This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cHxFGRMAoDhujIVPqex6UpYerSk.roa
File:                     cHxFGRMAoDhujIVPqex6UpYerSk.roa (raw, json)
Hash identifier:          nZJDNb9YsAXZ6YCYxmWtUk5NYEQ2e2DtDUO7vnLQQxk=
Subject key identifier:   70:7C:45:19:13:00:A0:38:6E:8C:85:4F:A9:EC:7A:52:96:1E:AD:29
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       019AC1382DECC87B331429830F1C7657F0AF
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cHxFGRMAoDhujIVPqex6UpYerSk.roa
Signing time:             Wed 26 Nov 2025 17:31:15 +0000
ROA not before:           Wed 26 Nov 2025 17:31:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133150
IP address blocks:        45.159.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 21:22:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c1:38:2d:ec:c8:7b:33:14:29:83:0f:1c:76:57:f0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Nov 26 17:31:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=707c45191300a0386e8c854fa9ec7a52961ead29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a0:d1:95:a9:07:15:68:65:ce:97:07:ac:98:
                    4a:cb:57:2f:0a:bf:72:bc:66:cf:ed:c9:c9:c3:37:
                    8d:3f:f6:35:b0:14:33:e2:cd:a6:0f:08:1e:a5:01:
                    61:2b:70:77:10:ea:51:7f:34:84:bc:53:d0:e0:aa:
                    0f:5b:97:69:b5:5d:7a:f1:48:f6:f3:76:89:0c:64:
                    8c:9f:37:0b:9e:65:7a:22:0c:f0:be:62:db:2f:68:
                    0a:da:d4:66:ef:dc:2a:5f:4e:42:67:34:99:33:0d:
                    11:4e:8c:63:af:71:61:7f:64:f5:af:1b:60:d4:0f:
                    28:1e:77:97:47:c3:16:e4:f7:75:33:49:49:07:83:
                    6b:f8:26:ff:b8:73:d4:79:b6:55:d4:7f:99:c1:0a:
                    65:1e:bc:b8:1c:92:94:ce:f6:17:3c:f8:9c:95:72:
                    ca:e3:5c:a0:d1:d5:67:88:16:36:dd:2b:74:d2:3d:
                    ad:52:01:79:15:26:b7:ab:11:83:2d:73:f5:af:e1:
                    37:3d:c4:dd:79:b1:96:f7:7b:e3:e1:34:05:68:55:
                    46:a7:ce:f5:dd:78:3e:47:ee:64:eb:16:8b:7a:1e:
                    a9:fe:17:ca:18:b2:23:26:0e:6f:cd:c1:5a:a7:27:
                    42:cb:54:92:da:87:02:d5:66:47:1d:22:27:81:10:
                    9c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:45:19:13:00:A0:38:6E:8C:85:4F:A9:EC:7A:52:96:1E:AD:29
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cHxFGRMAoDhujIVPqex6UpYerSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:27:ca:2a:7f:db:f8:bb:2c:bf:78:a2:a0:2b:7c:48:59:20:
         62:06:72:05:4f:c5:4f:c4:dc:12:31:7e:1e:4e:f5:d4:39:53:
         eb:ed:5c:82:b6:22:c7:46:96:ed:9f:b5:28:06:d5:05:4e:28:
         ea:d1:a9:3c:56:d1:ca:47:18:f2:d1:65:80:47:d0:ba:cf:71:
         bd:be:3b:e0:f3:dd:f4:2e:b4:3e:4d:f6:a9:a1:ff:d3:5c:f0:
         82:62:f9:b7:18:b3:9d:31:9d:27:48:19:7d:fa:b5:45:9e:8e:
         84:23:68:10:e2:c5:40:37:ca:1a:5a:aa:a8:e5:11:b7:d2:28:
         33:8a:7a:7e:47:2a:7d:5e:25:60:dc:84:85:71:06:27:2d:a5:
         09:88:91:85:70:3e:71:9f:81:b4:5d:de:e7:32:64:be:cd:51:
         9c:32:9d:09:71:35:4e:e8:2d:3a:ad:d6:8a:f2:90:41:36:e2:
         b4:26:80:0e:5a:51:e9:93:e1:2d:92:1a:7a:5f:5b:db:08:a3:
         27:7d:9a:2f:a1:96:7b:61:6b:a6:44:16:77:62:19:f2:09:e9:
         6a:e3:b0:4f:7d:5b:19:bd:5f:3a:3d:b6:a7:29:00:95:13:83:
         63:f1:2a:de:fe:8d:c8:82:80:37:57:a6:93:a6:1f:95:3f:a9:
         2a:23:23:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrBOC3syHszFCmDDxx2V/CvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUxMTI2MTczMTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjNDUxOTEzMDBhMDM4NmU4Yzg1NGZhOWVjN2E1Mjk2MWVhZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqDRlakHFWhlzpcHrJhKy1cvCr9y
vGbP7cnJwzeNP/Y1sBQz4s2mDwgepQFhK3B3EOpRfzSEvFPQ4KoPW5dptV168Uj2
83aJDGSMnzcLnmV6IgzwvmLbL2gK2tRm79wqX05CZzSZMw0RToxjr3Fhf2T1rxtg
1A8oHneXR8MW5Pd1M0lJB4Nr+Cb/uHPUebZV1H+ZwQplHry4HJKUzvYXPPiclXLK
41yg0dVniBY23St00j2tUgF5FSa3qxGDLXP1r+E3PcTdebGW93vj4TQFaFVGp871
3Xg+R+5k6xaLeh6p/hfKGLIjJg5vzcFapydCy1SS2ocC1WZHHSIngRCclQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB8RRkTAKA4boyFT6nselKWHq0pMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvY0h4RkdSTUFvRGh1aklWUHFleDZVcFllclNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ9cMA0G
CSqGSIb3DQEBCwUAA4IBAQADJ8oqf9v4uyy/eKKgK3xIWSBiBnIFT8VPxNwSMX4e
TvXUOVPr7VyCtiLHRpbtn7UoBtUFTijq0ak8VtHKRxjy0WWAR9C6z3G9vjvg8930
LrQ+Tfapof/TXPCCYvm3GLOdMZ0nSBl9+rVFno6EI2gQ4sVAN8oaWqqo5RG30igz
inp+Ryp9XiVg3ISFcQYnLaUJiJGFcD5xn4G0Xd7nMmS+zVGcMp0JcTVO6C06rdaK
8pBBNuK0JoAOWlHpk+Etkhp6X1vbCKMnfZovoZZ7YWumRBZ3YhnyCelq47BPfVsZ
vV86PbanKQCVE4Nj8Sre/o3IgoA3V6aTph+VP6kqIyNL
-----END CERTIFICATE-----