This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/A8k-ktADekUW8KGL9-TD1MM8a3Q.roa
File:                     A8k-ktADekUW8KGL9-TD1MM8a3Q.roa (raw, json)
Hash identifier:          8xlZQD8rUGje2ii4uZloIXz3Wi4R3xzE+RBDkavOVHI=
Subject key identifier:   03:C9:3E:92:D0:03:7A:45:16:F0:A1:8B:F7:E4:C3:D4:C3:3C:6B:74
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019B7FF23C90E46F17FB67A63283FD105B79
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/A8k-ktADekUW8KGL9-TD1MM8a3Q.roa
Signing time:             Fri 02 Jan 2026 18:22:20 +0000
ROA not before:           Fri 02 Jan 2026 18:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        45.150.224.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 16:20:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:3c:90:e4:6f:17:fb:67:a6:32:83:fd:10:5b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 18:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03c93e92d0037a4516f0a18bf7e4c3d4c33c6b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a1:bf:0a:8e:3e:52:63:d5:72:5d:7e:a8:a3:
                    13:cd:29:f4:15:0a:b2:7e:35:e7:bd:ca:b6:56:a7:
                    30:2f:a5:09:02:08:25:58:d4:08:ae:5f:f5:ab:91:
                    3f:17:ec:9f:e9:ea:b6:9b:9a:c8:cb:ca:f9:36:47:
                    be:d0:7a:5d:a3:e6:a9:6e:d3:26:ac:9a:04:59:72:
                    7d:77:9f:4e:15:9b:4c:96:50:b6:e2:ea:db:24:40:
                    1e:db:c9:99:3f:cc:e3:a5:2e:cd:f8:1e:53:4f:12:
                    aa:36:d0:25:db:b3:dc:eb:e5:6b:cd:2d:1f:02:87:
                    40:ed:e1:25:19:d8:9c:58:12:aa:d6:9a:ce:0f:59:
                    b3:80:62:3f:b9:ba:43:16:27:c6:ea:79:69:91:cc:
                    f3:82:38:06:e6:c9:de:f1:5c:8a:d1:02:45:07:41:
                    2d:87:97:4b:f9:07:fd:3e:26:0e:97:8c:9a:8d:ae:
                    96:df:16:7c:0d:1c:bf:00:4c:3e:b2:69:87:bc:64:
                    72:70:fb:60:ce:c6:bf:a5:69:ae:ef:e9:1a:13:09:
                    bf:ea:e5:77:f6:22:46:a7:69:bd:a5:5c:15:09:1b:
                    24:24:44:b8:2e:5c:b3:a9:df:49:f9:27:e5:48:28:
                    93:1a:b5:3d:28:64:55:d7:1f:0e:e1:3e:a0:61:da:
                    9d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C9:3E:92:D0:03:7A:45:16:F0:A1:8B:F7:E4:C3:D4:C3:3C:6B:74
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/A8k-ktADekUW8KGL9-TD1MM8a3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0a:4f:e6:cc:58:f5:57:cb:9b:2b:a5:cd:58:3c:cc:e2:5a:
         99:f5:1a:c1:4f:2b:89:35:8b:14:0f:b4:99:15:b7:c5:fc:70:
         4e:be:f0:af:45:1f:7d:5a:0c:f2:cd:fa:3f:e1:89:59:73:a5:
         f4:9c:08:a0:d1:57:ec:f7:f1:f5:d4:12:54:2a:9a:01:4d:72:
         50:31:dd:73:7d:56:c1:0c:65:5b:3a:40:16:76:21:73:03:f2:
         36:0e:ff:9d:25:d8:62:49:6f:98:41:9a:ef:49:d4:1a:9e:5c:
         29:b8:90:81:62:97:d2:f3:6d:e0:4b:88:31:f8:58:a7:62:d5:
         ed:0c:40:df:39:02:b5:4f:7e:20:97:8a:fa:92:69:69:a2:a9:
         d8:5a:b6:0e:40:e5:8e:d9:dd:5b:c5:89:0f:61:3b:70:ac:b5:
         55:d8:4e:43:cc:79:3c:7c:0e:78:91:2e:e2:28:64:ab:91:52:
         1c:94:80:d9:22:5f:f2:00:ce:06:60:10:f4:c5:df:7e:5a:76:
         e5:06:26:0a:ae:11:a7:5d:6e:84:b4:f0:a9:03:f7:dd:46:35:
         24:f6:2e:8d:69:3f:da:f6:19:d4:17:ae:d0:3c:52:f6:ca:91:
         71:59:4d:c9:4f:f5:dc:5a:b1:71:10:2c:ce:53:7d:7b:51:74:
         94:dc:e6:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8jyQ5G8X+2emMoP9EFt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjYwMTAyMTgyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M5M2U5MmQwMDM3YTQ1MTZmMGExOGJmN2U0YzNkNGMzM2M2Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaG/Co4+UmPVcl1+qKMTzSn0FQqy
fjXnvcq2VqcwL6UJAgglWNQIrl/1q5E/F+yf6eq2m5rIy8r5Nke+0Hpdo+apbtMm
rJoEWXJ9d59OFZtMllC24urbJEAe28mZP8zjpS7N+B5TTxKqNtAl27Pc6+VrzS0f
AodA7eElGdicWBKq1prOD1mzgGI/ubpDFifG6nlpkczzgjgG5sne8VyK0QJFB0Et
h5dL+Qf9PiYOl4yaja6W3xZ8DRy/AEw+smmHvGRycPtgzsa/pWmu7+kaEwm/6uV3
9iJGp2m9pVwVCRskJES4Llyzqd9J+SflSCiTGrU9KGRV1x8O4T6gYdqdHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPJPpLQA3pFFvChi/fkw9TDPGt0MB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvQThrLWt0QURla1VXOEtHTDktVEQxTU04YTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZbgMA0G
CSqGSIb3DQEBCwUAA4IBAQCSCk/mzFj1V8ubK6XNWDzM4lqZ9RrBTyuJNYsUD7SZ
FbfF/HBOvvCvRR99Wgzyzfo/4YlZc6X0nAig0Vfs9/H11BJUKpoBTXJQMd1zfVbB
DGVbOkAWdiFzA/I2Dv+dJdhiSW+YQZrvSdQanlwpuJCBYpfS823gS4gx+FinYtXt
DEDfOQK1T34gl4r6kmlpoqnYWrYOQOWO2d1bxYkPYTtwrLVV2E5DzHk8fA54kS7i
KGSrkVIclIDZIl/yAM4GYBD0xd9+WnblBiYKrhGnXW6EtPCpA/fdRjUk9i6NaT/a
9hnUF67QPFL2ypFxWU3JT/XcWrFxECzOU317UXSU3Oar
-----END CERTIFICATE-----