This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/G9sDf9byfP-xIE0JrM4gcDTLusQ.roa
File:                     G9sDf9byfP-xIE0JrM4gcDTLusQ.roa (raw, json)
Hash identifier:          wPtxo4SM20u3zc+gzf0hMpHMoaS8f0x78jXKfdDu4jk=
Subject key identifier:   1B:DB:03:7F:D6:F2:7C:FF:B1:20:4D:09:AC:CE:20:70:34:CB:BA:C4
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019B7EA7564C526D791612BCD7879FF1A733
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/G9sDf9byfP-xIE0JrM4gcDTLusQ.roa
Signing time:             Fri 02 Jan 2026 12:20:54 +0000
ROA not before:           Fri 02 Jan 2026 12:20:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        45.88.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 Jan 2026 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:56:4c:52:6d:79:16:12:bc:d7:87:9f:f1:a7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  2 12:20:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bdb037fd6f27cffb1204d09acce207034cbbac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:57:3b:69:58:2e:27:55:ac:2a:09:49:b3:cc:
                    45:84:1c:af:ac:ee:ef:5f:a0:8d:e7:d5:a3:db:6e:
                    81:16:07:4f:40:a1:eb:86:1c:ab:04:2a:7a:22:20:
                    02:d5:54:f7:5d:e9:ed:a7:55:d0:b1:32:0b:3a:89:
                    0e:f8:59:25:60:d1:c8:81:37:b0:4a:ed:3c:1a:0b:
                    89:d7:a6:ad:03:de:b1:58:14:10:3f:e7:9f:19:85:
                    24:50:b6:1f:78:82:2f:36:89:c6:6c:89:7b:2b:1b:
                    ed:ef:38:57:ab:5d:83:fe:08:73:c5:73:dc:9d:39:
                    67:d1:ba:49:ef:52:40:45:ae:8a:fe:ec:62:52:c7:
                    1c:8c:da:04:ff:6f:46:44:20:a5:72:30:f6:8c:d2:
                    b3:2b:7f:3c:fd:1d:67:b1:a9:2f:04:26:37:48:4e:
                    8e:2a:8a:36:f5:9c:ce:a1:18:97:fc:47:d1:45:f6:
                    a7:11:b4:8f:ae:9a:33:fe:6a:49:2f:67:87:0d:e9:
                    fa:70:c2:ba:fe:e6:87:a6:db:b6:ef:f1:ad:33:34:
                    d9:c7:cc:4d:94:5c:18:6f:27:14:e4:f9:9d:58:86:
                    7e:6a:b4:5d:f0:b5:9b:87:ef:80:0f:83:3c:c5:0f:
                    7e:b6:c3:fc:cb:4b:3c:7d:38:4a:c6:5f:d5:5c:7a:
                    f3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:DB:03:7F:D6:F2:7C:FF:B1:20:4D:09:AC:CE:20:70:34:CB:BA:C4
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/G9sDf9byfP-xIE0JrM4gcDTLusQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:b7:1f:55:f1:43:3b:af:ad:07:cb:2b:2b:61:3d:39:7c:64:
         4d:6f:c2:30:55:6d:cf:d8:6c:56:cb:e5:c8:ae:2d:00:a5:9b:
         93:1c:be:cd:2e:48:59:45:fa:b6:e8:5d:78:e8:3d:c2:07:b7:
         a5:3c:1a:e4:5a:71:08:bc:14:63:16:0c:16:0b:c8:54:17:6a:
         2c:9a:12:90:c6:42:e5:0b:34:c0:c2:fa:e1:ba:56:9d:48:05:
         16:dd:0d:63:fc:68:a5:b5:e9:93:60:1f:8a:60:f1:fc:cb:7b:
         88:4c:64:24:0f:f1:6f:24:42:7d:4d:c0:02:1c:4a:60:3e:10:
         0e:2e:59:a0:0d:5b:35:65:8c:9f:6b:b8:af:ec:49:d4:c1:63:
         b5:b0:37:8c:ca:11:93:32:7a:f7:04:72:6e:55:46:c6:61:bb:
         34:f9:46:ef:a9:54:26:5d:05:50:c3:23:47:ab:3d:17:2a:8a:
         20:c6:d8:aa:6e:3b:11:21:24:99:ad:ec:86:06:32:22:c2:aa:
         d3:2f:f5:1d:52:e4:e0:8e:cb:62:84:a0:ed:b1:10:58:11:5f:
         8a:1b:e5:f4:43:38:c2:f7:84:ef:d0:4a:2b:a1:d4:b6:7f:af:
         3b:b8:f3:f6:39:26:4a:98:f4:7f:ae:db:1e:52:39:e3:98:d3:
         9c:41:84:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+p1ZMUm15FhK814ef8aczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMTAyMTIyMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmRiMDM3ZmQ2ZjI3Y2ZmYjEyMDRkMDlhY2NlMjA3MDM0Y2JiYWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVc7aVguJ1WsKglJs8xFhByvrO7v
X6CN59Wj226BFgdPQKHrhhyrBCp6IiAC1VT3Xentp1XQsTILOokO+FklYNHIgTew
Su08GguJ16atA96xWBQQP+efGYUkULYfeIIvNonGbIl7Kxvt7zhXq12D/ghzxXPc
nTln0bpJ71JARa6K/uxiUsccjNoE/29GRCClcjD2jNKzK388/R1nsakvBCY3SE6O
Koo29ZzOoRiX/EfRRfanEbSPrpoz/mpJL2eHDen6cMK6/uaHptu27/GtMzTZx8xN
lFwYbycU5PmdWIZ+arRd8LWbh++AD4M8xQ9+tsP8y0s8fThKxl/VXHrzjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvbA3/W8nz/sSBNCazOIHA0y7rEMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRzlzRGY5YnlmUC14SUUwSnJNNGdjRFRMdXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLViQMA0G
CSqGSIb3DQEBCwUAA4IBAQAvtx9V8UM7r60HyysrYT05fGRNb8IwVW3P2GxWy+XI
ri0ApZuTHL7NLkhZRfq26F146D3CB7elPBrkWnEIvBRjFgwWC8hUF2osmhKQxkLl
CzTAwvrhuladSAUW3Q1j/GiltemTYB+KYPH8y3uITGQkD/FvJEJ9TcACHEpgPhAO
LlmgDVs1ZYyfa7iv7EnUwWO1sDeMyhGTMnr3BHJuVUbGYbs0+UbvqVQmXQVQwyNH
qz0XKoogxtiqbjsRISSZreyGBjIiwqrTL/UdUuTgjstihKDtsRBYEV+KG+X0QzjC
94Tv0EorodS2f687uPP2OSZKmPR/rtseUjnjmNOcQYTJ
-----END CERTIFICATE-----