This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k87sNHxOZB0u18OwYsXEBemu4dU.roa
File:                     k87sNHxOZB0u18OwYsXEBemu4dU.roa (raw, json)
Hash identifier:          XfAN3Tu+IWsiVrppeUbbCcT/u67gGMin+V6kpwlyFAs=
Subject key identifier:   93:CE:EC:34:7C:4E:64:1D:2E:D7:C3:B0:62:C5:C4:05:E9:AE:E1:D5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019B7E394FD0E71DAC530CE059918A613A74
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k87sNHxOZB0u18OwYsXEBemu4dU.roa
Signing time:             Fri 02 Jan 2026 10:20:43 +0000
ROA not before:           Fri 02 Jan 2026 10:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210558
IP address blocks:        45.154.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:4f:d0:e7:1d:ac:53:0c:e0:59:91:8a:61:3a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 10:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93ceec347c4e641d2ed7c3b062c5c405e9aee1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5d:e2:6a:5b:ff:16:12:c7:5b:a5:1a:21:ab:
                    fa:76:be:5a:1e:f8:bd:64:13:8d:a7:c7:a0:39:43:
                    32:5c:38:b0:7f:60:c8:b4:33:94:fc:66:23:91:74:
                    d5:46:65:8a:e8:61:36:a6:d7:50:f5:dd:23:0d:73:
                    41:8a:80:63:19:4d:f4:15:b9:48:e2:f3:72:d2:62:
                    92:82:fe:51:51:48:ff:19:94:aa:de:dd:34:cf:91:
                    b5:d4:b8:50:ed:46:cd:ab:f8:48:9c:d0:6b:dc:47:
                    fd:b3:2d:59:11:31:c1:e7:26:05:a6:94:de:38:c1:
                    2a:44:ef:96:dd:01:96:a3:b0:93:69:77:79:9c:c3:
                    5d:10:dc:bf:da:ef:66:32:e2:aa:40:74:ec:bd:f7:
                    e2:c0:24:68:92:60:6d:41:a0:98:2d:80:fa:18:fc:
                    5b:66:d7:8e:d8:8f:35:76:90:ea:59:79:27:43:c8:
                    be:ae:8b:0f:69:b7:08:ed:41:a1:d1:43:b4:2f:88:
                    5f:27:b1:10:5e:a4:85:48:81:7a:d2:51:0c:83:3f:
                    7a:5f:04:cb:27:de:e4:29:31:ff:df:13:e5:65:e3:
                    ce:89:9b:b1:df:d8:1f:80:ec:9b:6f:2b:af:55:1f:
                    3d:f7:8e:2b:f3:08:89:4d:61:3c:2c:b6:98:e7:a6:
                    0c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CE:EC:34:7C:4E:64:1D:2E:D7:C3:B0:62:C5:C4:05:E9:AE:E1:D5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k87sNHxOZB0u18OwYsXEBemu4dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:4a:8a:6e:59:c4:22:ea:97:fd:37:d9:c5:32:1a:9a:e8:43:
         01:18:02:96:25:68:fa:d5:76:5a:8f:32:9b:11:95:d6:6a:7c:
         1d:de:78:c5:54:d1:6b:b9:a9:69:c4:cf:68:ea:3b:df:7e:a6:
         6c:ff:9a:57:99:87:bb:84:24:3b:f9:6c:46:3f:21:97:30:b8:
         93:dc:fa:ea:af:ad:f9:a6:33:68:22:a4:53:01:0a:20:44:35:
         d6:60:07:ed:72:ec:51:c4:a7:b2:4e:fb:b8:37:62:75:1e:31:
         b4:ca:75:bc:a1:c5:11:1c:57:21:d5:6c:eb:77:af:ef:4c:b5:
         e4:66:59:66:06:3b:bc:b2:30:2e:58:a8:90:d1:c4:c6:23:89:
         29:05:d2:5e:19:c7:67:9a:44:37:46:0e:15:89:c6:df:e2:43:
         74:be:91:eb:4d:bb:15:bd:3a:2f:5a:f2:c0:42:b6:29:83:d5:
         c2:1e:b6:c8:f6:5c:64:7d:7c:4f:6e:d6:9c:a7:b1:0e:a2:bf:
         a6:b9:d6:d2:18:43:6d:f6:13:16:67:8a:79:4a:c8:2e:88:cf:
         57:c0:a2:fe:dd:78:64:cf:58:47:f7:eb:19:dd:26:60:43:68:
         d5:16:6d:c6:8f:dd:ff:9f:dd:bc:be:0a:d2:74:04:68:a7:f3:
         7c:22:ec:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OU/Q5x2sUwzgWZGKYTp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTAyMTAyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NlZWMzNDdjNGU2NDFkMmVkN2MzYjA2MmM1YzQwNWU5YWVlMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5F3ialv/FhLHW6UaIav6dr5aHvi9
ZBONp8egOUMyXDiwf2DItDOU/GYjkXTVRmWK6GE2ptdQ9d0jDXNBioBjGU30FblI
4vNy0mKSgv5RUUj/GZSq3t00z5G11LhQ7UbNq/hInNBr3Ef9sy1ZETHB5yYFppTe
OMEqRO+W3QGWo7CTaXd5nMNdENy/2u9mMuKqQHTsvffiwCRokmBtQaCYLYD6GPxb
ZteO2I81dpDqWXknQ8i+rosPabcI7UGh0UO0L4hfJ7EQXqSFSIF60lEMgz96XwTL
J97kKTH/3xPlZePOiZux39gfgOybbyuvVR89944r8wiJTWE8LLaY56YMRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPO7DR8TmQdLtfDsGLFxAXpruHVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvazg3c05IeE9aQjB1MThPd1lzWEVCZW11NGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZpiMA0G
CSqGSIb3DQEBCwUAA4IBAQAOSopuWcQi6pf9N9nFMhqa6EMBGAKWJWj61XZajzKb
EZXWanwd3njFVNFrualpxM9o6jvffqZs/5pXmYe7hCQ7+WxGPyGXMLiT3Prqr635
pjNoIqRTAQogRDXWYAftcuxRxKeyTvu4N2J1HjG0ynW8ocURHFch1Wzrd6/vTLXk
ZllmBju8sjAuWKiQ0cTGI4kpBdJeGcdnmkQ3Rg4Vicbf4kN0vpHrTbsVvTovWvLA
QrYpg9XCHrbI9lxkfXxPbtacp7EOor+mudbSGENt9hMWZ4p5SsguiM9XwKL+3Xhk
z1hH9+sZ3SZgQ2jVFm3Gj93/n928vgrSdARop/N8Iuwt
-----END CERTIFICATE-----