This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/ANo9L73aObGqzdP0orWNPP3485k.roa
File:                     ANo9L73aObGqzdP0orWNPP3485k.roa (raw, json)
Hash identifier:          Q3dDG3+jQe8HP6goxHrxtXjwKKzMb7l9p077g0BZffQ=
Subject key identifier:   00:DA:3D:2F:BD:DA:39:B1:AA:CD:D3:F4:A2:B5:8D:3C:FD:F8:F3:99
Certificate issuer:       /CN=460d3149fc50ca9797f50fde9e02a083134c5019
Certificate serial:       019B7910215F4B0A3669F6700EC5B44D57AE
Authority key identifier: 46:0D:31:49:FC:50:CA:97:97:F5:0F:DE:9E:02:A0:83:13:4C:50:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/ANo9L73aObGqzdP0orWNPP3485k.roa
Signing time:             Thu 01 Jan 2026 10:17:38 +0000
ROA not before:           Thu 01 Jan 2026 10:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8873
IP address blocks:        45.154.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:21:5f:4b:0a:36:69:f6:70:0e:c5:b4:4d:57:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=460d3149fc50ca9797f50fde9e02a083134c5019
        Validity
            Not Before: Jan  1 10:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00da3d2fbdda39b1aacdd3f4a2b58d3cfdf8f399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:91:d1:52:81:47:5a:b4:5d:77:b0:c1:98:f9:
                    5a:6a:e5:3f:ca:87:33:7d:1b:22:a7:fa:79:e8:63:
                    b5:0e:5f:d8:9a:28:ef:47:db:58:98:54:20:aa:71:
                    6a:75:8b:fb:de:02:fb:05:9d:41:ba:22:ca:ba:92:
                    ef:61:2f:1d:bb:c8:e2:b5:bb:60:9e:07:0f:e5:6f:
                    07:b3:6e:2f:9a:c2:df:5d:11:97:74:0e:d3:00:6c:
                    a8:17:81:7e:6a:88:53:71:12:00:50:74:74:04:0f:
                    77:16:2a:43:45:7b:1b:38:2d:d7:eb:30:48:0e:1b:
                    e3:de:b6:53:d0:59:3f:17:93:b9:81:ab:4a:f9:5c:
                    b0:0d:9e:d2:2b:f0:f1:ce:aa:e2:01:e3:73:52:25:
                    f6:3f:ff:37:24:a5:33:d5:fd:6a:91:04:19:17:f7:
                    e5:dd:c4:bc:21:0b:ed:0a:af:cf:21:83:7d:75:54:
                    79:49:bb:5f:53:b8:43:79:d5:ff:0a:9e:c9:df:cc:
                    3d:64:81:03:ca:95:f7:e2:de:73:fc:35:fe:c6:2f:
                    94:8f:a1:c4:b0:39:c1:b9:50:89:bf:e4:0c:ff:85:
                    fa:04:82:0e:2d:cb:a6:08:5c:b3:b9:d5:4a:a3:80:
                    06:a5:1d:3d:7b:70:76:97:ba:6c:6c:cf:94:cc:5f:
                    95:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DA:3D:2F:BD:DA:39:B1:AA:CD:D3:F4:A2:B5:8D:3C:FD:F8:F3:99
            X509v3 Authority Key Identifier:
                keyid:46:0D:31:49:FC:50:CA:97:97:F5:0F:DE:9E:02:A0:83:13:4C:50:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/ANo9L73aObGqzdP0orWNPP3485k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:e9:c2:01:48:8e:fa:ea:40:40:48:19:56:e0:5c:5b:10:28:
         45:43:4a:5c:eb:fa:3d:54:ac:69:b8:db:2f:21:40:d4:2d:c1:
         69:e0:ef:0b:87:f0:56:8c:50:f1:e0:fe:cc:75:b0:b4:2d:46:
         c3:87:f8:51:34:09:a4:c4:23:28:35:35:fa:5e:79:21:46:6b:
         ba:91:e9:31:00:90:b8:0e:43:85:03:af:2d:ec:61:81:f2:12:
         8c:b8:66:42:56:0f:95:e3:0a:90:bf:ae:2e:19:bd:3b:8c:e3:
         f6:17:25:11:8a:1c:7f:30:f1:f9:0d:10:5b:8f:be:e5:c5:f8:
         4f:7c:a4:87:73:0c:16:21:66:15:e6:03:0d:a3:88:ae:b3:74:
         a3:12:7b:7b:d1:fe:1b:19:1a:9d:c2:17:58:07:ea:da:85:3e:
         8a:a7:f5:f5:80:ff:27:63:c7:43:5a:4a:a3:79:7c:47:8e:39:
         47:d9:51:a7:cc:ac:df:1f:5e:c1:19:86:a3:c9:21:ac:e0:e8:
         93:36:90:02:bd:de:93:d1:a7:13:11:04:b2:fc:de:d3:62:d9:
         5a:3e:8d:e8:0b:f2:17:d1:bf:c4:63:a0:20:d2:b7:bd:d7:42:
         b5:4d:8a:6b:50:ff:24:e9:36:19:b6:ac:37:ce:b8:4c:a2:55:
         04:13:d8:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECFfSwo2afZwDsW0TVeuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MGQzMTQ5ZmM1MGNhOTc5N2Y1MGZkZTllMDJhMDgzMTM0
YzUwMTkwHhcNMjYwMTAxMTAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRhM2QyZmJkZGEzOWIxYWFjZGQzZjRhMmI1OGQzY2ZkZjhmMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5HRUoFHWrRdd7DBmPlaauU/yocz
fRsip/p56GO1Dl/YmijvR9tYmFQgqnFqdYv73gL7BZ1BuiLKupLvYS8du8jitbtg
ngcP5W8Hs24vmsLfXRGXdA7TAGyoF4F+aohTcRIAUHR0BA93FipDRXsbOC3X6zBI
Dhvj3rZT0Fk/F5O5gatK+VywDZ7SK/DxzqriAeNzUiX2P/83JKUz1f1qkQQZF/fl
3cS8IQvtCq/PIYN9dVR5SbtfU7hDedX/Cp7J38w9ZIEDypX34t5z/DX+xi+Uj6HE
sDnBuVCJv+QM/4X6BIIOLcumCFyzudVKo4AGpR09e3B2l7psbM+UzF+VgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADaPS+92jmxqs3T9KK1jTz9+POZMB8GA1UdIwQY
MBaAFEYNMUn8UMqXl/UP3p4CoIMTTFAZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmcweFNmeFF5cGVYOVFfZW5nS2dneE5NVUJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wMTYyNDYtMzc2Yy00NzI1LTgwYWUt
NzViZDk0NmE3MzU1LzEvQU5vOUw3M2FPYkdxemRQMG9yV05QUDM0ODVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wMTYyNDYtMzc2Yy00NzI1LTgwYWUtNzViZDk0NmE3MzU1
LzEvUmcweFNmeFF5cGVYOVFfZW5nS2dneE5NVUJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZocMA0G
CSqGSIb3DQEBCwUAA4IBAQCH6cIBSI766kBASBlW4FxbEChFQ0pc6/o9VKxpuNsv
IUDULcFp4O8Lh/BWjFDx4P7MdbC0LUbDh/hRNAmkxCMoNTX6XnkhRmu6kekxAJC4
DkOFA68t7GGB8hKMuGZCVg+V4wqQv64uGb07jOP2FyURihx/MPH5DRBbj77lxfhP
fKSHcwwWIWYV5gMNo4ius3SjEnt70f4bGRqdwhdYB+rahT6Kp/X1gP8nY8dDWkqj
eXxHjjlH2VGnzKzfH17BGYajySGs4OiTNpACvd6T0acTEQSy/N7TYtlaPo3oC/IX
0b/EY6Ag0re910K1TYprUP8k6TYZtqw3zrhMolUEE9iY
-----END CERTIFICATE-----