This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/fd8bJA8DM-0zr8RLGfMJuFRYj1U.roa
File:                     fd8bJA8DM-0zr8RLGfMJuFRYj1U.roa (raw, json)
Hash identifier:          AOSETmD6hQ/zex92QpyDr+KfP3AtnIbAXfSo/7qIWOQ=
Subject key identifier:   7D:DF:1B:24:0F:03:33:ED:33:AF:C4:4B:19:F3:09:B8:54:58:8F:55
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       019B7D5C9BC42F7A17780651129B3B28C269
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/fd8bJA8DM-0zr8RLGfMJuFRYj1U.roa
Signing time:             Fri 02 Jan 2026 06:19:39 +0000
ROA not before:           Fri 02 Jan 2026 06:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199058
IP address blocks:        45.129.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:9b:c4:2f:7a:17:78:06:51:12:9b:3b:28:c2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 06:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ddf1b240f0333ed33afc44b19f309b854588f55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c9:74:88:f5:4d:8b:d2:59:18:22:96:e5:3b:
                    2e:2d:56:1b:b1:75:81:51:7a:1d:33:ac:68:7d:b3:
                    40:d8:4f:21:75:9f:bc:2b:9c:c7:1c:05:38:eb:05:
                    ae:51:55:a1:37:87:57:16:07:48:0c:fd:a9:48:ed:
                    e3:22:39:46:9e:14:56:dc:b0:a5:de:00:30:69:1e:
                    8a:af:3b:03:f4:53:6e:e7:51:01:88:35:8c:a3:d5:
                    f5:93:b2:10:59:69:e6:53:b9:38:ca:ba:88:a5:67:
                    fa:a4:7f:79:fc:ed:92:22:6e:2e:b0:1d:b8:f1:be:
                    71:84:8e:1b:06:36:ae:df:45:40:77:9b:23:a6:ac:
                    82:ed:c6:ec:81:2f:71:8e:b2:32:c4:4b:1c:8f:56:
                    9b:ea:d8:80:b8:54:f5:ba:9e:f5:bb:ea:d6:90:c7:
                    a5:44:2a:75:b1:ee:95:df:0a:47:89:6b:e4:94:d0:
                    4e:49:2d:7a:3c:6b:4c:50:a1:3a:c9:d0:55:93:50:
                    ba:58:ff:5a:f4:15:f7:cb:f6:85:65:40:14:f2:20:
                    24:71:a1:12:e4:d0:2c:c4:25:24:96:17:49:a8:87:
                    c1:81:69:19:1d:e6:0a:c8:3d:64:e8:c9:c1:94:fd:
                    a0:5e:7a:f0:b5:73:03:93:40:1f:f3:26:9e:c3:aa:
                    d0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DF:1B:24:0F:03:33:ED:33:AF:C4:4B:19:F3:09:B8:54:58:8F:55
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/fd8bJA8DM-0zr8RLGfMJuFRYj1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:91:93:be:e5:c7:92:bc:f0:af:f0:24:00:fc:8d:c3:58:88:
         da:21:91:0d:f1:66:f1:da:3f:60:b8:e9:db:61:e2:27:64:f5:
         38:59:fc:47:1d:3e:cd:74:4e:b1:19:66:c1:21:21:53:72:ca:
         eb:1c:10:00:6c:ef:73:32:e4:ab:aa:7f:c1:87:29:1c:44:16:
         1e:3b:b2:61:19:89:33:36:d5:64:f7:7c:cd:df:74:6a:50:22:
         c7:d0:23:ee:d3:f9:60:b5:86:cf:64:d4:95:a0:17:2e:d1:d2:
         72:d4:3e:fb:73:7b:80:68:2b:c9:4d:6b:9c:11:2d:fc:dd:72:
         4f:27:11:b1:52:c8:61:bd:2d:24:3c:b7:b2:38:57:e5:6a:32:
         2f:17:09:93:23:09:e3:21:ad:e6:bb:3a:dd:d1:6a:a4:32:83:
         26:f4:1a:6d:ab:e3:cf:23:04:f6:d5:3f:37:2e:52:d8:74:93:
         89:33:c2:69:dc:cb:0d:1d:54:16:bc:e6:ce:0c:70:7d:1b:25:
         1c:e2:23:e2:03:61:4c:ad:7c:9f:f9:80:64:22:ce:8d:76:d2:
         a1:68:d6:7d:c5:80:b0:bd:9b:54:17:7e:d7:1b:e3:8c:c8:3c:
         00:ac:df:73:62:21:c3:87:38:8d:5c:a0:a3:a5:74:39:89:c1:
         88:2c:1f:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XJvEL3oXeAZREps7KMJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjYwMTAyMDYxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRmMWIyNDBmMDMzM2VkMzNhZmM0NGIxOWYzMDliODU0NTg4ZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsl0iPVNi9JZGCKW5TsuLVYbsXWB
UXodM6xofbNA2E8hdZ+8K5zHHAU46wWuUVWhN4dXFgdIDP2pSO3jIjlGnhRW3LCl
3gAwaR6KrzsD9FNu51EBiDWMo9X1k7IQWWnmU7k4yrqIpWf6pH95/O2SIm4usB24
8b5xhI4bBjau30VAd5sjpqyC7cbsgS9xjrIyxEscj1ab6tiAuFT1up71u+rWkMel
RCp1se6V3wpHiWvklNBOSS16PGtMUKE6ydBVk1C6WP9a9BX3y/aFZUAU8iAkcaES
5NAsxCUklhdJqIfBgWkZHeYKyD1k6MnBlP2gXnrwtXMDk0Af8yaew6rQ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3fGyQPAzPtM6/ESxnzCbhUWI9VMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvZmQ4YkpBOERNLTB6cjhSTEdmTUp1RlJZajFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYHyMA0G
CSqGSIb3DQEBCwUAA4IBAQArkZO+5ceSvPCv8CQA/I3DWIjaIZEN8Wbx2j9guOnb
YeInZPU4WfxHHT7NdE6xGWbBISFTcsrrHBAAbO9zMuSrqn/BhykcRBYeO7JhGYkz
NtVk93zN33RqUCLH0CPu0/lgtYbPZNSVoBcu0dJy1D77c3uAaCvJTWucES383XJP
JxGxUshhvS0kPLeyOFflajIvFwmTIwnjIa3muzrd0WqkMoMm9Bptq+PPIwT21T83
LlLYdJOJM8Jp3MsNHVQWvObODHB9GyUc4iPiA2FMrXyf+YBkIs6NdtKhaNZ9xYCw
vZtUF37XG+OMyDwArN9zYiHDhziNXKCjpXQ5icGILB9m
-----END CERTIFICATE-----