This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/aP_3HGccyIv5sNPZFE2GeDATdyo.roa
File:                     aP_3HGccyIv5sNPZFE2GeDATdyo.roa (raw, json)
Hash identifier:          WZasGlzPGB1XWlQ1B1we7O0jvwVfOay6wNCFw9J58P0=
Subject key identifier:   68:FF:F7:1C:67:1C:C8:8B:F9:B0:D3:D9:14:4D:86:78:30:13:77:2A
Certificate issuer:       /CN=03d602b9e1da2b568df544bda50e415799bbb1e2
Certificate serial:       019B7FF12BC7A8A06002729A492000C79D66
Authority key identifier: 03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/aP_3HGccyIv5sNPZFE2GeDATdyo.roa
Signing time:             Fri 02 Jan 2026 18:21:10 +0000
ROA not before:           Fri 02 Jan 2026 18:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135391
IP address blocks:        45.10.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:2b:c7:a8:a0:60:02:72:9a:49:20:00:c7:9d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d602b9e1da2b568df544bda50e415799bbb1e2
        Validity
            Not Before: Jan  2 18:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68fff71c671cc88bf9b0d3d9144d86783013772a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:55:6c:44:b0:78:e0:ff:07:53:9e:92:5c:12:
                    59:d1:74:52:5d:65:d9:84:fe:f4:29:b0:b8:5f:dc:
                    84:34:ca:69:37:5a:6c:52:fe:35:7d:57:8f:64:99:
                    ae:3e:0c:f1:c5:6c:e5:f6:79:3d:36:14:05:00:49:
                    4b:4d:00:e4:ce:63:aa:a6:f3:17:db:02:43:0c:d7:
                    79:1a:bc:c0:51:6a:2b:5e:43:db:48:68:c3:67:2c:
                    5f:b5:d2:67:2d:6d:f6:74:b0:3a:94:93:ab:b8:6d:
                    f1:48:33:32:8e:6e:d0:f4:e3:09:3c:7a:01:39:62:
                    bf:8a:8d:c1:c0:cb:2f:58:fb:f2:91:b7:c5:66:02:
                    03:6a:d0:94:f1:7f:91:33:d0:7e:ce:58:e0:03:cb:
                    8f:d6:6b:ea:c8:be:20:1b:1e:c2:0c:81:d4:e6:2e:
                    15:fc:7a:e5:90:ef:0e:09:32:35:4e:cb:c4:91:2f:
                    70:f1:ff:12:1f:88:fb:16:1c:3f:7b:27:b1:e9:21:
                    dd:af:50:96:fa:9b:2d:6c:42:89:93:6c:73:28:dd:
                    1a:a5:41:48:9a:32:e3:52:32:dd:cf:a5:28:28:7d:
                    8f:85:32:27:af:71:ed:57:d0:9f:a9:d2:eb:52:f9:
                    14:a5:46:89:cf:80:20:43:b1:49:10:6e:83:15:f3:
                    61:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:FF:F7:1C:67:1C:C8:8B:F9:B0:D3:D9:14:4D:86:78:30:13:77:2A
            X509v3 Authority Key Identifier:
                keyid:03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/aP_3HGccyIv5sNPZFE2GeDATdyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:06:9a:bc:6a:c2:a5:c5:ed:65:20:d1:60:31:a4:db:09:47:
         08:f2:83:c1:37:98:45:f2:bc:33:45:b1:30:19:08:b9:85:c2:
         83:cc:5a:45:64:64:14:1a:7f:71:28:6c:d1:8d:80:1f:bf:6a:
         04:55:84:14:30:66:2b:8d:4e:a2:94:e0:fc:b6:31:5d:21:a8:
         9b:27:b4:90:59:2b:d8:e5:2f:4c:60:a4:b2:e8:c7:f9:ec:6c:
         5a:9b:4f:34:f4:7b:8c:05:02:1c:5c:53:2e:3b:36:8c:d8:91:
         93:d7:0d:1a:01:3d:c3:3b:7a:a6:bf:a7:46:9a:7c:63:79:54:
         9c:45:fe:9e:f0:aa:fb:64:54:7f:bc:c4:08:45:c7:40:2b:4f:
         79:c8:ae:ee:b6:e6:8f:e1:b9:39:52:b5:4d:5f:ff:fe:f7:d9:
         88:39:6e:89:3a:10:1a:cd:78:6b:02:06:57:57:25:a7:08:66:
         ae:0f:87:5e:2e:2e:d7:9e:c0:7c:0a:05:82:bb:42:09:cc:30:
         30:32:ce:4c:eb:52:72:84:82:56:cf:82:fe:0d:2b:4b:9c:d0:
         ab:08:25:b3:88:15:e9:f7:9a:e1:e9:e5:dc:66:75:4a:49:61:
         08:ce:39:66:ca:b6:cb:6d:76:c9:f0:ee:b9:b6:7a:2f:08:6c:
         44:e8:2f:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8SvHqKBgAnKaSSAAx51mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDYwMmI5ZTFkYTJiNTY4ZGY1NDRiZGE1MGU0MTU3OTli
YmIxZTIwHhcNMjYwMTAyMTgyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGZmZjcxYzY3MWNjODhiZjliMGQzZDkxNDRkODY3ODMwMTM3NzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1VsRLB44P8HU56SXBJZ0XRSXWXZ
hP70KbC4X9yENMppN1psUv41fVePZJmuPgzxxWzl9nk9NhQFAElLTQDkzmOqpvMX
2wJDDNd5GrzAUWorXkPbSGjDZyxftdJnLW32dLA6lJOruG3xSDMyjm7Q9OMJPHoB
OWK/io3BwMsvWPvykbfFZgIDatCU8X+RM9B+zljgA8uP1mvqyL4gGx7CDIHU5i4V
/HrlkO8OCTI1TsvEkS9w8f8SH4j7Fhw/eyex6SHdr1CW+pstbEKJk2xzKN0apUFI
mjLjUjLdz6UoKH2PhTInr3HtV9CfqdLrUvkUpUaJz4AgQ7FJEG6DFfNh7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGj/9xxnHMiL+bDT2RRNhngwE3cqMB8GA1UdIwQY
MBaAFAPWArnh2itWjfVEvaUOQVeZu7HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEt
ZmI5N2RkZDU0ODkxLzEvYVBfM0hHY2N5SXY1c05QWkZFMkdlREFUZHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEtZmI5N2RkZDU0ODkx
LzEvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQomMA0G
CSqGSIb3DQEBCwUAA4IBAQBrBpq8asKlxe1lINFgMaTbCUcI8oPBN5hF8rwzRbEw
GQi5hcKDzFpFZGQUGn9xKGzRjYAfv2oEVYQUMGYrjU6ilOD8tjFdIaibJ7SQWSvY
5S9MYKSy6Mf57Gxam0809HuMBQIcXFMuOzaM2JGT1w0aAT3DO3qmv6dGmnxjeVSc
Rf6e8Kr7ZFR/vMQIRcdAK095yK7utuaP4bk5UrVNX//+99mIOW6JOhAazXhrAgZX
VyWnCGauD4deLi7XnsB8CgWCu0IJzDAwMs5M61JyhIJWz4L+DStLnNCrCCWziBXp
95rh6eXcZnVKSWEIzjlmyrbLbXbJ8O65tnovCGxE6C8l
-----END CERTIFICATE-----