This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/h6iTojqaXm32u7BLTwm0z2ziaCY.roa
File:                     h6iTojqaXm32u7BLTwm0z2ziaCY.roa (raw, json)
Hash identifier:          LjbU3TQQa1ApTEOwMzVmaLwPfpE+NGA0goG5pwMkhxw=
Subject key identifier:   87:A8:93:A2:3A:9A:5E:6D:F6:BB:B0:4B:4F:09:B4:CF:6C:E2:68:26
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       019B7A5B3330905D37667A285847DD4A3A45
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/h6iTojqaXm32u7BLTwm0z2ziaCY.roa
Signing time:             Thu 01 Jan 2026 16:19:15 +0000
ROA not before:           Thu 01 Jan 2026 16:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201838
IP address blocks:        45.136.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:33:30:90:5d:37:66:7a:28:58:47:dd:4a:3a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 16:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87a893a23a9a5e6df6bbb04b4f09b4cf6ce26826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b3:86:ce:4c:16:6b:df:28:3c:48:a7:3a:6c:
                    a9:cd:b3:01:4f:d2:04:d7:8b:c4:7d:da:2f:75:ff:
                    b1:2a:4c:7f:71:bc:dd:74:ed:de:21:e1:bb:42:4b:
                    15:02:a4:aa:fa:22:91:5d:68:b3:56:03:9b:4c:96:
                    c7:1e:1b:97:66:1f:85:92:a3:4f:88:3c:ac:3b:fb:
                    e1:fd:df:59:c9:73:3d:97:c0:23:07:23:07:97:0c:
                    04:37:ec:5d:2d:32:c8:a9:73:2a:80:44:37:1d:e7:
                    c0:d6:fe:1a:77:91:96:b6:87:88:01:d9:ac:79:50:
                    1e:b0:d3:e6:46:e6:0c:44:33:bc:bb:35:85:6f:bf:
                    1b:6a:27:11:cc:9c:0d:db:f6:10:66:e6:38:00:cc:
                    e4:ca:4c:d1:90:96:d8:19:0c:a9:fb:78:8e:a3:67:
                    ed:d8:5e:b1:c1:e0:0b:f4:d7:91:7f:b2:73:eb:dc:
                    72:e4:c3:7b:3c:c5:d9:bb:92:61:2f:09:02:04:b0:
                    a5:5c:54:2a:a7:ca:38:e0:88:b8:1d:e4:5d:20:d1:
                    66:97:60:2a:4a:e0:37:df:c9:a8:5d:13:1b:9f:4d:
                    78:b9:ab:98:e4:07:75:db:cf:66:cb:e8:a0:b0:8f:
                    7d:c5:16:fa:e2:92:ad:1a:d9:1a:b0:3f:15:4d:2a:
                    dd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A8:93:A2:3A:9A:5E:6D:F6:BB:B0:4B:4F:09:B4:CF:6C:E2:68:26
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/h6iTojqaXm32u7BLTwm0z2ziaCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:c5:a1:43:19:cc:eb:70:6e:fa:0c:2a:8d:3e:74:09:44:c6:
         d8:0e:8a:51:ef:19:b9:16:32:79:04:77:a9:6f:e7:4c:85:89:
         94:4b:ae:47:f3:f5:1d:4a:e6:e5:1f:42:65:50:37:28:60:9c:
         1b:d5:87:db:b2:80:9a:e3:1e:a5:ce:1e:4a:55:03:bb:7c:7b:
         7d:bf:e6:9a:9e:5e:15:57:51:4c:bf:bf:a8:ba:db:8d:65:48:
         b8:10:5b:11:8f:df:bf:b0:4b:69:ac:5a:b8:72:99:f5:e8:a4:
         af:e1:30:4b:44:cb:7f:0d:ff:93:7c:85:12:45:85:6f:45:95:
         6e:ba:0b:85:4d:87:1e:61:bf:09:b0:9e:fb:46:07:49:35:52:
         b9:ef:36:ec:50:39:26:64:91:1b:05:0a:54:7b:d0:ef:88:03:
         3e:45:35:16:af:7e:30:f0:98:c5:dd:fc:5b:0d:c7:3f:f0:60:
         b0:1a:ea:5f:cd:50:c3:58:08:5f:13:e8:6b:a2:9f:e5:7a:56:
         11:fc:08:c0:d5:bf:04:4e:8e:df:1f:9e:f1:ca:18:8a:de:03:
         dd:1a:6e:d9:f1:b7:39:5b:2a:e3:59:32:20:b6:44:70:a9:8c:
         74:ff:04:ba:14:95:ca:c6:1b:ec:b8:fe:f7:c0:b0:a8:f6:2f:
         68:bb:e4:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WzMwkF03ZnooWEfdSjpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjYwMTAxMTYxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2E4OTNhMjNhOWE1ZTZkZjZiYmIwNGI0ZjA5YjRjZjZjZTI2ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7OGzkwWa98oPEinOmypzbMBT9IE
14vEfdovdf+xKkx/cbzddO3eIeG7QksVAqSq+iKRXWizVgObTJbHHhuXZh+FkqNP
iDysO/vh/d9ZyXM9l8AjByMHlwwEN+xdLTLIqXMqgEQ3HefA1v4ad5GWtoeIAdms
eVAesNPmRuYMRDO8uzWFb78baicRzJwN2/YQZuY4AMzkykzRkJbYGQyp+3iOo2ft
2F6xweAL9NeRf7Jz69xy5MN7PMXZu5JhLwkCBLClXFQqp8o44Ii4HeRdINFml2Aq
SuA338moXRMbn014uauY5Ad1289my+igsI99xRb64pKtGtkasD8VTSrdhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeok6I6ml5t9ruwS08JtM9s4mgmMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvaDZpVG9qcWFYbTMydTdCTFR3bTB6MnppYUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYjoMA0G
CSqGSIb3DQEBCwUAA4IBAQCvxaFDGczrcG76DCqNPnQJRMbYDopR7xm5FjJ5BHep
b+dMhYmUS65H8/UdSublH0JlUDcoYJwb1YfbsoCa4x6lzh5KVQO7fHt9v+aanl4V
V1FMv7+outuNZUi4EFsRj9+/sEtprFq4cpn16KSv4TBLRMt/Df+TfIUSRYVvRZVu
uguFTYceYb8JsJ77RgdJNVK57zbsUDkmZJEbBQpUe9DviAM+RTUWr34w8JjF3fxb
Dcc/8GCwGupfzVDDWAhfE+hrop/lelYR/AjA1b8ETo7fH57xyhiK3gPdGm7Z8bc5
WyrjWTIgtkRwqYx0/wS6FJXKxhvsuP73wLCo9i9ou+Q8
-----END CERTIFICATE-----