This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VNplZLGVIdrN2B5WXkplboY2RRo.roa
File:                     VNplZLGVIdrN2B5WXkplboY2RRo.roa (raw, json)
Hash identifier:          B7J4QSNGmfjk5iYw/bev7Uz7PztP9Ky5Y6Jk1iXDmDg=
Subject key identifier:   54:DA:65:64:B1:95:21:DA:CD:D8:1E:56:5E:4A:65:6E:86:36:45:1A
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C80188FA055E0496F93CED5B1FBABA6
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VNplZLGVIdrN2B5WXkplboY2RRo.roa
Signing time:             Fri 02 Jan 2026 02:18:48 +0000
ROA not before:           Fri 02 Jan 2026 02:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38001
IP address blocks:        45.67.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:18:8f:a0:55:e0:49:6f:93:ce:d5:b1:fb:ab:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54da6564b19521dacdd81e565e4a656e8636451a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:25:e1:aa:c6:b5:05:8d:be:0e:06:44:70:8c:
                    81:a2:01:5c:2f:b0:7d:47:19:68:f6:e6:e1:09:f3:
                    bc:91:95:d4:55:b0:81:88:8c:85:bb:f2:cd:cb:df:
                    00:cf:48:7e:5d:6f:04:de:ae:c3:89:01:83:ae:92:
                    d1:b3:9e:ab:09:05:04:21:da:5e:40:59:35:4e:80:
                    29:e5:ee:ec:6e:13:2c:15:12:15:51:aa:f1:72:9d:
                    7d:2e:6a:29:05:96:8b:92:ad:93:fb:b3:64:c3:a6:
                    e6:67:38:09:e3:18:e0:30:c2:34:04:4a:18:81:67:
                    59:42:42:dc:05:d9:24:32:52:be:66:40:ae:a2:2c:
                    1d:7f:dd:68:8c:cc:7f:aa:26:37:62:ce:8b:5f:ac:
                    97:f5:8c:89:9d:ac:d1:50:2d:5e:23:b7:01:5d:76:
                    74:81:45:ec:1f:fd:bc:37:68:ba:ee:a6:9c:00:54:
                    b2:92:3f:ca:e4:3b:4e:92:b5:10:92:fd:21:f9:a4:
                    c5:68:7b:4a:1c:d7:e9:21:1b:25:4b:7a:f5:76:a2:
                    57:ad:d8:d1:78:48:cb:e7:d6:37:aa:46:87:c1:95:
                    ca:96:90:30:dc:38:f0:44:25:92:6b:ff:69:e6:a5:
                    41:9f:89:a6:bf:0b:09:35:3b:dd:6d:5e:17:b0:51:
                    68:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:DA:65:64:B1:95:21:DA:CD:D8:1E:56:5E:4A:65:6E:86:36:45:1A
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VNplZLGVIdrN2B5WXkplboY2RRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e3:f4:86:36:42:3c:ab:ad:18:44:f1:39:95:bc:5d:17:fb:
         33:7f:bf:be:46:91:c9:04:05:bb:bd:d5:5d:b8:c8:a1:3f:e6:
         ad:16:22:e0:0f:e4:b6:3a:77:3f:81:31:b4:03:59:4b:45:b6:
         29:24:61:28:c1:f0:56:f9:ba:9b:b2:dc:56:63:c5:bf:7f:28:
         54:b8:30:a1:17:02:c4:9b:c3:45:16:09:74:23:97:3f:2c:77:
         f8:86:db:ea:88:05:08:f3:c9:45:43:96:fe:e6:72:30:0a:a8:
         03:83:97:6e:3d:51:c6:9a:ef:5b:04:d7:67:7b:2f:54:19:95:
         d5:9a:1c:d5:53:ea:4b:ed:10:1f:8a:3a:61:18:b5:03:36:b4:
         4e:b0:a5:4f:4c:2f:29:87:c9:69:52:aa:8e:57:65:20:39:5b:
         7a:8b:9a:22:6d:86:38:fa:8b:dd:6c:a2:4f:12:c6:59:98:5e:
         9d:cd:af:dc:55:37:0b:a3:e6:bc:ae:09:be:91:82:49:a1:a4:
         e7:d3:64:b2:cb:a8:a9:84:49:f9:8b:a8:f2:f9:a0:d1:66:fe:
         c1:07:0a:ca:01:4b:4c:f2:34:6f:0a:f3:42:d9:ff:aa:14:c1:
         ee:d7:c3:11:3a:a9:23:6d:a0:8c:70:1d:15:19:36:cf:95:c2:
         f1:2f:8e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBiPoFXgSW+TztWx+6umMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGRhNjU2NGIxOTUyMWRhY2RkODFlNTY1ZTRhNjU2ZTg2MzY0NTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyXhqsa1BY2+DgZEcIyBogFcL7B9
Rxlo9ubhCfO8kZXUVbCBiIyFu/LNy98Az0h+XW8E3q7DiQGDrpLRs56rCQUEIdpe
QFk1ToAp5e7sbhMsFRIVUarxcp19LmopBZaLkq2T+7Nkw6bmZzgJ4xjgMMI0BEoY
gWdZQkLcBdkkMlK+ZkCuoiwdf91ojMx/qiY3Ys6LX6yX9YyJnazRUC1eI7cBXXZ0
gUXsH/28N2i67qacAFSykj/K5DtOkrUQkv0h+aTFaHtKHNfpIRslS3r1dqJXrdjR
eEjL59Y3qkaHwZXKlpAw3DjwRCWSa/9p5qVBn4mmvwsJNTvdbV4XsFFoPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTaZWSxlSHazdgeVl5KZW6GNkUaMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVk5wbFpMR1ZJZHJOMkI1V1hrcGxib1kyUlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUOJMA0G
CSqGSIb3DQEBCwUAA4IBAQCb4/SGNkI8q60YRPE5lbxdF/szf7++RpHJBAW7vdVd
uMihP+atFiLgD+S2Onc/gTG0A1lLRbYpJGEowfBW+bqbstxWY8W/fyhUuDChFwLE
m8NFFgl0I5c/LHf4htvqiAUI88lFQ5b+5nIwCqgDg5duPVHGmu9bBNdney9UGZXV
mhzVU+pL7RAfijphGLUDNrROsKVPTC8ph8lpUqqOV2UgOVt6i5oibYY4+ovdbKJP
EsZZmF6dza/cVTcLo+a8rgm+kYJJoaTn02Syy6iphEn5i6jy+aDRZv7BBwrKAUtM
8jRvCvNC2f+qFMHu18MROqkjbaCMcB0VGTbPlcLxL45D
-----END CERTIFICATE-----