This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/9EzrkfCb3685-QENXXhTIl2uZz4.roa
File:                     9EzrkfCb3685-QENXXhTIl2uZz4.roa (raw, json)
Hash identifier:          4o0MB77YQKRQiZHQrZxR1nkb/HsRFN1Kq0iR4K53WZA=
Subject key identifier:   F4:4C:EB:91:F0:9B:DF:AF:39:F9:01:0D:5D:78:53:22:5D:AE:67:3E
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       019B7B35C5C1D8C011414531ABAF6E952190
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/9EzrkfCb3685-QENXXhTIl2uZz4.roa
Signing time:             Thu 01 Jan 2026 20:18:00 +0000
ROA not before:           Thu 01 Jan 2026 20:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1239
IP address blocks:        45.135.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:c5:c1:d8:c0:11:41:45:31:ab:af:6e:95:21:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 20:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f44ceb91f09bdfaf39f9010d5d7853225dae673e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ce:58:cf:cb:4b:71:89:4c:17:27:3d:67:2b:
                    3e:99:2d:22:2c:e1:cf:ff:4b:3b:70:12:1a:4f:83:
                    1f:e1:ab:25:73:ec:8f:54:aa:fb:6e:bb:87:54:10:
                    03:82:09:f1:69:1c:ba:af:bb:ee:2c:0d:b1:ba:be:
                    ae:a1:55:e3:ef:54:a1:53:cc:4d:a9:d3:91:ae:75:
                    d5:14:59:fc:98:71:4d:d6:16:02:88:63:96:27:a7:
                    dc:0c:72:25:89:35:a6:52:9c:0f:68:a0:aa:87:ed:
                    e7:c6:6c:9b:ea:cf:3a:f7:f1:2c:df:5a:2c:1e:e4:
                    ba:3e:1a:e0:8a:8e:a8:c9:d7:ca:15:b0:d9:98:5e:
                    ce:e3:21:37:9a:7b:c5:90:7b:f3:2c:c2:19:bf:c0:
                    cf:f0:6c:19:62:d4:98:08:74:b4:f5:19:11:06:36:
                    8f:53:7e:5d:40:a9:54:7d:3c:22:36:aa:6d:44:16:
                    c4:1d:ee:3e:0c:23:85:48:48:87:a4:9b:b2:da:7c:
                    85:09:11:c4:f7:90:f2:64:b7:26:d8:75:b3:39:54:
                    a2:d7:e9:74:64:a5:79:97:c8:6e:24:89:98:a8:4b:
                    7e:3d:bc:16:23:28:ec:d4:d6:0c:8f:7a:c1:a3:08:
                    ea:15:41:03:e6:34:61:f5:ed:98:57:e6:73:c4:eb:
                    ea:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4C:EB:91:F0:9B:DF:AF:39:F9:01:0D:5D:78:53:22:5D:AE:67:3E
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/9EzrkfCb3685-QENXXhTIl2uZz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:82:fb:1f:58:3b:50:2d:16:56:6c:1b:18:65:9a:58:1c:57:
         57:dd:66:38:ff:1d:9d:aa:4c:17:ef:80:18:e8:62:65:09:ce:
         35:0a:94:a3:ae:ab:89:a5:0b:fc:29:ca:31:5f:44:d7:90:03:
         a9:ea:d5:c5:01:d4:bd:72:ba:fe:ac:68:54:6a:f0:06:f5:ba:
         53:c7:f5:f0:b6:bf:2e:8b:c6:0b:e8:f7:df:09:31:3a:a5:6b:
         a3:21:50:c7:db:e6:3e:5a:98:61:ce:ad:ac:9d:36:7b:29:8d:
         ab:f4:b1:22:8d:e4:09:49:0c:1b:a8:38:82:8b:43:76:24:d1:
         2e:bc:a5:ca:92:aa:52:6b:83:18:0e:48:42:16:97:7b:79:82:
         34:cf:3e:a3:fd:36:03:2a:3a:7e:db:96:84:82:c1:d3:c9:63:
         1b:46:76:ca:9a:de:e5:39:65:4d:fa:87:dc:51:86:d5:c0:f5:
         53:52:ad:67:04:cd:13:32:79:e0:67:e9:96:36:7a:80:c0:0d:
         c9:42:c0:68:6c:bb:11:ce:c2:f6:01:f8:e7:96:94:a4:20:d3:
         b5:5f:64:6f:8f:a1:20:5e:33:f3:a1:11:7f:5d:1d:20:de:78:
         61:c4:3a:d1:6f:cb:4f:c1:b7:d3:9d:85:0e:af:ab:87:8c:d9:
         72:78:a5:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NcXB2MARQUUxq69ulSGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjYwMTAxMjAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRjZWI5MWYwOWJkZmFmMzlmOTAxMGQ1ZDc4NTMyMjVkYWU2NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M5Yz8tLcYlMFyc9Zys+mS0iLOHP
/0s7cBIaT4Mf4aslc+yPVKr7bruHVBADggnxaRy6r7vuLA2xur6uoVXj71ShU8xN
qdORrnXVFFn8mHFN1hYCiGOWJ6fcDHIliTWmUpwPaKCqh+3nxmyb6s869/Es31os
HuS6Phrgio6oydfKFbDZmF7O4yE3mnvFkHvzLMIZv8DP8GwZYtSYCHS09RkRBjaP
U35dQKlUfTwiNqptRBbEHe4+DCOFSEiHpJuy2nyFCRHE95DyZLcm2HWzOVSi1+l0
ZKV5l8huJImYqEt+PbwWIyjs1NYMj3rBowjqFUED5jRh9e2YV+ZzxOvqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRM65Hwm9+vOfkBDV14UyJdrmc+MB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvOUV6cmtmQ2IzNjg1LVFFTlhYaFRJbDJ1Wno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeLMA0G
CSqGSIb3DQEBCwUAA4IBAQAggvsfWDtQLRZWbBsYZZpYHFdX3WY4/x2dqkwX74AY
6GJlCc41CpSjrquJpQv8KcoxX0TXkAOp6tXFAdS9crr+rGhUavAG9bpTx/Xwtr8u
i8YL6PffCTE6pWujIVDH2+Y+Wphhzq2snTZ7KY2r9LEijeQJSQwbqDiCi0N2JNEu
vKXKkqpSa4MYDkhCFpd7eYI0zz6j/TYDKjp+25aEgsHTyWMbRnbKmt7lOWVN+ofc
UYbVwPVTUq1nBM0TMnngZ+mWNnqAwA3JQsBobLsRzsL2AfjnlpSkINO1X2Rvj6Eg
XjPzoRF/XR0g3nhhxDrRb8tPwbfTnYUOr6uHjNlyeKU/
-----END CERTIFICATE-----