This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qQA3Xo9mXGdG_04ikNcLkHHF-CA.roa
File:                     qQA3Xo9mXGdG_04ikNcLkHHF-CA.roa (raw, json)
Hash identifier:          83PBwFnMBOnfaZi07rNAk4siNaPKlsYHWe2KYUhV8zM=
Subject key identifier:   A9:00:37:5E:8F:66:5C:67:46:FF:4E:22:90:D7:0B:90:71:C5:F8:20
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15F6DFD1DC0CC30C8A965F190E1CD0
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qQA3Xo9mXGdG_04ikNcLkHHF-CA.roa
Signing time:             Fri 02 Jan 2026 14:21:44 +0000
ROA not before:           Fri 02 Jan 2026 14:21:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214943
IP address blocks:        45.132.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:f6:df:d1:dc:0c:c3:0c:8a:96:5f:19:0e:1c:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a900375e8f665c6746ff4e2290d70b9071c5f820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e5:5d:ed:be:52:20:99:8a:2a:8e:79:e4:7b:
                    31:87:49:dc:cf:44:bf:06:37:a4:09:73:e7:42:db:
                    f2:83:eb:60:95:06:a2:fa:23:fe:89:89:a2:b4:f5:
                    54:88:d5:43:80:da:f3:bd:dd:79:14:ac:46:12:81:
                    b3:a7:d7:72:ee:a8:55:87:4b:cc:9e:f9:ce:11:d2:
                    97:3a:c8:12:81:72:42:28:b4:12:23:2f:57:02:8e:
                    47:b9:f6:5a:88:a6:5d:da:cb:6d:ae:04:ac:e8:64:
                    57:59:2e:3e:8d:7b:ba:aa:fc:2e:96:74:a3:94:ce:
                    dd:e2:01:a7:7d:c7:ac:51:d9:9b:a1:d7:46:53:90:
                    d3:1d:52:20:45:ef:cb:4a:5d:8f:ea:46:d6:b4:18:
                    e4:aa:6c:52:4e:c7:c3:f7:76:f9:d7:b2:be:e4:ae:
                    fc:18:3b:2a:65:0d:aa:5a:84:11:cd:f6:9c:07:fd:
                    cf:81:44:65:90:ad:3e:18:12:86:7d:e6:b9:40:e2:
                    5f:65:67:77:a5:21:81:53:2a:0a:c1:f7:b4:c8:a0:
                    4c:d3:34:7e:b2:11:ad:fd:ce:c1:ba:8e:2a:6e:a9:
                    eb:b0:80:f4:4f:69:67:ee:13:d9:05:41:13:0f:87:
                    d8:53:33:5b:2f:a1:4c:a7:9b:9a:5a:4e:da:70:d2:
                    5d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:00:37:5E:8F:66:5C:67:46:FF:4E:22:90:D7:0B:90:71:C5:F8:20
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qQA3Xo9mXGdG_04ikNcLkHHF-CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:5e:64:17:8f:0a:9a:a5:45:e5:01:9a:c8:f2:ab:40:3a:08:
         bc:29:1b:5a:9c:62:44:b5:d6:97:d9:f3:d2:1d:78:fe:a3:bd:
         8c:74:23:04:5b:6e:51:32:a0:0a:72:f4:b5:49:1f:3f:3c:4a:
         ab:03:3c:cb:87:c7:4f:be:31:e6:28:6d:f5:5a:08:48:e5:85:
         39:e6:25:ff:d4:dd:9f:ac:5a:13:9e:9d:fa:16:02:a1:92:0d:
         de:7d:91:02:ca:9a:93:a8:25:4b:93:37:c5:24:85:db:9d:99:
         f1:02:58:6e:d6:e8:b7:df:d5:56:59:4b:9e:c7:d0:02:9d:2e:
         27:ba:18:d7:97:56:5c:6a:f0:40:74:0c:ba:2e:66:0e:0c:38:
         c0:bc:9d:9d:a3:3c:c0:a3:52:c8:d9:20:ea:dd:9e:15:67:3d:
         16:b9:f2:d6:e3:2a:96:53:d7:e3:83:4f:5f:7a:c6:44:32:b0:
         b2:12:06:cf:64:31:d0:5e:e5:bf:a9:4c:e3:4b:f2:17:3a:46:
         ad:a2:8e:9e:44:8e:79:48:69:b9:62:21:c1:58:e0:03:03:93:
         84:c9:f7:71:a2:65:63:8f:5a:4f:5a:2f:66:4a:3b:27:bf:e8:
         f8:95:91:cb:41:66:f1:c0:d4:70:cf:5e:e6:1e:7c:a3:71:30:
         fe:19:a1:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Ffbf0dwMwwyKll8ZDhzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTAwMzc1ZThmNjY1YzY3NDZmZjRlMjI5MGQ3MGI5MDcxYzVmODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uVd7b5SIJmKKo555Hsxh0ncz0S/
BjekCXPnQtvyg+tglQai+iP+iYmitPVUiNVDgNrzvd15FKxGEoGzp9dy7qhVh0vM
nvnOEdKXOsgSgXJCKLQSIy9XAo5HufZaiKZd2sttrgSs6GRXWS4+jXu6qvwulnSj
lM7d4gGnfcesUdmboddGU5DTHVIgRe/LSl2P6kbWtBjkqmxSTsfD93b517K+5K78
GDsqZQ2qWoQRzfacB/3PgURlkK0+GBKGfea5QOJfZWd3pSGBUyoKwfe0yKBM0zR+
shGt/c7Buo4qbqnrsID0T2ln7hPZBUETD4fYUzNbL6FMp5uaWk7acNJdpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkAN16PZlxnRv9OIpDXC5BxxfggMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcVFBM1hvOW1YR2RHXzA0aWtOY0xrSEhGLUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYS0MA0G
CSqGSIb3DQEBCwUAA4IBAQAxXmQXjwqapUXlAZrI8qtAOgi8KRtanGJEtdaX2fPS
HXj+o72MdCMEW25RMqAKcvS1SR8/PEqrAzzLh8dPvjHmKG31WghI5YU55iX/1N2f
rFoTnp36FgKhkg3efZECypqTqCVLkzfFJIXbnZnxAlhu1ui339VWWUuex9ACnS4n
uhjXl1ZcavBAdAy6LmYODDjAvJ2dozzAo1LI2SDq3Z4VZz0WufLW4yqWU9fjg09f
esZEMrCyEgbPZDHQXuW/qUzjS/IXOkatoo6eRI55SGm5YiHBWOADA5OEyfdxomVj
j1pPWi9mSjsnv+j4lZHLQWbxwNRwz17mHnyjcTD+GaEg
-----END CERTIFICATE-----