This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/FXGg2Fa0emu9dKW-rLUC0KROeXw.roa
File:                     FXGg2Fa0emu9dKW-rLUC0KROeXw.roa (raw, json)
Hash identifier:          vDpMUJR3utlP1Q4YoLNcOM/ustze8pksaMUztNRPk0o=
Subject key identifier:   15:71:A0:D8:56:B4:7A:6B:BD:74:A5:BE:AC:B5:02:D0:A4:4E:79:7C
Certificate issuer:       /CN=2a7148c461f5e77e107af73566a27e343561dc1d
Certificate serial:       019A5469BEF5835572ECDFBBA46A45B2E8E8
Authority key identifier: 2A:71:48:C4:61:F5:E7:7E:10:7A:F7:35:66:A2:7E:34:35:61:DC:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/FXGg2Fa0emu9dKW-rLUC0KROeXw.roa
Signing time:             Wed 05 Nov 2025 14:26:47 +0000
ROA not before:           Wed 05 Nov 2025 14:26:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        45.156.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Nov 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:69:be:f5:83:55:72:ec:df:bb:a4:6a:45:b2:e8:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a7148c461f5e77e107af73566a27e343561dc1d
        Validity
            Not Before: Nov  5 14:26:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1571a0d856b47a6bbd74a5beacb502d0a44e797c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:79:90:0c:0c:db:67:99:1b:88:10:0c:f3:09:
                    bc:f4:56:b5:64:05:f1:9a:e5:38:14:cd:8e:a3:29:
                    4f:09:29:a5:02:5b:dd:d7:3a:d3:ee:ca:a6:b5:af:
                    bc:24:1d:2e:9d:dc:7b:26:53:6b:4f:10:ac:ae:bc:
                    b3:d5:b6:5f:bf:3f:88:da:7b:c9:77:7f:81:51:bb:
                    49:ff:87:03:b5:a1:46:99:89:39:f3:a4:3e:56:e1:
                    19:15:18:a2:a7:1c:0e:77:d6:b4:e7:ce:86:62:7d:
                    ee:d6:36:21:46:c3:71:10:f5:8b:22:da:28:7c:3f:
                    3c:f0:0f:36:07:da:a2:cc:46:1a:9f:cb:09:5f:13:
                    66:13:df:90:80:5c:5b:77:2c:b1:bb:fd:8d:0c:68:
                    38:0b:ea:ca:64:6a:5a:bb:a1:f5:ce:34:d1:af:88:
                    c3:ce:74:08:a7:4c:2b:ae:06:e7:f5:0c:86:1f:d8:
                    16:9e:12:1c:d0:fc:4e:4c:ec:90:e2:24:70:56:2e:
                    c7:f9:f6:c9:48:05:4d:ac:d2:8c:78:c3:90:75:54:
                    ca:1e:e4:d6:c3:cb:73:c1:3d:b9:1a:ba:78:65:c0:
                    a1:02:ca:c4:38:90:7d:20:0d:1a:a8:79:ac:d1:95:
                    42:a0:32:27:10:82:d7:66:2e:2b:fa:e5:ca:1d:0f:
                    fa:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:71:A0:D8:56:B4:7A:6B:BD:74:A5:BE:AC:B5:02:D0:A4:4E:79:7C
            X509v3 Authority Key Identifier:
                keyid:2A:71:48:C4:61:F5:E7:7E:10:7A:F7:35:66:A2:7E:34:35:61:DC:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/FXGg2Fa0emu9dKW-rLUC0KROeXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3c:ea:9f:38:ae:7d:4f:75:3f:52:dd:c9:fc:04:15:cc:86:
         19:c8:eb:d1:84:a0:91:05:af:44:35:a1:9c:4a:8b:73:d0:f8:
         4b:dc:42:9e:ba:69:48:54:ea:03:2a:59:76:25:48:a1:be:e7:
         9e:d8:4e:09:01:a9:99:a6:44:38:89:ad:e1:a2:a1:78:bc:04:
         84:a5:3c:63:5c:ab:3c:aa:f8:ba:ab:fa:fd:2e:fa:c3:24:5a:
         5e:7b:fa:cf:61:01:30:34:e8:92:98:74:2a:9d:fd:7a:23:f0:
         66:c8:3d:55:7b:d3:39:8c:37:23:61:01:21:b4:34:93:e6:0a:
         78:a4:03:83:92:36:d3:7e:d0:c3:50:96:97:7f:b3:3c:f4:33:
         71:0d:35:cd:1c:17:52:7d:a7:ce:81:dc:dc:0f:ab:bb:5a:85:
         82:a1:14:c0:77:c6:c6:93:3e:20:09:5e:69:91:27:c7:b5:04:
         7a:26:fa:de:8f:94:a0:54:f3:7d:6a:b0:1f:57:2b:d1:73:0e:
         c0:98:59:23:0d:9d:61:50:94:18:3e:b3:a9:ea:da:44:95:bd:
         23:b3:3f:2c:66:ca:30:15:0a:5e:ff:f1:bf:3f:fc:bb:22:bb:
         33:eb:52:19:73:8e:dd:a0:a6:98:a6:69:41:82:4e:91:99:6e:
         7d:bc:45:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpUab71g1Vy7N+7pGpFsujoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNzE0OGM0NjFmNWU3N2UxMDdhZjczNTY2YTI3ZTM0MzU2
MWRjMWQwHhcNMjUxMTA1MTQyNjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTcxYTBkODU2YjQ3YTZiYmQ3NGE1YmVhY2I1MDJkMGE0NGU3OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33mQDAzbZ5kbiBAM8wm89Fa1ZAXx
muU4FM2OoylPCSmlAlvd1zrT7sqmta+8JB0undx7JlNrTxCsrryz1bZfvz+I2nvJ
d3+BUbtJ/4cDtaFGmYk586Q+VuEZFRiipxwOd9a0586GYn3u1jYhRsNxEPWLItoo
fD888A82B9qizEYan8sJXxNmE9+QgFxbdyyxu/2NDGg4C+rKZGpau6H1zjTRr4jD
znQIp0wrrgbn9QyGH9gWnhIc0PxOTOyQ4iRwVi7H+fbJSAVNrNKMeMOQdVTKHuTW
w8tzwT25Grp4ZcChAsrEOJB9IA0aqHms0ZVCoDInEILXZi4r+uXKHQ/6BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVxoNhWtHprvXSlvqy1AtCkTnl8MB8GA1UdIwQY
MBaAFCpxSMRh9ed+EHr3NWaifjQ1YdwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS25GSXhHSDE1MzRRZXZjMVpxSi1ORFZoM0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85YWZhZjUtZTY5Ni00ODNlLTgzNjUt
MzRlZmQ1YjllOWNkLzEvRlhHZzJGYTBlbXU5ZEtXLXJMVUMwS1JPZVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85YWZhZjUtZTY5Ni00ODNlLTgzNjUtMzRlZmQ1YjllOWNk
LzEvS25GSXhHSDE1MzRRZXZjMVpxSi1ORFZoM0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZx/MA0G
CSqGSIb3DQEBCwUAA4IBAQBfPOqfOK59T3U/Ut3J/AQVzIYZyOvRhKCRBa9ENaGc
Sotz0PhL3EKeumlIVOoDKll2JUihvuee2E4JAamZpkQ4ia3hoqF4vASEpTxjXKs8
qvi6q/r9LvrDJFpee/rPYQEwNOiSmHQqnf16I/BmyD1Ve9M5jDcjYQEhtDST5gp4
pAODkjbTftDDUJaXf7M89DNxDTXNHBdSfafOgdzcD6u7WoWCoRTAd8bGkz4gCV5p
kSfHtQR6Jvrej5SgVPN9arAfVyvRcw7AmFkjDZ1hUJQYPrOp6tpElb0jsz8sZsow
FQpe//G/P/y7Irsz61IZc47doKaYpmlBgk6RmW59vEUs
-----END CERTIFICATE-----