This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/A1bQAOXZNhA4xD0DYsbXMY1DEE4.roa
File:                     A1bQAOXZNhA4xD0DYsbXMY1DEE4.roa (raw, json)
Hash identifier:          eGOJmOh8umGTdfiUy3BddRThCQh7xj1QJBNZ6Dmw0So=
Subject key identifier:   03:56:D0:00:E5:D9:36:10:38:C4:3D:03:62:C6:D7:31:8D:43:10:4E
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B7F838DFEED1FBE88F30FD52A66052B8F
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/A1bQAOXZNhA4xD0DYsbXMY1DEE4.roa
Signing time:             Fri 02 Jan 2026 16:21:26 +0000
ROA not before:           Fri 02 Jan 2026 16:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212669
IP address blocks:        45.154.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:8d:fe:ed:1f:be:88:f3:0f:d5:2a:66:05:2b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  2 16:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0356d000e5d9361038c43d0362c6d7318d43104e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:33:b6:03:8d:26:f5:2b:a4:85:65:2b:1f:58:
                    c9:c8:f1:73:43:d6:0f:55:ec:6e:51:51:23:57:fa:
                    ca:f9:2d:89:d0:ef:f5:07:82:82:cb:8b:3f:44:fc:
                    26:e3:fd:dd:b0:f4:15:95:ea:c0:1a:9a:4c:f4:e7:
                    84:0d:c8:ae:fe:b5:3c:9c:3b:a9:09:35:90:35:b4:
                    f4:e9:07:c8:1d:b0:0a:20:eb:59:6b:d6:54:3a:8b:
                    00:11:ee:88:b6:f0:56:ea:19:87:c8:86:46:63:92:
                    a6:c0:1f:4b:e6:cc:63:d5:6c:d5:ca:62:14:86:f0:
                    6e:2c:56:b1:8e:c6:1c:85:58:20:91:13:c6:5e:93:
                    f3:6e:3d:a4:a1:bd:c8:37:74:54:10:cd:ba:ca:70:
                    4a:ab:1f:c2:c2:13:01:86:e7:bd:63:db:dc:99:ed:
                    44:79:46:ee:06:ce:67:1e:09:fa:af:90:db:c2:ca:
                    5d:38:5f:68:5f:7e:61:72:2e:a9:6c:36:96:f9:75:
                    95:55:9e:86:65:2e:82:c5:8f:38:2c:32:ba:e4:24:
                    f3:d7:cd:8a:58:b3:fd:f5:31:83:6e:a0:a3:5e:b6:
                    1b:57:58:d8:c6:65:cc:8d:82:87:60:10:42:58:2c:
                    4e:d5:3d:63:c2:be:76:b4:8e:e1:41:c8:52:9b:e1:
                    ca:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:56:D0:00:E5:D9:36:10:38:C4:3D:03:62:C6:D7:31:8D:43:10:4E
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/A1bQAOXZNhA4xD0DYsbXMY1DEE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:a3:0c:b2:63:b7:6c:77:cd:9b:75:d0:22:ce:f4:82:ca:97:
         d9:da:10:2e:c4:69:36:b1:83:bf:94:38:8f:b8:5f:24:c4:84:
         76:b7:bb:c7:c3:ef:5e:16:20:45:44:79:9a:75:df:c1:0b:a9:
         1e:1c:29:d0:f5:fc:3d:e3:35:bc:4c:57:da:41:b8:7f:25:f7:
         9d:d6:e7:5c:af:b3:54:98:be:48:18:f0:23:66:fe:bc:10:0b:
         06:98:a4:e7:db:e7:1c:5d:17:99:f7:4a:f1:25:ac:75:ad:fc:
         bd:3b:c3:7c:e3:f6:c2:41:ef:cf:82:34:6f:19:2a:22:34:83:
         65:76:b1:95:d3:c5:cf:f0:9e:93:a0:ce:f1:35:49:30:bc:0f:
         10:17:e8:4a:0c:2d:52:1e:7b:74:a8:ae:74:a6:3e:04:ad:f5:
         7e:c6:d0:67:dd:b1:75:47:58:ec:cc:0c:88:c0:75:84:76:49:
         57:cd:1a:25:12:99:80:c1:cf:ee:2a:af:9e:6f:7c:a8:ac:e4:
         cd:3e:dd:78:8e:d3:66:32:bc:0b:b2:c1:45:25:57:0d:3c:35:
         cf:c5:e9:b9:3a:9f:d0:ad:a6:bf:6b:44:10:cd:f4:ff:0b:ae:
         86:1d:30:45:ec:fe:10:be:43:bc:ca:01:e1:63:5f:cc:1e:9e:
         06:33:8a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g43+7R++iPMP1SpmBSuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTAyMTYyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU2ZDAwMGU1ZDkzNjEwMzhjNDNkMDM2MmM2ZDczMThkNDMxMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTO2A40m9SukhWUrH1jJyPFzQ9YP
VexuUVEjV/rK+S2J0O/1B4KCy4s/RPwm4/3dsPQVlerAGppM9OeEDciu/rU8nDup
CTWQNbT06QfIHbAKIOtZa9ZUOosAEe6ItvBW6hmHyIZGY5KmwB9L5sxj1WzVymIU
hvBuLFaxjsYchVggkRPGXpPzbj2kob3IN3RUEM26ynBKqx/CwhMBhue9Y9vcme1E
eUbuBs5nHgn6r5DbwspdOF9oX35hci6pbDaW+XWVVZ6GZS6CxY84LDK65CTz182K
WLP99TGDbqCjXrYbV1jYxmXMjYKHYBBCWCxO1T1jwr52tI7hQchSm+HKewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANW0ADl2TYQOMQ9A2LG1zGNQxBOMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvQTFiUUFPWFpOaEE0eEQwRFlzYlhNWTFERUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqeMA0G
CSqGSIb3DQEBCwUAA4IBAQBPowyyY7dsd82bddAizvSCypfZ2hAuxGk2sYO/lDiP
uF8kxIR2t7vHw+9eFiBFRHmadd/BC6keHCnQ9fw94zW8TFfaQbh/Jfed1udcr7NU
mL5IGPAjZv68EAsGmKTn2+ccXReZ90rxJax1rfy9O8N84/bCQe/PgjRvGSoiNINl
drGV08XP8J6ToM7xNUkwvA8QF+hKDC1SHnt0qK50pj4ErfV+xtBn3bF1R1jszAyI
wHWEdklXzRolEpmAwc/uKq+eb3yorOTNPt14jtNmMrwLssFFJVcNPDXPxem5Op/Q
raa/a0QQzfT/C66GHTBF7P4QvkO8ygHhY1/MHp4GM4p8
-----END CERTIFICATE-----