This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/apcs4_oanmR8NCDusffG9AvEfsM.roa
File:                     apcs4_oanmR8NCDusffG9AvEfsM.roa (raw, json)
Hash identifier:          sHeaDVArieWiT+UWIxgi2mojPq8GGVCZyBNdboptcLo=
Subject key identifier:   6A:97:2C:E3:FA:1A:9E:64:7C:34:20:EE:B1:F7:C6:F4:0B:C4:7E:C3
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B7F83879C0CE2742C5AC36E00890C72C8
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/apcs4_oanmR8NCDusffG9AvEfsM.roa
Signing time:             Fri 02 Jan 2026 16:21:24 +0000
ROA not before:           Fri 02 Jan 2026 16:21:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137897
IP address blocks:        45.65.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:87:9c:0c:e2:74:2c:5a:c3:6e:00:89:0c:72:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  2 16:21:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a972ce3fa1a9e647c3420eeb1f7c6f40bc47ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6f:8f:b9:4c:2e:c5:95:43:16:39:51:dd:75:
                    56:ca:35:8e:ff:f9:f3:ca:21:65:cd:8e:7d:c6:01:
                    7f:1f:d4:95:63:29:63:f9:7f:98:6d:e8:bd:fd:20:
                    76:fa:31:a9:1c:ea:a2:41:53:10:7b:ad:89:4f:a0:
                    59:ec:03:53:5f:a4:99:51:77:de:a8:56:8b:f9:39:
                    87:b7:1d:ae:c9:0e:59:f7:ca:0b:b3:f8:1f:01:04:
                    51:97:f2:e4:f6:81:09:1b:0b:f8:da:21:8e:9c:16:
                    d8:3f:d9:37:57:2f:05:f1:5e:ef:8f:f6:ab:62:31:
                    f4:62:ba:d9:e1:d5:71:2f:ca:5c:75:9e:e3:e2:01:
                    93:f1:8d:e7:04:3d:55:d3:1f:91:0d:51:74:bb:77:
                    77:2e:26:6f:d8:34:1a:a7:f1:5d:90:97:11:d2:4b:
                    da:9c:e4:e1:24:9a:04:5c:0a:7d:da:bc:52:1b:cb:
                    ad:bc:e6:73:48:e8:1e:97:3f:43:1d:65:a7:f1:fe:
                    38:bf:fc:23:c7:dc:4e:af:ce:45:7e:9e:89:44:8c:
                    e6:02:b6:d6:ce:6f:5b:6f:60:42:8b:56:d4:0f:c1:
                    9c:38:ea:68:6b:a7:a9:a7:61:5d:4e:72:2f:3a:b7:
                    75:33:0e:cf:ff:78:bd:73:b8:61:f3:6e:01:0b:c0:
                    24:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:97:2C:E3:FA:1A:9E:64:7C:34:20:EE:B1:F7:C6:F4:0B:C4:7E:C3
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/apcs4_oanmR8NCDusffG9AvEfsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:99:71:a7:33:fc:71:35:79:ae:08:c1:12:d9:97:02:46:cf:
         dc:94:dc:8e:e0:db:c3:e0:6f:a3:75:9e:d1:24:15:64:95:66:
         d3:43:ef:4d:36:d7:80:7f:bf:11:55:fc:0d:67:2e:27:6d:79:
         a5:e6:0f:62:8f:f4:0e:1e:1a:eb:fc:d8:50:d3:9c:c0:43:94:
         ee:06:a5:5c:1f:5a:c7:01:00:be:1b:fc:a1:94:36:ce:b2:98:
         6e:42:74:2d:bb:94:06:95:44:18:41:63:1d:81:9b:ac:2d:7a:
         08:7d:8c:74:6e:e0:cb:d8:01:1e:2c:f0:89:f4:b6:1f:28:ac:
         46:4b:6a:0e:a7:9e:2c:f4:e0:ac:18:5e:05:86:c0:f8:63:a7:
         ac:3c:ca:0b:58:28:3c:40:fb:6d:81:24:dc:dd:dd:bd:c6:98:
         83:b5:7c:4f:72:16:1d:26:94:7b:4e:e5:84:14:a0:ce:df:26:
         88:e3:ea:48:32:65:56:f7:5b:87:52:cb:eb:d1:2a:91:3f:67:
         ec:64:46:d3:7f:79:8c:80:6d:bf:46:3f:ca:e7:4b:53:79:ce:
         07:11:a3:9c:1c:36:4a:c9:ff:19:a5:12:2c:31:8f:91:87:c5:
         6f:ce:3d:4c:85:8f:77:fb:0a:ff:7d:c9:00:07:57:36:95:0c:
         0a:7a:a1:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g4ecDOJ0LFrDbgCJDHLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTAyMTYyMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk3MmNlM2ZhMWE5ZTY0N2MzNDIwZWViMWY3YzZmNDBiYzQ3ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2+PuUwuxZVDFjlR3XVWyjWO//nz
yiFlzY59xgF/H9SVYylj+X+Ybei9/SB2+jGpHOqiQVMQe62JT6BZ7ANTX6SZUXfe
qFaL+TmHtx2uyQ5Z98oLs/gfAQRRl/Lk9oEJGwv42iGOnBbYP9k3Vy8F8V7vj/ar
YjH0YrrZ4dVxL8pcdZ7j4gGT8Y3nBD1V0x+RDVF0u3d3LiZv2DQap/FdkJcR0kva
nOThJJoEXAp92rxSG8utvOZzSOgelz9DHWWn8f44v/wjx9xOr85Ffp6JRIzmArbW
zm9bb2BCi1bUD8GcOOpoa6epp2FdTnIvOrd1Mw7P/3i9c7hh824BC8Ak1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqXLOP6Gp5kfDQg7rH3xvQLxH7DMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvYXBjczRfb2FubVI4TkNEdXNmZkc5QXZFZnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUFxMA0G
CSqGSIb3DQEBCwUAA4IBAQAsmXGnM/xxNXmuCMES2ZcCRs/clNyO4NvD4G+jdZ7R
JBVklWbTQ+9NNteAf78RVfwNZy4nbXml5g9ij/QOHhrr/NhQ05zAQ5TuBqVcH1rH
AQC+G/yhlDbOsphuQnQtu5QGlUQYQWMdgZusLXoIfYx0buDL2AEeLPCJ9LYfKKxG
S2oOp54s9OCsGF4FhsD4Y6esPMoLWCg8QPttgSTc3d29xpiDtXxPchYdJpR7TuWE
FKDO3yaI4+pIMmVW91uHUsvr0SqRP2fsZEbTf3mMgG2/Rj/K50tTec4HEaOcHDZK
yf8ZpRIsMY+Rh8Vvzj1MhY93+wr/fckAB1c2lQwKeqF9
-----END CERTIFICATE-----