This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/RCTCABjb1kf9xffRM6eBlIQOdUI.roa
File:                     RCTCABjb1kf9xffRM6eBlIQOdUI.roa (raw, json)
Hash identifier:          i2zPj22CeXA+RGNTLX38vRBa6qy20rd5BizaP7QjwOM=
Subject key identifier:   44:24:C2:00:18:DB:D6:47:FD:C5:F7:D1:33:A7:81:94:84:0E:75:42
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C802510A6D2F2140509C32D0F609CBC
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/RCTCABjb1kf9xffRM6eBlIQOdUI.roa
Signing time:             Fri 02 Jan 2026 02:18:51 +0000
ROA not before:           Fri 02 Jan 2026 02:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200950
IP address blocks:        45.86.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:25:10:a6:d2:f2:14:05:09:c3:2d:0f:60:9c:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4424c20018dbd647fdc5f7d133a78194840e7542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:02:fa:1e:e1:71:f7:d5:d4:5a:9d:67:2f:b1:
                    1b:79:a4:da:81:fa:e0:ff:3d:7d:91:d3:55:64:a0:
                    0f:a0:df:06:9e:84:8e:97:7a:52:16:36:f4:d1:11:
                    82:55:26:1a:6f:60:54:82:a3:c2:aa:37:76:81:af:
                    ee:f7:bf:92:30:91:58:26:96:e8:c3:9c:b8:5d:c7:
                    d1:49:e9:1a:fc:0c:6b:17:33:70:d6:e4:a7:12:4c:
                    20:80:65:c9:da:2d:94:56:71:f7:54:8e:43:10:8f:
                    4e:96:db:03:7b:50:d9:a7:b6:63:fb:52:0d:5f:d2:
                    66:6d:78:de:6c:dc:8c:55:33:ab:ea:09:32:68:b4:
                    a7:49:6d:16:88:2f:18:0a:11:75:43:21:c2:31:26:
                    a7:2b:37:ce:5f:cb:ab:db:ea:4e:a0:0a:7d:21:15:
                    07:d0:46:91:87:10:d0:e9:e7:68:a5:9d:a4:19:1c:
                    b7:f4:9b:38:fe:3c:87:3b:5b:b6:41:ab:14:45:dc:
                    6a:27:29:d6:d3:69:53:d0:3f:f5:8e:7f:1a:4e:db:
                    1a:72:d2:bf:69:36:de:fb:a8:8d:7c:e8:93:b6:1d:
                    bb:79:0b:cd:c6:a9:35:5e:6a:40:d1:51:1f:e4:20:
                    fe:a2:a8:96:29:c8:11:55:47:a0:82:fc:76:b5:90:
                    d2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:24:C2:00:18:DB:D6:47:FD:C5:F7:D1:33:A7:81:94:84:0E:75:42
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/RCTCABjb1kf9xffRM6eBlIQOdUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:fe:0e:b9:34:47:0d:58:4f:d8:4a:8c:31:47:cf:00:d2:04:
         4e:21:ab:d7:b5:b2:da:98:19:3b:54:6f:35:3d:d6:8f:4b:3e:
         a3:bf:e5:c3:52:a7:49:2b:2b:66:78:ae:48:19:b2:5f:53:53:
         a1:4c:32:6f:63:b4:7a:bd:29:f3:94:95:36:38:3b:44:60:34:
         2f:13:11:e5:08:49:a6:47:ff:e8:d7:99:0d:f8:33:cf:7a:60:
         bb:ab:0b:06:e8:0f:8c:5f:95:b3:31:34:34:83:c7:2f:f6:51:
         fb:0d:ff:af:84:76:ea:21:38:0b:35:16:9e:5b:88:75:0a:8a:
         28:85:41:d0:44:9e:a6:01:e5:aa:3b:cc:cb:9d:00:c8:14:65:
         3a:63:b6:2b:a5:b5:ec:33:cd:6f:48:06:89:77:2b:9a:04:4c:
         a4:d9:19:cc:a4:e8:1b:4a:89:14:25:73:48:eb:7a:1f:4d:e5:
         06:2b:24:26:3b:ca:ac:c5:ef:08:cc:6d:79:02:7b:8a:1c:e7:
         6f:e5:24:fe:49:e6:d5:ad:b0:ba:f0:d8:25:4e:7e:1d:84:eb:
         21:e3:4f:46:66:03:ca:f4:a7:cc:58:20:76:f7:a6:c9:38:5a:
         cd:43:03:15:6d:4d:d0:61:7d:93:0d:1f:dd:5f:9b:04:78:e4:
         e2:77:ef:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCUQptLyFAUJwy0PYJy8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDI0YzIwMDE4ZGJkNjQ3ZmRjNWY3ZDEzM2E3ODE5NDg0MGU3NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAL6HuFx99XUWp1nL7EbeaTagfrg
/z19kdNVZKAPoN8GnoSOl3pSFjb00RGCVSYab2BUgqPCqjd2ga/u97+SMJFYJpbo
w5y4XcfRSeka/AxrFzNw1uSnEkwggGXJ2i2UVnH3VI5DEI9OltsDe1DZp7Zj+1IN
X9JmbXjebNyMVTOr6gkyaLSnSW0WiC8YChF1QyHCMSanKzfOX8ur2+pOoAp9IRUH
0EaRhxDQ6edopZ2kGRy39Js4/jyHO1u2QasURdxqJynW02lT0D/1jn8aTtsactK/
aTbe+6iNfOiTth27eQvNxqk1XmpA0VEf5CD+oqiWKcgRVUeggvx2tZDSXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQkwgAY29ZH/cX30TOngZSEDnVCMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvUkNUQ0FCamIxa2Y5eGZmUk02ZUJsSVFPZFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVaZMA0G
CSqGSIb3DQEBCwUAA4IBAQAS/g65NEcNWE/YSowxR88A0gROIavXtbLamBk7VG81
PdaPSz6jv+XDUqdJKytmeK5IGbJfU1OhTDJvY7R6vSnzlJU2ODtEYDQvExHlCEmm
R//o15kN+DPPemC7qwsG6A+MX5WzMTQ0g8cv9lH7Df+vhHbqITgLNRaeW4h1Cooo
hUHQRJ6mAeWqO8zLnQDIFGU6Y7YrpbXsM81vSAaJdyuaBEyk2RnMpOgbSokUJXNI
63ofTeUGKyQmO8qsxe8IzG15AnuKHOdv5ST+SebVrbC68NglTn4dhOsh409GZgPK
9KfMWCB296bJOFrNQwMVbU3QYX2TDR/dX5sEeOTid+/4
-----END CERTIFICATE-----
Generated at Mon Jan 19 19:56:30 2026 by rpki-client