This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/fdth4-LheaAtkNOEJz6pHobfl_k.roa
File:                     fdth4-LheaAtkNOEJz6pHobfl_k.roa (raw, json)
Hash identifier:          rTpg5aqyYW2RH+xhrSVpQRy6U3wJBueXqcjg7bGUFhI=
Subject key identifier:   7D:DB:61:E3:E2:E1:79:A0:2D:90:D3:84:27:3E:A9:1E:86:DF:97:F9
Certificate issuer:       /CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
Certificate serial:       019B7EA6D464DC23D58992424D170D634560
Authority key identifier: DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/fdth4-LheaAtkNOEJz6pHobfl_k.roa
Signing time:             Fri 02 Jan 2026 12:20:21 +0000
ROA not before:           Fri 02 Jan 2026 12:20:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35732
IP address blocks:        45.129.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:d4:64:dc:23:d5:89:92:42:4d:17:0d:63:45:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
        Validity
            Not Before: Jan  2 12:20:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ddb61e3e2e179a02d90d384273ea91e86df97f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:06:d1:4d:54:c9:50:1e:29:10:3b:53:59:6f:
                    88:11:39:33:93:fc:17:39:b0:ac:b1:6d:d5:26:f4:
                    ae:aa:7e:c2:c3:a9:08:6f:e8:09:1b:27:1e:9b:10:
                    48:3a:63:71:1c:d3:37:58:0b:b5:53:6d:e9:23:98:
                    52:42:3a:7c:74:2f:b5:d7:ec:ef:12:0c:b9:5f:d0:
                    49:60:fc:7a:53:de:d9:1c:91:67:f0:3f:d6:36:27:
                    69:6b:bf:d6:23:fe:de:07:5a:8e:fc:a5:7a:42:45:
                    d3:6e:1a:60:bf:8c:b1:5f:25:c7:47:5b:a0:cb:e3:
                    92:98:c7:e9:1b:f7:60:ef:16:02:30:c1:96:76:45:
                    78:c4:d6:15:fa:29:15:34:bb:97:3e:7c:41:d9:93:
                    9a:9b:2a:0d:9c:21:9c:bb:a4:8b:04:82:dd:b5:65:
                    9d:10:17:ad:ba:15:ae:cc:71:2c:1e:5a:3f:21:62:
                    23:0f:fc:a5:31:3e:e8:58:c7:b2:5b:2c:88:23:3d:
                    ed:15:a9:ef:69:d0:7f:cc:45:15:17:87:15:fc:0d:
                    28:cd:4e:2b:24:11:2c:dc:17:f9:f2:d5:99:b3:d4:
                    8d:3d:45:f6:ba:fd:8c:3b:ba:80:bf:a6:ef:05:ca:
                    b4:cd:60:b9:32:17:4d:62:1c:e6:d1:2f:90:3f:6e:
                    30:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DB:61:E3:E2:E1:79:A0:2D:90:D3:84:27:3E:A9:1E:86:DF:97:F9
            X509v3 Authority Key Identifier:
                keyid:DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/fdth4-LheaAtkNOEJz6pHobfl_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:68:b2:f7:24:51:50:44:3b:06:9c:a9:2a:98:6b:c7:ba:21:
         8e:db:5f:41:e6:74:71:c0:f3:05:3c:fb:b3:81:71:84:5c:b7:
         f3:02:5f:af:a0:5b:7e:3b:13:4b:d8:b7:3c:f3:93:b0:b3:dc:
         82:04:60:3d:b2:50:3a:5b:d8:5a:4c:b7:d2:88:9c:1c:43:bf:
         df:e5:9d:d4:70:9d:15:de:49:08:a9:a6:3e:1e:8b:b1:aa:4e:
         1c:11:58:40:c0:93:f4:48:ad:dd:99:e6:23:1d:63:65:cc:25:
         49:dc:20:1b:56:04:e7:49:d1:4d:32:79:ee:e0:e7:3e:de:ed:
         28:d9:62:c3:ab:f2:bb:f9:dd:e4:90:98:59:6d:de:92:29:c3:
         a3:65:5c:41:7d:be:25:60:a1:58:4e:dc:d9:2d:8b:6a:df:ed:
         23:da:6e:84:14:13:4b:08:8d:69:dd:27:b2:0a:47:14:4d:6e:
         4d:89:e4:2d:a7:4d:55:e3:20:6d:32:75:80:97:43:e0:10:08:
         84:8e:d0:72:09:49:44:42:63:f6:28:6e:e1:2d:57:bf:38:e2:
         14:f6:56:f7:21:43:09:a2:88:90:6a:2e:c7:e2:0b:99:1a:72:
         13:c6:89:96:0c:b9:95:a4:d5:bd:7d:f7:b0:ed:c8:83:6f:eb:
         81:c8:02:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ptRk3CPViZJCTRcNY0VgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNjFhMjkyMjIzYWQ5YWViYzhhZDgyYzJhNTY0NzVmYmQ5
N2E4MzQwHhcNMjYwMTAyMTIyMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRiNjFlM2UyZTE3OWEwMmQ5MGQzODQyNzNlYTkxZTg2ZGY5N2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAbRTVTJUB4pEDtTWW+IETkzk/wX
ObCssW3VJvSuqn7Cw6kIb+gJGycemxBIOmNxHNM3WAu1U23pI5hSQjp8dC+11+zv
Egy5X9BJYPx6U97ZHJFn8D/WNidpa7/WI/7eB1qO/KV6QkXTbhpgv4yxXyXHR1ug
y+OSmMfpG/dg7xYCMMGWdkV4xNYV+ikVNLuXPnxB2ZOamyoNnCGcu6SLBILdtWWd
EBetuhWuzHEsHlo/IWIjD/ylMT7oWMeyWyyIIz3tFanvadB/zEUVF4cV/A0ozU4r
JBEs3Bf58tWZs9SNPUX2uv2MO7qAv6bvBcq0zWC5MhdNYhzm0S+QP24wwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3bYePi4XmgLZDThCc+qR6G35f5MB8GA1UdIwQY
MBaAFN9hopIiOtmuvIrYLCpWR1+9l6g0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYt
NDE0ODdmNGQ0MTcxLzEvZmR0aDQtTGhlYUF0a05PRUp6NnBIb2JmbF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYtNDE0ODdmNGQ0MTcx
LzEvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGKMA0G
CSqGSIb3DQEBCwUAA4IBAQAKaLL3JFFQRDsGnKkqmGvHuiGO219B5nRxwPMFPPuz
gXGEXLfzAl+voFt+OxNL2Lc885Ows9yCBGA9slA6W9haTLfSiJwcQ7/f5Z3UcJ0V
3kkIqaY+Houxqk4cEVhAwJP0SK3dmeYjHWNlzCVJ3CAbVgTnSdFNMnnu4Oc+3u0o
2WLDq/K7+d3kkJhZbd6SKcOjZVxBfb4lYKFYTtzZLYtq3+0j2m6EFBNLCI1p3Sey
CkcUTW5NieQtp01V4yBtMnWAl0PgEAiEjtByCUlEQmP2KG7hLVe/OOIU9lb3IUMJ
ooiQai7H4guZGnITxomWDLmVpNW9ffew7ciDb+uByALi
-----END CERTIFICATE-----