This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/AE7tKoXDyuuPCaDaUfMyBa4xWdM.roa
File:                     AE7tKoXDyuuPCaDaUfMyBa4xWdM.roa (raw, json)
Hash identifier:          xVpRKPTRXjz76O68/XRyRJECKQ9lTBxMBzIgyh25rxU=
Subject key identifier:   00:4E:ED:2A:85:C3:CA:EB:8F:09:A0:DA:51:F3:32:05:AE:31:59:D3
Certificate issuer:       /CN=63fdc09ad54a397c604e94a1c966e2c296059cc1
Certificate serial:       019B7B3694D7E5A399E08C284D6951CBAAF7
Authority key identifier: 63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y_3AmtVKOXxgTpShyWbiwpYFnME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/AE7tKoXDyuuPCaDaUfMyBa4xWdM.roa
Signing time:             Thu 01 Jan 2026 20:18:53 +0000
ROA not before:           Thu 01 Jan 2026 20:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35041
IP address blocks:        45.134.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y_3AmtVKOXxgTpShyWbiwpYFnME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:94:d7:e5:a3:99:e0:8c:28:4d:69:51:cb:aa:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63fdc09ad54a397c604e94a1c966e2c296059cc1
        Validity
            Not Before: Jan  1 20:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=004eed2a85c3caeb8f09a0da51f33205ae3159d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:06:7c:0d:d0:de:f0:99:ad:7f:c5:ad:76:09:
                    21:94:6e:40:ec:5a:d5:2f:2e:b1:f7:63:8e:46:1e:
                    c9:eb:d8:fc:e0:99:66:90:4c:c4:bd:36:5d:f1:e5:
                    c1:a1:09:0f:eb:60:98:75:2b:b6:c1:e2:f7:5e:ad:
                    48:a1:e0:13:18:01:5d:40:1c:6b:ed:ed:86:98:c8:
                    ca:8c:03:d8:9b:b4:87:0c:35:11:94:da:c0:6f:37:
                    56:5a:fa:94:77:9c:b2:27:3a:73:f1:94:2d:c3:10:
                    ae:01:4a:2c:d0:be:65:d4:f0:32:50:e2:f7:d7:23:
                    8d:11:4e:b3:cc:3c:cc:28:94:5e:b7:ea:8a:2c:5f:
                    ce:df:48:aa:6c:24:f6:fe:0d:6d:b8:d3:f9:07:a4:
                    bd:9d:d4:c7:ab:59:b9:60:ed:bc:68:ed:a7:2c:6e:
                    91:e8:81:c6:52:ea:07:d9:55:f7:31:22:35:50:21:
                    39:31:1e:70:9c:73:c5:a4:56:9a:b2:bd:20:34:0f:
                    80:33:fa:e8:67:43:cd:b7:96:b2:94:17:f0:69:0e:
                    3c:82:fc:7c:fd:d6:2c:ab:79:35:79:72:f3:0a:b9:
                    cc:e5:71:32:4b:a5:d5:8d:68:82:1b:23:0b:53:bf:
                    10:f4:08:1e:9d:15:7a:c0:ea:98:75:76:95:87:94:
                    a9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:4E:ED:2A:85:C3:CA:EB:8F:09:A0:DA:51:F3:32:05:AE:31:59:D3
            X509v3 Authority Key Identifier:
                keyid:63:FD:C0:9A:D5:4A:39:7C:60:4E:94:A1:C9:66:E2:C2:96:05:9C:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y_3AmtVKOXxgTpShyWbiwpYFnME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/AE7tKoXDyuuPCaDaUfMyBa4xWdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2d0da4-a532-4b03-9055-4a5cbdb50e29/1/Y_3AmtVKOXxgTpShyWbiwpYFnME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ca:ad:78:da:98:f0:13:42:94:cd:2c:8c:c7:5a:d9:5f:13:
         78:c6:54:25:bd:d6:9f:d7:96:ff:6e:4c:55:15:b7:15:35:fd:
         7c:fa:1a:51:17:36:ff:99:81:39:36:c0:6e:cc:62:9f:63:66:
         7c:84:44:a9:4a:f0:f4:3a:89:b0:30:74:4d:23:2a:3a:fd:ab:
         a5:e7:95:4f:36:4d:9c:8b:a9:68:ba:d4:76:f3:89:f8:62:a2:
         e6:b2:03:02:4c:9c:b2:5e:94:84:08:80:24:74:02:48:4a:b1:
         7c:09:0c:8a:20:42:0f:47:65:2c:e4:35:5a:af:4c:e0:45:67:
         5e:21:bd:bd:e1:e9:15:a3:84:4f:ea:c5:57:ca:d3:9c:4b:aa:
         55:7c:32:00:16:31:1a:f7:a6:bd:3b:f5:9d:7a:8f:a3:08:06:
         43:b7:82:6f:26:a9:19:60:4c:12:13:81:36:38:c6:b1:14:a3:
         98:11:f7:a1:71:96:e9:0a:b7:d9:70:23:72:19:58:b9:6a:19:
         0a:b1:b9:32:8d:31:07:30:a8:9e:36:84:9f:19:4f:b8:4d:6d:
         7a:06:58:06:8b:35:5e:b7:ff:88:bf:17:ac:3c:30:64:9c:91:
         50:e1:96:9e:3c:fd:c3:03:c3:04:9e:80:3c:ef:50:2b:2c:e8:
         8c:3b:31:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NpTX5aOZ4IwoTWlRy6r3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZmRjMDlhZDU0YTM5N2M2MDRlOTRhMWM5NjZlMmMyOTYw
NTljYzEwHhcNMjYwMTAxMjAxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDRlZWQyYTg1YzNjYWViOGYwOWEwZGE1MWYzMzIwNWFlMzE1OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQZ8DdDe8Jmtf8WtdgkhlG5A7FrV
Ly6x92OORh7J69j84JlmkEzEvTZd8eXBoQkP62CYdSu2weL3Xq1IoeATGAFdQBxr
7e2GmMjKjAPYm7SHDDURlNrAbzdWWvqUd5yyJzpz8ZQtwxCuAUos0L5l1PAyUOL3
1yONEU6zzDzMKJRet+qKLF/O30iqbCT2/g1tuNP5B6S9ndTHq1m5YO28aO2nLG6R
6IHGUuoH2VX3MSI1UCE5MR5wnHPFpFaasr0gNA+AM/roZ0PNt5aylBfwaQ48gvx8
/dYsq3k1eXLzCrnM5XEyS6XVjWiCGyMLU78Q9AgenRV6wOqYdXaVh5SpzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABO7SqFw8rrjwmg2lHzMgWuMVnTMB8GA1UdIwQY
MBaAFGP9wJrVSjl8YE6Uoclm4sKWBZzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWV8zQW10VktPWHhnVHBTaHlXYml3cFlGbk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yZDBkYTQtYTUzMi00YjAzLTkwNTUt
NGE1Y2JkYjUwZTI5LzEvQUU3dEtvWER5dXVQQ2FEYVVmTXlCYTR4V2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yZDBkYTQtYTUzMi00YjAzLTkwNTUtNGE1Y2JkYjUwZTI5
LzEvWV8zQW10VktPWHhnVHBTaHlXYml3cFlGbk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCByq142pjwE0KUzSyMx1rZXxN4xlQlvdaf15b/bkxV
FbcVNf18+hpRFzb/mYE5NsBuzGKfY2Z8hESpSvD0OomwMHRNIyo6/aul55VPNk2c
i6loutR284n4YqLmsgMCTJyyXpSECIAkdAJISrF8CQyKIEIPR2Us5DVar0zgRWde
Ib294ekVo4RP6sVXytOcS6pVfDIAFjEa96a9O/Wdeo+jCAZDt4JvJqkZYEwSE4E2
OMaxFKOYEfehcZbpCrfZcCNyGVi5ahkKsbkyjTEHMKieNoSfGU+4TW16BlgGizVe
t/+IvxesPDBknJFQ4ZaePP3DA8MEnoA871ArLOiMOzEy
-----END CERTIFICATE-----