This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/sUiINbHf6tCM8nGmyhEKR4b0apM.roa
File:                     sUiINbHf6tCM8nGmyhEKR4b0apM.roa (raw, json)
Hash identifier:          Mtba8LpYwWU0hiXcxGJp7lHm7utwzLcKa532URQ45ok=
Subject key identifier:   B1:48:88:35:B1:DF:EA:D0:8C:F2:71:A6:CA:11:0A:47:86:F4:6A:93
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C80211E933C8CC060CE8B2C8B116B4E
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/sUiINbHf6tCM8nGmyhEKR4b0apM.roa
Signing time:             Fri 02 Jan 2026 02:18:50 +0000
ROA not before:           Fri 02 Jan 2026 02:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136557
IP address blocks:        45.67.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:21:1e:93:3c:8c:c0:60:ce:8b:2c:8b:11:6b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1488835b1dfead08cf271a6ca110a4786f46a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:26:11:82:b1:4b:2c:5e:a0:1c:94:41:26:af:
                    ce:19:c4:ad:e7:0c:03:57:36:d5:74:9c:45:ee:71:
                    87:6d:e3:52:2d:36:9a:37:60:d0:30:d7:b7:8b:36:
                    ac:dd:29:40:42:7d:cf:38:d1:f1:fd:74:a4:86:15:
                    02:69:d2:24:ac:e8:92:88:dc:61:33:6f:47:0b:d3:
                    2d:c0:55:6b:4c:d3:3a:6c:2b:4f:7d:79:60:65:a6:
                    16:38:69:8f:c0:65:e4:df:dd:ad:c2:f3:03:d5:7b:
                    b8:fb:d1:39:7f:c7:8a:78:99:6f:57:09:dd:16:af:
                    e8:b4:9b:cc:2e:cc:e0:56:21:dd:10:ab:1c:55:73:
                    37:e3:98:63:c9:a1:c5:c6:94:f5:bf:92:6c:45:a5:
                    ae:e9:4d:f9:9a:78:86:12:4e:97:6c:48:e3:1e:98:
                    59:bb:0f:f5:5f:8f:3f:70:27:a4:ca:e2:a5:05:f1:
                    c8:67:6d:f7:83:cc:85:ac:18:ee:7e:c0:2e:14:b9:
                    be:cd:d4:dd:9a:da:c8:e8:91:c4:5d:a4:4e:85:4e:
                    68:af:57:d4:84:6a:2c:39:81:a9:db:0f:40:de:11:
                    15:f0:92:7a:32:07:c8:ad:e2:09:a2:53:ec:52:39:
                    47:24:f3:19:be:95:2e:73:32:4d:9a:3a:e4:b6:29:
                    24:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:48:88:35:B1:DF:EA:D0:8C:F2:71:A6:CA:11:0A:47:86:F4:6A:93
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/sUiINbHf6tCM8nGmyhEKR4b0apM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c4:48:bd:68:71:0d:5b:91:7d:7f:0b:6b:a8:4f:ca:6a:5c:
         e1:11:87:86:af:2e:f7:78:ce:5a:e7:4b:d9:0a:fc:b6:a2:ce:
         0a:5e:bd:ac:47:08:91:40:43:a5:5c:43:06:ad:88:4a:a9:76:
         34:d8:3a:8a:c4:46:b6:e7:d0:c5:c9:3d:e3:c8:c5:56:0e:b0:
         54:b4:05:d9:ce:a2:f3:98:24:3e:e5:e5:f1:c9:20:d4:7f:61:
         1a:15:b2:30:fb:d8:58:e0:a8:9f:32:de:ce:24:84:8d:05:a9:
         6a:7b:56:c3:96:f8:02:56:9d:00:85:73:d3:2f:84:6e:47:69:
         e4:2d:f9:ee:46:04:1c:e8:90:fa:ea:dd:8b:ee:f4:eb:6a:cd:
         a2:a0:d4:1e:71:9b:41:2f:b4:fb:fe:d1:db:2c:67:14:ce:6f:
         52:87:2a:92:16:d5:79:2b:81:86:12:a5:07:35:98:10:3a:c8:
         ae:61:23:30:b2:30:0e:17:88:48:b3:38:9f:64:51:49:32:06:
         d4:36:e9:13:20:d8:eb:4a:4a:de:38:70:77:ea:4a:d7:f3:ba:
         e3:bc:d5:9a:02:3c:d0:95:00:d1:9b:bc:3e:e4:12:e0:76:c9:
         54:9b:5e:32:7a:8a:eb:c5:40:52:73:75:bc:d8:b6:04:a3:14:
         28:db:86:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCEekzyMwGDOiyyLEWtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ4ODgzNWIxZGZlYWQwOGNmMjcxYTZjYTExMGE0Nzg2ZjQ2YTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiYRgrFLLF6gHJRBJq/OGcSt5wwD
VzbVdJxF7nGHbeNSLTaaN2DQMNe3izas3SlAQn3PONHx/XSkhhUCadIkrOiSiNxh
M29HC9MtwFVrTNM6bCtPfXlgZaYWOGmPwGXk392twvMD1Xu4+9E5f8eKeJlvVwnd
Fq/otJvMLszgViHdEKscVXM345hjyaHFxpT1v5JsRaWu6U35mniGEk6XbEjjHphZ
uw/1X48/cCekyuKlBfHIZ233g8yFrBjufsAuFLm+zdTdmtrI6JHEXaROhU5or1fU
hGosOYGp2w9A3hEV8JJ6MgfIreIJolPsUjlHJPMZvpUuczJNmjrktikkWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFIiDWx3+rQjPJxpsoRCkeG9GqTMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvc1VpSU5iSGY2dENNOG5HbXloRUtSNGIwYXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUNWMA0G
CSqGSIb3DQEBCwUAA4IBAQAzxEi9aHENW5F9fwtrqE/KalzhEYeGry73eM5a50vZ
Cvy2os4KXr2sRwiRQEOlXEMGrYhKqXY02DqKxEa259DFyT3jyMVWDrBUtAXZzqLz
mCQ+5eXxySDUf2EaFbIw+9hY4KifMt7OJISNBalqe1bDlvgCVp0AhXPTL4RuR2nk
LfnuRgQc6JD66t2L7vTras2ioNQecZtBL7T7/tHbLGcUzm9ShyqSFtV5K4GGEqUH
NZgQOsiuYSMwsjAOF4hIszifZFFJMgbUNukTINjrSkreOHB36krX87rjvNWaAjzQ
lQDRm7w+5BLgdslUm14yeorrxUBSc3W82LYEoxQo24Yd
-----END CERTIFICATE-----