This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/pFhubwSNdAYBGmBojn7PXR4qmPw.roa
File:                     pFhubwSNdAYBGmBojn7PXR4qmPw.roa (raw, json)
Hash identifier:          3NUl+CvK/jyTI2OJq3B6/7x1aR9RvE8f9qeqZkFG9nE=
Subject key identifier:   A4:58:6E:6F:04:8D:74:06:01:1A:60:68:8E:7E:CF:5D:1E:2A:98:FC
Certificate issuer:       /CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
Certificate serial:       019B78A2B1FEF2C715617F6DD7D5E444E640
Authority key identifier: 8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/pFhubwSNdAYBGmBojn7PXR4qmPw.roa
Signing time:             Thu 01 Jan 2026 08:18:06 +0000
ROA not before:           Thu 01 Jan 2026 08:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50302
IP address blocks:        45.133.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:b1:fe:f2:c7:15:61:7f:6d:d7:d5:e4:44:e6:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
        Validity
            Not Before: Jan  1 08:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4586e6f048d7406011a60688e7ecf5d1e2a98fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:80:90:37:c9:e6:1e:41:8d:8f:7c:88:c0:45:
                    3c:09:ab:e1:11:3a:11:77:c0:2c:b5:57:e4:58:a2:
                    bf:4f:b4:98:5e:0a:62:6c:3e:4c:f3:8d:f3:76:e5:
                    ef:48:bf:79:21:72:12:4c:3a:96:3c:2d:a0:7d:83:
                    65:ec:25:d4:2d:e4:56:27:62:ef:de:13:bf:c6:57:
                    2a:b1:72:de:a2:df:d6:ba:48:77:cd:2f:bd:b3:1a:
                    d1:6d:f7:e6:ac:5f:c4:d1:57:43:5e:f5:4a:fa:39:
                    eb:ba:ef:54:32:d4:09:d3:f3:c9:82:dd:20:ec:be:
                    39:88:8b:78:aa:a5:99:d0:10:b7:24:c8:35:fe:05:
                    cf:84:e7:2f:12:6f:4e:ad:49:f3:81:52:47:4e:0b:
                    a7:60:4e:72:25:be:31:6a:82:84:dd:4b:0f:3c:78:
                    b2:cb:88:e4:31:6d:fb:ac:6d:f0:f2:99:e9:a1:f2:
                    9b:39:70:84:bc:4d:47:f5:21:0c:23:b5:f1:8a:8f:
                    34:a0:07:f1:df:29:59:3f:5b:9c:aa:5c:0c:f1:a2:
                    79:8c:4e:b6:ca:29:ac:a1:98:ce:f9:d6:af:e1:e4:
                    d6:21:f6:aa:84:35:11:c2:45:d1:ea:e9:16:ec:ca:
                    fb:79:bd:67:96:5e:63:c9:bc:bb:a2:9b:54:b5:ff:
                    35:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:58:6E:6F:04:8D:74:06:01:1A:60:68:8E:7E:CF:5D:1E:2A:98:FC
            X509v3 Authority Key Identifier:
                keyid:8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/pFhubwSNdAYBGmBojn7PXR4qmPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:4b:2e:2d:2f:d2:45:42:54:8d:c8:6a:52:8c:f9:ce:c0:aa:
         e8:59:1e:a2:a8:45:97:ad:12:be:44:d2:b6:87:7d:5c:3c:a8:
         c5:11:56:b6:f1:02:3a:4e:18:26:be:87:18:a8:ad:9c:cd:ff:
         fa:25:52:06:f5:99:4a:88:e1:dd:f4:d5:31:91:a2:1c:78:fb:
         42:d3:7c:cb:dc:5d:ea:f6:c7:2f:92:6a:ed:a4:44:99:dc:cb:
         37:13:a9:0e:e2:92:92:08:ef:3b:9c:17:b9:53:d1:fe:b4:62:
         e3:4a:3c:fc:32:9d:4b:ca:57:ed:b9:96:65:c6:ff:08:ad:96:
         b4:04:ea:c8:91:b0:e9:a0:25:64:6c:9c:5c:33:a6:73:5e:d9:
         77:e0:f7:45:9f:d7:f2:de:77:f3:0f:f6:20:29:3c:64:04:c9:
         d0:4a:24:0f:b4:c2:3f:cf:f2:78:46:92:79:2e:79:c8:80:f6:
         8d:02:e8:87:a1:35:35:d6:f1:96:78:b6:4c:39:41:45:99:f3:
         e6:49:7c:d3:cb:80:a2:a8:07:92:1d:43:88:4f:21:68:70:13:
         15:6e:cf:15:13:b4:6d:24:04:4f:44:76:40:27:c5:3d:3b:68:
         ed:8d:09:59:3f:ff:62:78:61:6b:66:eb:8b:50:65:44:af:cc:
         91:be:4a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4orH+8scVYX9t19XkROZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWNlMWQxMzViZjJjZjhlOGMxM2YzM2VjMTFjODUyMzcw
M2RjNzUwHhcNMjYwMTAxMDgxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDU4NmU2ZjA0OGQ3NDA2MDExYTYwNjg4ZTdlY2Y1ZDFlMmE5OGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmICQN8nmHkGNj3yIwEU8CavhEToR
d8AstVfkWKK/T7SYXgpibD5M843zduXvSL95IXISTDqWPC2gfYNl7CXULeRWJ2Lv
3hO/xlcqsXLeot/Wukh3zS+9sxrRbffmrF/E0VdDXvVK+jnruu9UMtQJ0/PJgt0g
7L45iIt4qqWZ0BC3JMg1/gXPhOcvEm9OrUnzgVJHTgunYE5yJb4xaoKE3UsPPHiy
y4jkMW37rG3w8pnpofKbOXCEvE1H9SEMI7Xxio80oAfx3ylZP1ucqlwM8aJ5jE62
yimsoZjO+dav4eTWIfaqhDURwkXR6ukW7Mr7eb1nll5jyby7optUtf816QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRYbm8EjXQGARpgaI5+z10eKpj8MB8GA1UdIwQY
MBaAFIoc4dE1vyz46ME/M+wRyFI3A9x1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDIt
ZGVlMjkyZWE4N2EzLzEvcEZodWJ3U05kQVlCR21Cb2puN1BYUjRxbVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDItZGVlMjkyZWE4N2Ez
LzEvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYVcMA0G
CSqGSIb3DQEBCwUAA4IBAQBTSy4tL9JFQlSNyGpSjPnOwKroWR6iqEWXrRK+RNK2
h31cPKjFEVa28QI6ThgmvocYqK2czf/6JVIG9ZlKiOHd9NUxkaIcePtC03zL3F3q
9scvkmrtpESZ3Ms3E6kO4pKSCO87nBe5U9H+tGLjSjz8Mp1LylftuZZlxv8IrZa0
BOrIkbDpoCVkbJxcM6ZzXtl34PdFn9fy3nfzD/YgKTxkBMnQSiQPtMI/z/J4RpJ5
LnnIgPaNAuiHoTU11vGWeLZMOUFFmfPmSXzTy4CiqAeSHUOITyFocBMVbs8VE7Rt
JARPRHZAJ8U9O2jtjQlZP/9ieGFrZuuLUGVEr8yRvkom
-----END CERTIFICATE-----