PpTv8.roa
Signing time:             Mon 24 Nov 2025 14:53:16 +0000
ROA not before:           Mon 24 Nov 2025 14:53:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207923
IP address blocks:        45.158.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:5a:d0:bf:6b:25:0a:4a:23:c1:e0:42:75:7e:8c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Nov 24 14:53:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac31644d7e66d843b7e2cecfea610b8763e94eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:76:2c:a0:a5:ee:48:61:cb:85:6a:81:78:66:
                    c7:17:6a:f4:3d:b1:e9:78:c8:fd:d0:03:79:14:5c:
                    e9:bf:0a:a0:8b:49:8b:8b:5c:1b:e0:c4:cb:7c:9d:
                    ed:62:c8:e6:01:b1:b2:40:7b:95:be:7b:03:8a:a0:
                    6e:d8:d7:5f:59:d1:df:f2:9b:24:fd:f5:89:f0:a0:
                    f4:f0:17:51:62:15:11:e5:63:36:17:2e:d8:a1:f9:
                    9a:0e:0b:b2:89:21:16:73:48:eb:66:b5:8b:c7:e2:
                    aa:15:78:ea:b8:54:e7:2e:65:9c:7c:04:16:4b:a8:
                    85:26:8f:7d:41:71:42:9f:78:db:0f:07:00:15:be:
                    48:11:f0:e7:48:3d:2f:54:59:ab:b0:00:50:ad:e5:
                    c1:f4:7e:da:c6:03:0d:4d:e0:3d:08:c9:00:07:cd:
                    a0:71:0f:8d:4a:f6:3b:65:b9:e5:a8:ee:94:e2:4f:
                    2c:36:fe:07:6b:2b:46:25:39:4b:4d:71:53:02:9f:
                    c1:bc:15:40:d8:05:95:b4:a6:23:c5:d5:55:ee:e5:
                    d4:8e:77:07:65:b3:f1:fa:12:7e:64:fd:8c:9b:b4:
                    21:4c:91:c4:41:b4:c7:92:a0:61:79:67:a5:b2:32:
                    27:0a:14:25:d9:9e:fb:67:05:19:38:90:2c:55:8e:
                    29:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:31:64:4D:7E:66:D8:43:B7:E2:CE:CF:EA:61:0B:87:63:E9:4E:FF
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/rDFkTX5m2EO34s7P6mELh2PpTv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:1a:ff:cc:36:bb:b3:0b:3e:1a:1f:76:df:ef:7b:f0:e8:41:
         35:20:d9:96:f3:04:45:e7:b9:b6:e7:7d:a0:02:f1:62:d1:68:
         e7:d1:27:ae:77:e9:d6:29:50:c9:0e:2e:f0:e8:5d:39:90:ec:
         b5:6a:56:6f:eb:05:b3:c6:a8:95:00:66:6c:cb:f6:0e:1a:16:
         cd:42:be:1e:38:fe:c4:f3:1d:07:db:c6:d2:62:0e:ea:6f:68:
         7d:3c:24:5f:3d:ed:fc:5e:ee:27:ff:d7:11:65:8f:7d:ad:a3:
         00:f7:ea:fc:00:ef:eb:5e:5d:03:9e:d5:f5:c8:7d:bf:d5:a7:
         a6:65:c1:6a:6a:df:e7:9d:6c:0c:a8:71:4b:6c:42:b3:c5:af:
         3e:3f:a2:d7:3b:84:14:f3:07:aa:a2:9b:92:cf:2a:fc:a0:a4:
         6f:ad:80:be:a8:73:f4:71:fb:48:42:90:33:92:69:c2:c2:31:
         81:ed:7b:d8:b3:71:17:4c:75:1b:37:cd:e9:5e:b7:44:3c:9a:
         eb:1e:be:d7:e2:d7:ea:3b:ac:25:91:04:37:ed:aa:63:8d:72:
         7a:54:27:e6:5d:37:ca:4f:ac:c3:3a:d4:53:3e:28:80:40:33:
         74:54:e8:16:c7:c5:20:a6:70:ea:4f:12:bb:05:0d:98:87:51:
         d7:b0:1c:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2WtC/ayUKSiPB4EJ1fozcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUxMTI0MTQ1MzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMxNjQ0ZDdlNjZkODQzYjdlMmNlY2ZlYTYxMGI4NzYzZTk0ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynYsoKXuSGHLhWqBeGbHF2r0PbHp
eMj90AN5FFzpvwqgi0mLi1wb4MTLfJ3tYsjmAbGyQHuVvnsDiqBu2NdfWdHf8psk
/fWJ8KD08BdRYhUR5WM2Fy7YofmaDguyiSEWc0jrZrWLx+KqFXjquFTnLmWcfAQW
S6iFJo99QXFCn3jbDwcAFb5IEfDnSD0vVFmrsABQreXB9H7axgMNTeA9CMkAB82g
cQ+NSvY7ZbnlqO6U4k8sNv4HaytGJTlLTXFTAp/BvBVA2AWVtKYjxdVV7uXUjncH
ZbPx+hJ+ZP2Mm7QhTJHEQbTHkqBheWelsjInChQl2Z77ZwUZOJAsVY4pRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwxZE1+ZthDt+LOz+phC4dj6U7/MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvckRGa1RYNW0yRU8zNHM3UDZtRUxoMlBwVHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ5kMA0G
CSqGSIb3DQEBCwUAA4IBAQAPGv/MNruzCz4aH3bf73vw6EE1INmW8wRF57m2532g
AvFi0Wjn0Seud+nWKVDJDi7w6F05kOy1alZv6wWzxqiVAGZsy/YOGhbNQr4eOP7E
8x0H28bSYg7qb2h9PCRfPe38Xu4n/9cRZY99raMA9+r8AO/rXl0DntX1yH2/1aem
ZcFqat/nnWwMqHFLbEKzxa8+P6LXO4QU8weqopuSzyr8oKRvrYC+qHP0cftIQpAz
kmnCwjGB7XvYs3EXTHUbN83pXrdEPJrrHr7X4tfqO6wlkQQ37apjjXJ6VCfmXTfK
T6zDOtRTPiiAQDN0VOgWx8UgpnDqTxK7BQ2Yh1HXsBzS
-----END CERTIFICATE-----