This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3ob0t-nOtvFmt9TVjlR1Prco0t0.roa
File:                     3ob0t-nOtvFmt9TVjlR1Prco0t0.roa (raw, json)
Hash identifier:          jJ7tVobMB94DtiRZWikVgCid5SUxgB4k0BwNVqLD34E=
Subject key identifier:   DE:86:F4:B7:E9:CE:B6:F1:66:B7:D4:D5:8E:54:75:3E:B7:28:D2:DD
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15ED7F072AD7ABBF894BF85F09F8FF
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3ob0t-nOtvFmt9TVjlR1Prco0t0.roa
Signing time:             Fri 02 Jan 2026 14:21:42 +0000
ROA not before:           Fri 02 Jan 2026 14:21:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206030
IP address blocks:        45.144.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:ed:7f:07:2a:d7:ab:bf:89:4b:f8:5f:09:f8:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de86f4b7e9ceb6f166b7d4d58e54753eb728d2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:d8:a0:8f:a9:2b:1d:56:41:d5:b9:0c:48:
                    dd:ed:e8:0c:10:ca:17:39:1d:e1:ea:bd:b3:85:c8:
                    83:c1:a5:1d:d5:cc:60:28:f7:ab:f1:b2:21:f7:68:
                    9d:3f:c1:e9:b8:5d:9c:3a:64:de:e8:c6:38:2e:e0:
                    8f:47:cc:b8:21:c2:8e:b3:21:9a:a7:33:f9:94:9d:
                    1f:20:b9:3d:d8:d0:1c:bb:37:68:ae:d3:ea:e0:30:
                    5d:d3:59:f0:d9:7d:0d:5a:0a:ba:e7:d0:1f:e0:ae:
                    52:cc:f9:f0:7d:81:bb:b0:43:c7:5d:13:6c:da:db:
                    97:4f:fc:20:3a:82:ab:f7:38:a9:02:2e:bf:3e:74:
                    9b:4e:85:8a:ad:d3:32:3b:73:ff:cb:41:b0:af:fe:
                    f2:1b:9b:f8:4c:16:8e:68:64:67:e8:c7:58:c5:ed:
                    a3:c5:e0:71:41:b3:ce:0e:e7:85:ca:2b:5a:f1:0a:
                    23:ed:1c:c2:19:b1:5a:33:2c:96:98:c5:ef:b8:31:
                    f0:8f:c7:21:3e:d0:e2:ea:65:15:45:78:18:0a:35:
                    4a:82:3e:19:2c:b7:89:49:2c:ef:da:7e:17:c4:b4:
                    3c:11:d1:4e:e6:e2:2e:48:35:74:26:52:0a:37:36:
                    ff:e7:50:6e:17:6d:f4:c6:a6:e0:86:9a:1b:00:6c:
                    52:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:86:F4:B7:E9:CE:B6:F1:66:B7:D4:D5:8E:54:75:3E:B7:28:D2:DD
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3ob0t-nOtvFmt9TVjlR1Prco0t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:14:61:bf:9a:88:04:f9:43:88:42:f7:75:ef:0f:76:80:a8:
         de:5f:51:fa:8c:1d:89:45:5a:da:5d:cb:e8:11:65:98:39:37:
         a6:4c:e1:c9:bb:26:fd:dd:94:b3:4b:9c:de:61:70:a4:08:5c:
         18:d1:a6:33:1d:5d:80:97:02:12:7f:d0:76:bf:38:2e:c2:27:
         82:c3:30:2f:12:4e:bf:90:67:9a:41:3d:33:df:e6:1d:eb:b4:
         d3:f5:8a:75:e3:47:94:c3:ae:d8:8c:8e:73:41:9e:0c:52:b6:
         9f:25:ff:0b:67:e2:bf:3c:02:68:8c:c4:50:17:35:9f:87:83:
         ff:b4:32:8d:b4:e2:45:a7:f1:51:de:b8:96:37:46:ee:4f:63:
         77:e8:8d:ef:7b:31:92:f0:ec:cf:be:43:7d:23:5a:4a:fc:e7:
         f8:a7:a4:b3:cd:43:3d:fa:cf:3b:10:07:f3:c6:6e:be:14:d6:
         fa:e9:de:08:12:2c:2c:a8:12:e9:8f:b0:33:25:d0:68:c8:ca:
         3c:00:55:7e:61:f9:f0:1a:f0:46:99:ef:8f:2a:50:cc:8f:0d:
         f8:7e:6d:42:9e:92:2e:be:cd:17:b7:50:ef:be:27:90:8c:c0:
         c9:01:a8:58:c1:7e:c5:0f:39:63:e7:63:9d:1b:e3:c0:c5:47:
         b6:e6:7d:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fe1/ByrXq7+JS/hfCfj/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg2ZjRiN2U5Y2ViNmYxNjZiN2Q0ZDU4ZTU0NzUzZWI3MjhkMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGDYoI+pKx1WQdW5DEjd7egMEMoX
OR3h6r2zhciDwaUd1cxgKPer8bIh92idP8HpuF2cOmTe6MY4LuCPR8y4IcKOsyGa
pzP5lJ0fILk92NAcuzdortPq4DBd01nw2X0NWgq659Af4K5SzPnwfYG7sEPHXRNs
2tuXT/wgOoKr9zipAi6/PnSbToWKrdMyO3P/y0Gwr/7yG5v4TBaOaGRn6MdYxe2j
xeBxQbPODueFyita8Qoj7RzCGbFaMyyWmMXvuDHwj8chPtDi6mUVRXgYCjVKgj4Z
LLeJSSzv2n4XxLQ8EdFO5uIuSDV0JlIKNzb/51BuF230xqbghpobAGxSfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6G9LfpzrbxZrfU1Y5UdT63KNLdMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM29iMHQtbk90dkZtdDlUVmpsUjFQcmNvMHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDVMA0G
CSqGSIb3DQEBCwUAA4IBAQBHFGG/mogE+UOIQvd17w92gKjeX1H6jB2JRVraXcvo
EWWYOTemTOHJuyb93ZSzS5zeYXCkCFwY0aYzHV2AlwISf9B2vzguwieCwzAvEk6/
kGeaQT0z3+Yd67TT9Yp140eUw67YjI5zQZ4MUrafJf8LZ+K/PAJojMRQFzWfh4P/
tDKNtOJFp/FR3riWN0buT2N36I3vezGS8OzPvkN9I1pK/Of4p6SzzUM9+s87EAfz
xm6+FNb66d4IEiwsqBLpj7AzJdBoyMo8AFV+YfnwGvBGme+PKlDMjw34fm1CnpIu
vs0Xt1DvvieQjMDJAahYwX7FDzlj52OdG+PAxUe25n0T
-----END CERTIFICATE-----