This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CWLaOCMS41oq_NDV1H-U97YlWvE.roa
File:                     CWLaOCMS41oq_NDV1H-U97YlWvE.roa (raw, json)
Hash identifier:          zHe2kd3KZe6mkmgt0YT6SNyOb9aCG8MGbnontX0cUnQ=
Subject key identifier:   09:62:DA:38:23:12:E3:5A:2A:FC:D0:D5:D4:7F:94:F7:B6:25:5A:F1
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C802D9C72210B93B284C94EF4E14F44
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CWLaOCMS41oq_NDV1H-U97YlWvE.roa
Signing time:             Fri 02 Jan 2026 02:18:53 +0000
ROA not before:           Fri 02 Jan 2026 02:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214677
IP address blocks:        46.243.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:2d:9c:72:21:0b:93:b2:84:c9:4e:f4:e1:4f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0962da382312e35a2afcd0d5d47f94f7b6255af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e7:c4:43:6d:bd:e2:29:01:22:b7:a7:54:5d:
                    37:58:79:0c:3f:06:a3:a5:fb:1d:4e:5b:9d:b5:3a:
                    f5:2b:7e:c7:a7:7c:c1:55:77:ea:69:24:c4:1b:21:
                    8e:d5:c2:21:b2:8f:29:a9:de:58:d4:68:f9:63:d2:
                    c3:df:cb:c1:ae:08:d1:43:b2:88:99:91:60:b8:12:
                    1b:fd:ec:3a:c2:7f:21:8e:5a:94:8f:f0:c9:4c:f1:
                    92:34:d5:26:17:76:51:af:8e:1a:81:9f:1e:cf:1f:
                    b4:98:ac:1a:de:37:98:7f:24:c8:cf:23:93:a1:d5:
                    2b:d8:77:c0:53:b7:52:2d:cb:9b:31:60:66:3b:2b:
                    12:37:fd:c1:c8:56:50:2b:d4:d6:3d:21:19:f1:16:
                    7a:c3:6c:62:3c:77:8b:2c:a1:17:83:ec:75:2d:fa:
                    3e:1d:a0:bd:e3:9c:fb:f9:91:53:44:4b:b2:c9:45:
                    7b:b5:db:76:3c:01:c6:68:b5:f8:1c:df:32:55:27:
                    fe:f6:2c:06:e4:b5:ff:59:6e:69:ad:03:7a:6d:57:
                    ff:63:74:e9:14:1a:68:f8:25:c2:16:9b:71:fe:5a:
                    00:30:3e:00:0a:e4:01:d0:27:9a:f3:6b:95:d6:37:
                    91:d9:68:3c:29:ae:36:26:48:06:f3:e8:0d:ac:c2:
                    b6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:62:DA:38:23:12:E3:5A:2A:FC:D0:D5:D4:7F:94:F7:B6:25:5A:F1
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/CWLaOCMS41oq_NDV1H-U97YlWvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:67:31:25:81:09:c3:fa:fa:c6:f9:37:3a:62:10:e4:d7:35:
         9e:a4:3a:cb:99:be:2a:34:26:fb:e1:cd:c4:70:66:0d:63:e0:
         b8:4c:b7:d3:02:03:1b:67:b6:35:71:6c:04:59:a0:3c:d6:d0:
         de:1f:3f:3a:ea:c3:3f:fc:63:ad:0e:6a:cb:3a:36:28:c9:8f:
         bb:1b:9d:a6:27:99:b4:e5:96:82:02:84:3d:0e:a1:11:ce:97:
         3f:73:38:17:23:b4:65:02:a8:7d:32:a2:96:61:7c:ee:0d:f8:
         4a:05:52:0e:c7:2a:e4:9b:b0:0d:5a:ff:70:40:1c:b2:b7:7a:
         f9:5b:28:80:d9:aa:0c:d1:fb:32:b7:5c:d5:6e:84:df:c4:26:
         27:85:5d:81:2d:fb:b8:90:51:23:43:ab:bc:cd:6d:60:eb:27:
         2c:77:e8:7a:4a:b3:f8:47:95:9b:b8:79:73:12:41:d5:68:99:
         6d:06:04:7a:22:3e:3a:c1:3e:3a:fd:29:63:2c:e0:1b:cf:d1:
         2d:0d:8c:3c:df:c1:97:3e:f8:95:61:ad:ea:98:a1:93:b3:bc:
         14:88:86:ee:15:a2:f6:06:72:f6:17:87:04:de:73:b9:a5:e3:
         b8:28:0a:e8:d9:78:38:66:fd:5e:33:77:b3:fc:42:75:ea:23:
         76:ea:9b:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gC2cciELk7KEyU704U9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTYyZGEzODIzMTJlMzVhMmFmY2QwZDVkNDdmOTRmN2I2MjU1YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzefEQ2294ikBIrenVF03WHkMPwaj
pfsdTludtTr1K37Hp3zBVXfqaSTEGyGO1cIhso8pqd5Y1Gj5Y9LD38vBrgjRQ7KI
mZFguBIb/ew6wn8hjlqUj/DJTPGSNNUmF3ZRr44agZ8ezx+0mKwa3jeYfyTIzyOT
odUr2HfAU7dSLcubMWBmOysSN/3ByFZQK9TWPSEZ8RZ6w2xiPHeLLKEXg+x1Lfo+
HaC945z7+ZFTREuyyUV7tdt2PAHGaLX4HN8yVSf+9iwG5LX/WW5prQN6bVf/Y3Tp
FBpo+CXCFptx/loAMD4ACuQB0Cea82uV1jeR2Wg8Ka42JkgG8+gNrMK2BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAli2jgjEuNaKvzQ1dR/lPe2JVrxMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvQ1dMYU9DTVM0MW9xX05EVjFILVU5N1lsV3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvNNMA0G
CSqGSIb3DQEBCwUAA4IBAQCkZzElgQnD+vrG+Tc6YhDk1zWepDrLmb4qNCb74c3E
cGYNY+C4TLfTAgMbZ7Y1cWwEWaA81tDeHz866sM//GOtDmrLOjYoyY+7G52mJ5m0
5ZaCAoQ9DqERzpc/czgXI7RlAqh9MqKWYXzuDfhKBVIOxyrkm7ANWv9wQByyt3r5
WyiA2aoM0fsyt1zVboTfxCYnhV2BLfu4kFEjQ6u8zW1g6ycsd+h6SrP4R5WbuHlz
EkHVaJltBgR6Ij46wT46/SljLOAbz9EtDYw838GXPviVYa3qmKGTs7wUiIbuFaL2
BnL2F4cE3nO5peO4KAro2Xg4Zv1eM3ez/EJ16iN26psv
-----END CERTIFICATE-----