This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0DdKymcfQ6Tlb3tBBt3FZi0pTD4.roa
File:                     0DdKymcfQ6Tlb3tBBt3FZi0pTD4.roa (raw, json)
Hash identifier:          C1xKCAhtdTNCbc0KBZMum7ty+XmfvinF7N3oKQVSy9E=
Subject key identifier:   D0:37:4A:CA:67:1F:43:A4:E5:6F:7B:41:06:DD:C5:66:2D:29:4C:3E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82D571D6A2AAE4D9EC2D68EC11F960
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0DdKymcfQ6Tlb3tBBt3FZi0pTD4.roa
Signing time:             Fri 02 Jan 2026 16:20:39 +0000
ROA not before:           Fri 02 Jan 2026 16:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210848
IP address blocks:        45.140.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:d5:71:d6:a2:aa:e4:d9:ec:2d:68:ec:11:f9:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0374aca671f43a4e56f7b4106ddc5662d294c3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:49:a3:e1:1a:97:fb:25:e5:b6:4b:33:ae:55:
                    03:b4:2a:3e:6f:09:eb:5a:e1:ab:b7:bd:8d:a4:af:
                    2e:7e:06:06:48:fb:6f:14:f6:23:ab:b1:d7:3d:cd:
                    62:1b:46:67:b9:9f:12:80:8b:05:10:a2:37:3e:fb:
                    3f:77:36:71:13:c8:2f:99:e1:bd:f6:6b:48:20:bb:
                    d1:ff:78:ed:88:96:2b:1f:23:38:1c:43:03:be:05:
                    f2:2b:e9:87:86:d9:55:fe:d9:08:47:76:0e:97:fa:
                    9a:c3:9a:58:b2:89:dc:1d:9d:f7:40:59:92:12:f9:
                    d1:fd:19:35:47:d2:1d:b7:b5:e5:9f:5e:d9:35:12:
                    02:cb:ab:32:08:b1:2e:9f:6f:5a:7c:ee:0f:be:52:
                    0c:73:7d:24:6f:10:ec:aa:b8:60:d7:7c:75:da:76:
                    57:c1:51:b1:3a:5f:1b:76:7d:99:17:cc:5c:82:71:
                    aa:51:67:f7:42:cb:a0:4e:8e:0e:4c:62:4b:53:7d:
                    7f:51:df:85:21:e5:9d:ff:38:74:cc:43:28:6e:72:
                    dc:ad:f5:33:d8:7f:82:d8:cb:56:8c:07:df:f5:a7:
                    38:29:66:f4:32:0b:7f:c5:52:5a:20:d0:8f:43:e5:
                    e4:cf:6c:3b:d1:66:fa:cd:90:c8:80:9f:fb:e2:5e:
                    bf:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:37:4A:CA:67:1F:43:A4:E5:6F:7B:41:06:DD:C5:66:2D:29:4C:3E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0DdKymcfQ6Tlb3tBBt3FZi0pTD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0f:5c:10:12:4f:53:00:2e:4c:b3:5c:04:2d:bd:57:4f:9c:
         c6:38:c2:d4:81:37:be:9a:26:b3:46:67:d8:1f:e0:bf:97:20:
         25:05:9b:f3:0b:f0:8a:1d:16:78:ef:e9:b6:5a:b4:62:43:84:
         c1:23:aa:4c:96:67:28:7a:6e:e1:a8:b7:75:13:90:33:4e:dd:
         88:68:3c:41:b1:fc:d2:ff:4d:92:55:de:1c:cc:c8:a1:56:a4:
         70:0a:fd:0b:f9:f0:90:bb:5e:4b:01:bb:0d:47:37:1b:37:9c:
         04:a8:0c:d0:e5:94:5c:46:ee:a3:98:6e:b6:85:a6:43:db:35:
         23:54:65:bf:9d:bb:94:e6:7e:51:a1:cc:e7:0f:b3:7b:f8:10:
         25:37:e6:49:24:36:8e:87:cd:a1:b7:37:01:f0:ed:e7:51:44:
         e3:bd:9b:58:03:6e:cf:97:9f:42:69:f9:a5:c0:05:9b:ac:be:
         04:b6:d4:04:ef:56:35:05:51:72:b3:ec:1d:23:b5:7f:e8:2b:
         82:6d:3f:e0:04:7e:48:04:8b:94:a4:a3:c4:c0:ef:e4:47:bc:
         68:31:65:c1:da:f4:cf:26:16:0d:08:ee:fe:5e:2b:07:38:88:
         a9:e6:8a:eb:58:db:8e:55:e5:da:df:82:73:ee:85:f9:21:a4:
         f6:48:56:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gtVx1qKq5NnsLWjsEflgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDM3NGFjYTY3MWY0M2E0ZTU2ZjdiNDEwNmRkYzU2NjJkMjk0YzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEmj4RqX+yXltkszrlUDtCo+bwnr
WuGrt72NpK8ufgYGSPtvFPYjq7HXPc1iG0ZnuZ8SgIsFEKI3Pvs/dzZxE8gvmeG9
9mtIILvR/3jtiJYrHyM4HEMDvgXyK+mHhtlV/tkIR3YOl/qaw5pYsoncHZ33QFmS
EvnR/Rk1R9Idt7Xln17ZNRICy6syCLEun29afO4PvlIMc30kbxDsqrhg13x12nZX
wVGxOl8bdn2ZF8xcgnGqUWf3QsugTo4OTGJLU31/Ud+FIeWd/zh0zEMobnLcrfUz
2H+C2MtWjAff9ac4KWb0Mgt/xVJaINCPQ+Xkz2w70Wb6zZDIgJ/74l6/BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNA3SspnH0Ok5W97QQbdxWYtKUw+MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMERkS3ltY2ZRNlRsYjN0QkJ0M0ZaaTBwVEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzfMA0G
CSqGSIb3DQEBCwUAA4IBAQATD1wQEk9TAC5Ms1wELb1XT5zGOMLUgTe+miazRmfY
H+C/lyAlBZvzC/CKHRZ47+m2WrRiQ4TBI6pMlmcoem7hqLd1E5AzTt2IaDxBsfzS
/02SVd4czMihVqRwCv0L+fCQu15LAbsNRzcbN5wEqAzQ5ZRcRu6jmG62haZD2zUj
VGW/nbuU5n5RocznD7N7+BAlN+ZJJDaOh82htzcB8O3nUUTjvZtYA27Pl59Cafml
wAWbrL4EttQE71Y1BVFys+wdI7V/6CuCbT/gBH5IBIuUpKPEwO/kR7xoMWXB2vTP
JhYNCO7+XisHOIip5orrWNuOVeXa34Jz7oX5IaT2SFat
-----END CERTIFICATE-----