This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bSz4Q1fFE8WGWsqdCGFF2qFoUHQ.roa
File:                     bSz4Q1fFE8WGWsqdCGFF2qFoUHQ.roa (raw, json)
Hash identifier:          WIBOpyhJfrDr8FwBf5vRBRYeYJ+bXPvbm3D0wXgoRFk=
Subject key identifier:   6D:2C:F8:43:57:C5:13:C5:86:5A:CA:9D:08:61:45:DA:A1:68:50:74
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A2DCFB2CFC78AF74305D4161DD4BE9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bSz4Q1fFE8WGWsqdCGFF2qFoUHQ.roa
Signing time:             Thu 01 Jan 2026 08:18:17 +0000
ROA not before:           Thu 01 Jan 2026 08:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14576
IP address blocks:        45.95.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:dc:fb:2c:fc:78:af:74:30:5d:41:61:dd:4b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d2cf84357c513c5865aca9d086145daa1685074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7b:91:93:9c:2a:fa:90:2e:d7:da:20:78:e0:
                    4f:88:4a:24:5e:4b:c5:84:1b:41:2c:a2:37:b5:73:
                    d1:1f:44:f0:f6:a1:8b:60:90:67:71:6a:22:0a:00:
                    ca:49:71:96:37:3c:cb:3b:77:f4:2b:58:12:a0:a6:
                    be:f3:a0:19:c6:eb:da:7a:eb:9b:62:7f:50:42:91:
                    c4:b2:4c:30:3b:07:ab:ee:60:f0:67:9d:62:12:46:
                    b3:2d:19:97:63:87:d5:0f:94:ae:c7:6e:32:6d:26:
                    98:b3:81:46:2e:f2:9e:46:61:5f:3b:da:b8:6e:c0:
                    6c:42:8c:04:7b:94:c5:af:02:49:7a:1c:3a:d5:55:
                    13:7f:9b:d1:6d:51:32:64:08:65:b5:dd:74:af:1f:
                    74:1b:d1:a8:c1:f7:05:0c:91:b0:1c:3b:b1:b8:f9:
                    8f:50:1e:73:f0:77:e2:59:85:b4:63:35:04:e3:a8:
                    61:82:0d:b3:41:42:ac:e9:17:11:ae:bb:51:ea:fe:
                    63:f4:d2:b3:00:70:ca:4a:7e:e0:3a:a5:dc:b4:bd:
                    c2:fb:28:31:6f:a0:57:3f:97:56:ae:60:d2:ba:bd:
                    86:b2:15:37:81:8e:7d:68:67:c7:f2:bf:4d:cd:8a:
                    97:40:45:c5:ca:dc:4f:ad:34:1b:f1:88:b6:23:59:
                    5d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2C:F8:43:57:C5:13:C5:86:5A:CA:9D:08:61:45:DA:A1:68:50:74
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bSz4Q1fFE8WGWsqdCGFF2qFoUHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9d:2a:a6:43:12:00:7e:53:98:35:9e:4a:44:29:38:5b:9c:
         8c:20:a7:88:2e:4b:62:8d:c9:41:31:8d:f4:93:8b:8f:fc:ae:
         93:a2:09:83:36:4e:f2:3f:21:91:c2:1c:a5:ca:3c:c6:31:39:
         f8:89:ad:5c:86:fe:01:fe:3f:fc:02:c6:1f:5a:41:3f:bf:a1:
         68:2f:c1:2b:e0:9d:c6:3b:db:c4:80:49:22:cc:87:ce:db:2d:
         4f:7d:8b:86:9a:b1:8a:22:d6:f8:03:1f:dd:2a:10:36:11:87:
         33:6a:87:2e:07:db:96:2e:93:89:1d:2a:fa:16:b1:b5:18:fe:
         ae:3c:af:78:94:d3:96:3b:2f:15:2b:6a:6a:dc:b9:33:5b:44:
         5c:b2:1b:46:2a:cb:31:be:8b:dc:bb:ad:31:89:68:4d:47:c2:
         32:cf:57:c0:69:b0:35:bd:a3:97:b3:19:c5:ca:19:4b:31:2d:
         4d:a1:be:9b:b3:64:2c:72:30:5e:e8:85:32:90:70:f9:3c:9a:
         29:40:ee:61:0e:f0:39:c6:52:c5:6b:fc:2f:7f:d5:97:45:a3:
         d6:6a:ed:9a:49:68:a0:a6:49:2e:14:02:66:0d:b3:97:ee:53:
         5e:21:d3:c0:e4:af:53:bf:f2:fb:fd:1e:7f:0d:c8:7a:f3:6d:
         35:1a:64:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4otz7LPx4r3QwXUFh3UvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDJjZjg0MzU3YzUxM2M1ODY1YWNhOWQwODYxNDVkYWExNjg1MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnuRk5wq+pAu19ogeOBPiEokXkvF
hBtBLKI3tXPRH0Tw9qGLYJBncWoiCgDKSXGWNzzLO3f0K1gSoKa+86AZxuvaeuub
Yn9QQpHEskwwOwer7mDwZ51iEkazLRmXY4fVD5Sux24ybSaYs4FGLvKeRmFfO9q4
bsBsQowEe5TFrwJJehw61VUTf5vRbVEyZAhltd10rx90G9GowfcFDJGwHDuxuPmP
UB5z8HfiWYW0YzUE46hhgg2zQUKs6RcRrrtR6v5j9NKzAHDKSn7gOqXctL3C+ygx
b6BXP5dWrmDSur2GshU3gY59aGfH8r9NzYqXQEXFytxPrTQb8Yi2I1ldIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0s+ENXxRPFhlrKnQhhRdqhaFB0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYlN6NFExZkZFOFdHV3NxZENHRkYycUZvVUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8BMA0G
CSqGSIb3DQEBCwUAA4IBAQConSqmQxIAflOYNZ5KRCk4W5yMIKeILktijclBMY30
k4uP/K6TogmDNk7yPyGRwhylyjzGMTn4ia1chv4B/j/8AsYfWkE/v6FoL8Er4J3G
O9vEgEkizIfO2y1PfYuGmrGKItb4Ax/dKhA2EYczaocuB9uWLpOJHSr6FrG1GP6u
PK94lNOWOy8VK2pq3LkzW0RcshtGKssxvovcu60xiWhNR8Iyz1fAabA1vaOXsxnF
yhlLMS1Nob6bs2QscjBe6IUykHD5PJopQO5hDvA5xlLFa/wvf9WXRaPWau2aSWig
pkkuFAJmDbOX7lNeIdPA5K9Tv/L7/R5/Dch68201GmRl
-----END CERTIFICATE-----