This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PXEVmSNMFfbhf94bN6DAPGZckSc.roa
File:                     PXEVmSNMFfbhf94bN6DAPGZckSc.roa (raw, json)
Hash identifier:          z1Tq0O2xYVfuaEb5UjHMBqSupucc7wqRVMURz+WvtC8=
Subject key identifier:   3D:71:15:99:23:4C:15:F6:E1:7F:DE:1B:37:A0:C0:3C:66:5C:91:27
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A31E1C364B0952A91C362251614D26
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PXEVmSNMFfbhf94bN6DAPGZckSc.roa
Signing time:             Thu 01 Jan 2026 08:18:34 +0000
ROA not before:           Thu 01 Jan 2026 08:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198178
IP address blocks:        45.128.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:1e:1c:36:4b:09:52:a9:1c:36:22:51:61:4d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d711599234c15f6e17fde1b37a0c03c665c9127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d8:d9:d7:2a:9d:32:80:0a:72:64:61:5c:80:
                    5e:57:86:37:c8:f3:6d:db:fd:02:23:5b:5c:81:e2:
                    08:60:37:cb:6f:8e:c8:b7:bf:cf:55:4f:6d:60:29:
                    2f:27:e6:9b:97:e6:7b:ef:00:b0:00:89:7f:12:de:
                    b3:1d:43:04:b5:24:7f:dd:25:73:c4:42:a6:c1:86:
                    b5:c6:40:41:50:b5:a5:9e:75:a5:80:fd:11:6e:92:
                    1b:98:cd:c0:ad:b3:be:d5:4a:fe:f7:d3:29:ab:67:
                    fc:44:a6:75:be:b9:2b:e6:b2:b3:2e:49:10:55:14:
                    04:27:24:6b:38:1f:f7:f4:d3:bb:ed:2c:a6:9b:3d:
                    9d:39:ae:11:5f:1c:6c:19:66:bc:12:6f:d2:c3:9c:
                    2d:20:24:e7:1b:6e:7c:d8:de:6d:27:e7:1c:eb:fe:
                    2b:54:e4:bb:b1:30:57:04:03:db:e5:16:ed:f4:76:
                    ca:66:18:be:5a:38:73:dc:19:53:e3:79:aa:2a:db:
                    e6:98:7e:dd:6b:80:78:b2:36:1e:68:cc:ad:3a:ab:
                    2c:87:74:7b:82:bf:81:f3:b2:65:52:79:d2:42:a5:
                    05:c7:cc:71:4f:86:17:05:c1:73:f0:02:99:67:bf:
                    b9:00:c1:5c:79:4b:e0:b2:0c:28:c3:30:74:db:3f:
                    86:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:71:15:99:23:4C:15:F6:E1:7F:DE:1B:37:A0:C0:3C:66:5C:91:27
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PXEVmSNMFfbhf94bN6DAPGZckSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:8d:80:f0:e0:ec:2f:3c:f7:ab:4b:c2:8f:99:51:06:03:d4:
         89:83:ae:ef:d1:95:e8:59:e0:5e:a8:1c:06:ea:af:89:6b:7c:
         d8:52:9f:e7:22:25:75:c1:95:8f:9f:3e:dc:4d:62:f1:b3:31:
         d6:ff:95:76:36:48:42:e0:fc:b5:35:ae:1c:9c:a0:95:72:fb:
         63:5b:af:a0:64:12:cc:c3:df:c9:a6:70:c6:41:f3:a3:6a:36:
         06:76:51:60:6e:b9:91:d9:2f:52:b5:e7:1b:ea:06:d5:07:83:
         60:31:47:96:5e:62:cf:fd:93:28:52:cc:62:b9:e4:96:21:b2:
         6b:a8:e5:01:58:ca:66:d8:11:73:64:6f:86:f0:f4:1b:bd:6f:
         09:63:b7:17:87:ee:00:98:4f:ed:1e:bb:ec:c6:73:76:cd:bd:
         b1:21:05:44:ad:c7:95:c9:63:06:20:71:bd:ed:9f:34:d3:7d:
         4b:61:26:72:d0:cf:9d:fd:1a:97:20:6a:d7:2e:8e:23:5e:c7:
         ee:4f:4f:00:de:2f:e5:3b:b6:36:10:f2:12:47:0b:e6:b3:e8:
         f4:ec:1f:c5:9c:f4:5e:5e:a6:17:6d:00:7a:c7:33:e6:a8:97:
         da:c4:92:10:bf:55:ab:8f:33:83:81:b8:ac:8a:3a:83:db:fe:
         56:26:c9:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ox4cNksJUqkcNiJRYU0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDcxMTU5OTIzNGMxNWY2ZTE3ZmRlMWIzN2EwYzAzYzY2NWM5MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNjZ1yqdMoAKcmRhXIBeV4Y3yPNt
2/0CI1tcgeIIYDfLb47It7/PVU9tYCkvJ+abl+Z77wCwAIl/Et6zHUMEtSR/3SVz
xEKmwYa1xkBBULWlnnWlgP0RbpIbmM3ArbO+1Ur+99Mpq2f8RKZ1vrkr5rKzLkkQ
VRQEJyRrOB/39NO77Symmz2dOa4RXxxsGWa8Em/Sw5wtICTnG2582N5tJ+cc6/4r
VOS7sTBXBAPb5Rbt9HbKZhi+Wjhz3BlT43mqKtvmmH7da4B4sjYeaMytOqssh3R7
gr+B87JlUnnSQqUFx8xxT4YXBcFz8AKZZ7+5AMFceUvgsgwowzB02z+GnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1xFZkjTBX24X/eGzegwDxmXJEnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUFhFVm1TTk1GZmJoZjk0Yk42REFQR1pja1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBjMA0G
CSqGSIb3DQEBCwUAA4IBAQAXjYDw4OwvPPerS8KPmVEGA9SJg67v0ZXoWeBeqBwG
6q+Ja3zYUp/nIiV1wZWPnz7cTWLxszHW/5V2NkhC4Py1Na4cnKCVcvtjW6+gZBLM
w9/JpnDGQfOjajYGdlFgbrmR2S9Stecb6gbVB4NgMUeWXmLP/ZMoUsxiueSWIbJr
qOUBWMpm2BFzZG+G8PQbvW8JY7cXh+4AmE/tHrvsxnN2zb2xIQVErceVyWMGIHG9
7Z80031LYSZy0M+d/RqXIGrXLo4jXsfuT08A3i/lO7Y2EPISRwvms+j07B/FnPRe
XqYXbQB6xzPmqJfaxJIQv1WrjzODgbisijqD2/5WJslf
-----END CERTIFICATE-----
Generated at Fri Jan 2 12:03:05 2026 by rpki-client