This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/R45A0fnYR44iqIervecEpC1ordo.roa
File:                     R45A0fnYR44iqIervecEpC1ordo.roa (raw, json)
Hash identifier:          aZsd9rhCHtUKSRJxzYhontkb9M1Vrxj8yjglwRZI5PQ=
Subject key identifier:   47:8E:40:D1:F9:D8:47:8E:22:A8:87:AB:BD:E7:04:A4:2D:68:AD:DA
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019B7D5B821122CA13ED063F0BAFFF4A7982
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/R45A0fnYR44iqIervecEpC1ordo.roa
Signing time:             Fri 02 Jan 2026 06:18:27 +0000
ROA not before:           Fri 02 Jan 2026 06:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62044
IP address blocks:        89.167.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:82:11:22:ca:13:ed:06:3f:0b:af:ff:4a:79:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 06:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=478e40d1f9d8478e22a887abbde704a42d68adda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a4:4e:ee:0f:75:e8:f6:e3:d6:0f:47:0b:9f:
                    a2:91:f6:40:70:01:80:f5:a1:3c:11:b1:12:66:5d:
                    74:80:8b:6b:d2:70:0c:bb:8a:da:e3:06:20:d3:22:
                    93:ce:99:8b:37:de:4a:fa:a0:c4:e3:04:c4:1b:af:
                    c8:af:41:0f:59:b1:73:3c:57:55:15:30:cb:9f:27:
                    9f:c1:c6:0f:4e:15:22:11:e6:eb:5b:59:39:30:8d:
                    bc:3a:19:15:d2:8a:30:a0:fc:d4:9b:40:77:61:0b:
                    a7:eb:30:5c:76:36:1d:d4:11:a3:d8:13:c0:2d:9a:
                    9d:98:ad:dd:8e:62:06:8c:00:f3:55:2c:bf:ef:6c:
                    d5:a8:79:a7:6b:fd:85:de:f9:4a:c7:e5:76:7f:f9:
                    b2:8e:94:1f:b4:15:d7:d7:bd:8b:20:64:15:9f:58:
                    b4:9a:bf:ca:e4:36:2a:52:3e:c9:e4:4f:6a:ae:5b:
                    04:72:a7:00:58:f2:75:2d:84:48:bb:93:90:d9:a4:
                    66:df:5c:4b:30:62:a4:61:74:6d:28:c0:16:8d:a3:
                    c4:61:07:ec:ff:43:17:fe:9a:9b:d5:48:89:fe:ed:
                    f5:7b:47:f1:dc:c8:90:cf:85:b0:05:0f:00:87:49:
                    5c:8f:7b:38:66:93:ab:50:84:f9:f2:63:b1:d6:c9:
                    0e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:8E:40:D1:F9:D8:47:8E:22:A8:87:AB:BD:E7:04:A4:2D:68:AD:DA
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/R45A0fnYR44iqIervecEpC1ordo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:76:db:98:1c:38:42:bc:3e:39:02:e9:ae:9a:57:10:d9:1b:
         5c:9b:01:78:3b:9e:39:57:32:08:27:e1:cf:04:4e:d9:52:29:
         5e:6a:33:d7:a1:60:c9:9b:88:b5:49:da:45:b5:91:d6:59:e0:
         d4:2d:a8:07:86:55:af:22:c0:e3:83:c9:20:f8:e9:f2:c0:f7:
         2a:91:c8:6f:ec:48:79:8e:61:0e:84:3b:ea:63:6d:c2:2f:70:
         36:b7:8f:df:4e:97:eb:22:d3:ae:94:77:57:70:aa:74:9b:b3:
         57:5f:b3:64:82:07:4e:32:e4:07:38:15:3a:31:15:1a:7c:a4:
         9e:78:4e:b1:01:e9:2d:06:9e:32:99:2c:50:11:b2:d7:13:b8:
         33:c5:9d:81:5b:ec:cd:c2:68:de:b0:fb:71:29:ce:17:17:37:
         cc:af:8c:f5:ae:56:17:7a:55:dd:6d:d6:51:de:d0:40:52:fc:
         95:57:9a:ff:aa:87:c1:18:b4:4c:89:58:57:b3:06:18:0d:4e:
         f6:3a:e6:a0:49:a3:f9:dd:28:b4:48:a3:05:57:26:80:c4:33:
         94:2b:1c:4e:35:07:53:ca:da:3b:ea:69:fd:3a:69:29:e6:d8:
         fc:b2:f0:a5:da:5d:0f:0f:35:4c:45:2c:b2:53:5c:f2:c3:1c:
         26:56:4c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W4IRIsoT7QY/C6//SnmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwMTAyMDYxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzhlNDBkMWY5ZDg0NzhlMjJhODg3YWJiZGU3MDRhNDJkNjhhZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaRO7g916Pbj1g9HC5+ikfZAcAGA
9aE8EbESZl10gItr0nAMu4ra4wYg0yKTzpmLN95K+qDE4wTEG6/Ir0EPWbFzPFdV
FTDLnyefwcYPThUiEebrW1k5MI28OhkV0oowoPzUm0B3YQun6zBcdjYd1BGj2BPA
LZqdmK3djmIGjADzVSy/72zVqHmna/2F3vlKx+V2f/myjpQftBXX172LIGQVn1i0
mr/K5DYqUj7J5E9qrlsEcqcAWPJ1LYRIu5OQ2aRm31xLMGKkYXRtKMAWjaPEYQfs
/0MX/pqb1UiJ/u31e0fx3MiQz4WwBQ8Ah0lcj3s4ZpOrUIT58mOx1skOwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeOQNH52EeOIqiHq73nBKQtaK3aMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvUjQ1QTBmbllSNDRpcUllcnZlY0VwQzFvcmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaeDMA0G
CSqGSIb3DQEBCwUAA4IBAQBtdtuYHDhCvD45AumumlcQ2RtcmwF4O545VzIIJ+HP
BE7ZUileajPXoWDJm4i1SdpFtZHWWeDULagHhlWvIsDjg8kg+OnywPcqkchv7Eh5
jmEOhDvqY23CL3A2t4/fTpfrItOulHdXcKp0m7NXX7NkggdOMuQHOBU6MRUafKSe
eE6xAektBp4ymSxQEbLXE7gzxZ2BW+zNwmjesPtxKc4XFzfMr4z1rlYXelXdbdZR
3tBAUvyVV5r/qofBGLRMiVhXswYYDU72OuagSaP53Si0SKMFVyaAxDOUKxxONQdT
yto76mn9Omkp5tj8svCl2l0PDzVMRSyyU1zywxwmVkyK
-----END CERTIFICATE-----