This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/cUAPfDvh9ctdBxtYWpRtEO8lG-g.roa
File:                     cUAPfDvh9ctdBxtYWpRtEO8lG-g.roa (raw, json)
Hash identifier:          b7MFeinCWo8o8FGB9kNt+44ggK2LvY6c1Zj//B8xVDY=
Subject key identifier:   71:40:0F:7C:3B:E1:F5:CB:5D:07:1B:58:5A:94:6D:10:EF:25:1B:E8
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019B7F1574FE237C1BDE435FA8D11C5F741B
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/cUAPfDvh9ctdBxtYWpRtEO8lG-g.roa
Signing time:             Fri 02 Jan 2026 14:21:11 +0000
ROA not before:           Fri 02 Jan 2026 14:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        45.112.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:74:fe:23:7c:1b:de:43:5f:a8:d1:1c:5f:74:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jan  2 14:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71400f7c3be1f5cb5d071b585a946d10ef251be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:97:39:39:2a:6e:57:bb:5d:a2:46:d1:47:
                    8b:9f:ec:47:cb:5c:c6:d1:47:7a:0e:ad:ff:35:e8:
                    15:a6:33:85:ea:e0:6f:96:dd:b4:1b:e0:69:c7:fe:
                    82:6f:3f:78:4d:d5:39:60:8b:fa:19:5f:d8:41:d7:
                    38:93:5a:37:1b:5b:f2:b2:bb:99:d0:42:f9:9c:be:
                    54:b8:78:b8:18:ac:81:d1:49:bf:dc:e4:5a:65:fe:
                    71:44:77:95:7d:44:58:9d:cf:46:93:36:ef:2e:e8:
                    f5:7a:eb:11:81:b3:47:90:d2:48:21:e0:11:5d:66:
                    d7:9f:fa:2f:e3:5e:a5:47:da:a6:54:85:82:1b:3f:
                    13:bd:7d:6e:f3:24:c6:f5:4f:a4:a1:8d:eb:52:ac:
                    e0:69:e0:9f:d8:6f:f1:27:cf:37:d8:0e:0d:ce:7f:
                    c0:7d:8a:99:0e:e7:fe:03:10:b5:66:c1:61:42:a3:
                    17:86:6f:25:d8:a5:09:8a:da:70:3a:13:5e:e3:2d:
                    51:65:6e:6e:f8:d4:55:a4:e7:33:41:b9:76:f3:76:
                    3a:18:2a:3f:17:f3:61:0d:47:84:a8:b8:fb:39:a1:
                    f5:20:7c:77:ac:8c:98:c5:07:60:bb:b9:a2:3e:49:
                    82:04:06:d2:51:a8:c7:c2:23:9a:76:a7:ba:5b:33:
                    e2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:40:0F:7C:3B:E1:F5:CB:5D:07:1B:58:5A:94:6D:10:EF:25:1B:E8
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/cUAPfDvh9ctdBxtYWpRtEO8lG-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:11:55:a1:4c:62:10:e8:a3:09:0f:3a:5a:9e:34:ad:a6:cf:
         9e:69:70:a0:89:6c:7c:80:f9:00:a4:a9:44:05:18:32:c9:9a:
         e4:0f:2d:fb:e7:1b:94:4d:13:42:23:6d:17:20:75:7c:24:ec:
         ec:0d:d6:58:87:9c:54:e2:7d:1b:40:ce:a7:c9:6b:55:b4:9a:
         89:9c:97:ec:f4:be:61:d0:ec:10:42:b9:01:d7:0a:f5:0a:b6:
         ba:c5:c2:cf:d4:3b:dc:40:f1:6d:0d:ec:32:ae:6b:95:a1:08:
         55:35:6a:27:7f:97:15:9b:a7:07:ed:0a:12:f6:e6:e4:9f:7e:
         52:9d:11:10:42:be:be:44:4c:31:4c:e5:29:90:7a:67:15:84:
         92:6b:7b:82:51:46:96:13:99:d7:8b:68:79:28:3a:9e:ef:49:
         ca:b6:1c:9b:d1:d3:33:b0:f4:70:70:12:80:0c:42:e8:0b:50:
         25:97:56:a6:3a:ab:75:ca:ff:74:46:9b:fc:2e:b0:6f:b9:96:
         66:78:1f:85:24:09:18:67:11:62:97:7f:d5:d3:44:2a:88:21:
         a7:d0:77:bd:e4:19:be:f0:c5:91:b1:9e:3e:80:6b:c7:b9:bb:
         37:25:c3:4a:03:41:52:1e:df:98:49:f5:ff:a0:52:24:c9:9c:
         0b:28:40:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXT+I3wb3kNfqNEcX3QbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjYwMTAyMTQyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQwMGY3YzNiZTFmNWNiNWQwNzFiNTg1YTk0NmQxMGVmMjUxYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD2XOTkqble7XaJG0UeLn+xHy1zG
0Ud6Dq3/NegVpjOF6uBvlt20G+Bpx/6Cbz94TdU5YIv6GV/YQdc4k1o3G1vysruZ
0EL5nL5UuHi4GKyB0Um/3ORaZf5xRHeVfURYnc9GkzbvLuj1eusRgbNHkNJIIeAR
XWbXn/ov416lR9qmVIWCGz8TvX1u8yTG9U+koY3rUqzgaeCf2G/xJ8832A4Nzn/A
fYqZDuf+AxC1ZsFhQqMXhm8l2KUJitpwOhNe4y1RZW5u+NRVpOczQbl283Y6GCo/
F/NhDUeEqLj7OaH1IHx3rIyYxQdgu7miPkmCBAbSUajHwiOadqe6WzPiYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFAD3w74fXLXQcbWFqUbRDvJRvoMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvY1VBUGZEdmg5Y3RkQnh0WVdwUnRFTzhsRy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXDDMA0G
CSqGSIb3DQEBCwUAA4IBAQBrEVWhTGIQ6KMJDzpanjStps+eaXCgiWx8gPkApKlE
BRgyyZrkDy375xuUTRNCI20XIHV8JOzsDdZYh5xU4n0bQM6nyWtVtJqJnJfs9L5h
0OwQQrkB1wr1Cra6xcLP1DvcQPFtDewyrmuVoQhVNWonf5cVm6cH7QoS9ubkn35S
nREQQr6+REwxTOUpkHpnFYSSa3uCUUaWE5nXi2h5KDqe70nKthyb0dMzsPRwcBKA
DELoC1All1amOqt1yv90Rpv8LrBvuZZmeB+FJAkYZxFil3/V00QqiCGn0He95Bm+
8MWRsZ4+gGvHubs3JcNKA0FSHt+YSfX/oFIkyZwLKECm
-----END CERTIFICATE-----