This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UpSH3rHN4RV8pDR5HOrIC8laVng.roa
File:                     UpSH3rHN4RV8pDR5HOrIC8laVng.roa (raw, json)
Hash identifier:          ZyHo12ruTnSgk9utoiDRzGn5Dbm3CctK7WVPCOAZM7Q=
Subject key identifier:   52:94:87:DE:B1:CD:E1:15:7C:A4:34:79:1C:EA:C8:0B:C9:5A:56:78
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A32B86778898CC87304CE0BD4092E6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UpSH3rHN4RV8pDR5HOrIC8laVng.roa
Signing time:             Thu 01 Jan 2026 08:18:37 +0000
ROA not before:           Thu 01 Jan 2026 08:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202737
IP address blocks:        45.12.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:2b:86:77:88:98:cc:87:30:4c:e0:bd:40:92:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=529487deb1cde1157ca434791ceac80bc95a5678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:e3:87:1e:11:20:2c:1d:48:fd:1e:1c:75:
                    21:5d:47:c9:4c:86:97:46:a3:a7:d3:4d:aa:52:f2:
                    1c:b8:2b:f6:35:9f:00:37:86:ec:8d:05:a1:80:e0:
                    ec:ea:7f:b7:df:d7:ce:62:0f:9b:46:fb:3f:cf:58:
                    33:84:8a:e2:1d:1a:e6:17:b6:50:42:4c:8b:af:e5:
                    ad:a2:9c:82:3a:0d:c9:0c:78:fb:ba:3e:da:1b:f5:
                    c0:62:61:e1:84:dd:c4:e9:a2:06:0d:85:38:bd:ae:
                    81:37:dc:c0:88:22:b4:5d:0c:05:2a:81:58:ce:c3:
                    a7:92:3a:24:16:e5:de:a3:c0:ad:33:32:06:55:d7:
                    15:f8:42:9c:85:b5:51:7f:9d:ef:74:49:55:fe:40:
                    4e:e0:b3:4f:04:a6:82:ab:e1:60:50:6b:80:5b:88:
                    c4:21:ac:9e:2f:d5:8d:75:9e:f8:7f:73:c7:bd:a4:
                    f0:3e:97:05:f2:67:4c:c9:1c:92:dc:a0:b9:3c:ed:
                    2c:a5:70:33:19:f5:61:b5:5f:5c:d9:59:52:3a:44:
                    4b:17:b1:5e:c9:2d:2c:e5:40:93:74:bf:a8:9c:40:
                    0b:d7:40:ac:bf:69:f0:c3:eb:62:4f:7f:d8:28:a9:
                    0c:f6:19:49:e7:5f:28:ae:0c:06:8e:30:2a:53:9d:
                    73:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:94:87:DE:B1:CD:E1:15:7C:A4:34:79:1C:EA:C8:0B:C9:5A:56:78
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UpSH3rHN4RV8pDR5HOrIC8laVng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:00:e0:9e:58:9c:19:b4:0d:27:a0:92:38:da:5c:81:6e:7c:
         98:c7:43:25:2d:5a:b4:57:45:4e:78:22:9e:a3:87:1a:27:5e:
         7c:e2:cd:d7:28:d1:53:a5:60:33:38:1d:11:36:c3:48:78:b9:
         eb:fb:21:fd:07:a4:12:d6:98:59:3d:4e:f1:cf:1d:9f:e7:6d:
         32:ad:a7:03:20:c4:99:7b:d8:05:7f:23:67:d9:47:fe:3f:ad:
         5d:f6:50:4e:0b:47:06:44:eb:7b:01:0d:c0:43:43:4c:a8:b4:
         77:98:3b:45:95:98:1b:66:e2:00:e7:62:5c:bc:4d:42:e9:06:
         e9:b7:f8:83:30:b7:df:52:65:90:a6:7b:81:8d:03:18:70:6e:
         6c:8b:e0:14:ab:2c:85:77:b4:dc:52:d3:64:3b:cb:d9:c1:e5:
         2a:cf:fb:5a:5f:5e:16:33:ba:5e:24:3c:fd:90:9d:9c:8e:eb:
         05:89:d5:d0:fb:5f:8a:b1:33:7e:d7:a1:67:07:0c:f5:61:e3:
         d2:9e:8a:51:61:5d:2d:5b:e8:6b:86:67:27:0d:88:a6:6b:d3:
         74:5e:91:d3:e9:8d:2e:7f:d0:e4:c1:59:c9:56:74:87:33:8b:
         fc:1f:4d:35:f7:ba:f3:52:55:19:82:ea:b4:4c:6a:94:cb:2b:
         fe:7b:7c:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oyuGd4iYzIcwTOC9QJLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk0ODdkZWIxY2RlMTE1N2NhNDM0NzkxY2VhYzgwYmM5NWE1Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjLjhx4RICwdSP0eHHUhXUfJTIaX
RqOn002qUvIcuCv2NZ8AN4bsjQWhgODs6n+339fOYg+bRvs/z1gzhIriHRrmF7ZQ
QkyLr+WtopyCOg3JDHj7uj7aG/XAYmHhhN3E6aIGDYU4va6BN9zAiCK0XQwFKoFY
zsOnkjokFuXeo8CtMzIGVdcV+EKchbVRf53vdElV/kBO4LNPBKaCq+FgUGuAW4jE
IayeL9WNdZ74f3PHvaTwPpcF8mdMyRyS3KC5PO0spXAzGfVhtV9c2VlSOkRLF7Fe
yS0s5UCTdL+onEAL10Csv2nww+tiT3/YKKkM9hlJ518orgwGjjAqU51zVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKUh96xzeEVfKQ0eRzqyAvJWlZ4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVXBTSDNySE40UlY4cERSNUhPcklDOGxhVm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQz9MA0G
CSqGSIb3DQEBCwUAA4IBAQA7AOCeWJwZtA0noJI42lyBbnyYx0MlLVq0V0VOeCKe
o4caJ1584s3XKNFTpWAzOB0RNsNIeLnr+yH9B6QS1phZPU7xzx2f520yracDIMSZ
e9gFfyNn2Uf+P61d9lBOC0cGROt7AQ3AQ0NMqLR3mDtFlZgbZuIA52JcvE1C6Qbp
t/iDMLffUmWQpnuBjQMYcG5si+AUqyyFd7TcUtNkO8vZweUqz/taX14WM7peJDz9
kJ2cjusFidXQ+1+KsTN+16FnBwz1YePSnopRYV0tW+hrhmcnDYima9N0XpHT6Y0u
f9DkwVnJVnSHM4v8H00197rzUlUZguq0TGqUyyv+e3yn
-----END CERTIFICATE-----