This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/esU4fsvjE_GKeZBwL9xIr9vckzE.roa
File:                     esU4fsvjE_GKeZBwL9xIr9vckzE.roa (raw, json)
Hash identifier:          iqFT9wVD2iFSuqGQNBizWBYxsH/4xrNP/ECuVx8b/i4=
Subject key identifier:   7A:C5:38:7E:CB:E3:13:F1:8A:79:90:70:2F:DC:48:AF:DB:DC:93:31
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       019B77C6DE011C86BC900E5C08E61A309654
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/esU4fsvjE_GKeZBwL9xIr9vckzE.roa
Signing time:             Thu 01 Jan 2026 04:18:00 +0000
ROA not before:           Thu 01 Jan 2026 04:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        45.148.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:de:01:1c:86:bc:90:0e:5c:08:e6:1a:30:96:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jan  1 04:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ac5387ecbe313f18a7990702fdc48afdbdc9331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ce:13:06:39:75:83:f0:22:f2:85:94:a9:be:
                    35:21:69:3f:8a:cb:b0:26:eb:94:4a:f7:08:be:21:
                    91:39:3e:3c:76:3b:53:4d:53:3a:5b:1a:a8:63:34:
                    58:be:38:12:d4:14:f9:bb:50:b5:38:ed:b0:cb:42:
                    3e:da:b9:59:b7:a9:52:8d:db:34:65:0e:6d:4a:be:
                    67:7f:cc:a7:cb:15:62:7d:44:0e:e4:96:7b:2b:36:
                    67:c4:cd:1b:78:9a:8a:0d:15:a5:6b:ea:f0:b3:f1:
                    26:bb:8e:4d:0f:4a:f2:ef:73:73:a5:2a:d4:b7:8d:
                    be:4b:0f:a5:2e:a2:12:cb:d1:82:1f:b3:f9:a5:0b:
                    95:75:5f:38:8d:8d:8f:48:5b:fb:ce:08:7f:01:50:
                    7a:b1:fd:4e:d0:29:5a:74:34:aa:41:9e:f8:9d:27:
                    77:1a:30:72:c2:9e:ce:73:e6:ff:1b:12:e0:70:d1:
                    3d:75:14:51:29:9d:f5:0f:84:89:17:71:a8:52:85:
                    35:ee:26:66:82:16:05:48:a3:86:f6:41:22:12:a0:
                    47:1f:5e:73:f0:71:37:53:65:98:8a:2e:ee:ed:bc:
                    87:0e:27:9c:4d:8c:a7:df:50:61:ea:cd:de:32:b0:
                    c2:f4:e3:6a:df:c1:18:a0:9a:d7:90:53:10:5d:5b:
                    62:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C5:38:7E:CB:E3:13:F1:8A:79:90:70:2F:DC:48:AF:DB:DC:93:31
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/esU4fsvjE_GKeZBwL9xIr9vckzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:29:a0:c1:8a:92:bd:e6:94:2b:65:08:d4:7b:6b:28:05:b9:
         72:d9:dc:58:94:83:df:36:8b:43:1c:31:b1:6f:33:26:11:a5:
         bf:4b:6c:58:ca:d5:3b:2b:3b:5b:c2:f0:cb:d5:ef:89:c2:41:
         2d:92:a7:4d:1d:af:9e:49:31:24:b4:07:25:60:2d:75:ff:70:
         71:45:41:1e:a0:b8:b9:70:3c:8d:09:da:de:35:85:8a:25:21:
         f9:c9:c7:a7:0c:5e:67:2c:eb:3f:d2:74:c2:e4:f7:ce:65:c8:
         25:4a:cd:ee:a7:82:84:c1:5c:5b:e1:ad:c1:c9:c7:c6:fb:e8:
         2d:08:6c:fe:c4:a4:4c:48:7b:23:64:77:f2:e5:3b:3f:01:f4:
         09:93:1d:27:6b:f1:4f:86:4d:f0:61:ef:b3:0c:43:35:0b:df:
         65:50:b3:94:99:a7:a8:ea:40:ef:7a:e5:f1:e2:d8:e8:a5:90:
         42:40:df:10:91:77:cc:fe:b0:16:1a:cd:19:bb:e8:32:e3:5b:
         af:d2:97:7e:04:1a:ba:50:e7:7f:10:3b:e5:01:ba:b3:e9:9c:
         7c:87:23:10:3e:35:0b:25:ed:0e:bc:3f:eb:87:24:5a:3d:d0:
         06:9a:db:c5:ee:5c:db:23:f7:cd:7e:f8:56:5d:fd:bf:c6:a2:
         87:1c:50:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xt4BHIa8kA5cCOYaMJZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjYwMTAxMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM1Mzg3ZWNiZTMxM2YxOGE3OTkwNzAyZmRjNDhhZmRiZGM5MzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq84TBjl1g/Ai8oWUqb41IWk/isuw
JuuUSvcIviGROT48djtTTVM6WxqoYzRYvjgS1BT5u1C1OO2wy0I+2rlZt6lSjds0
ZQ5tSr5nf8ynyxVifUQO5JZ7KzZnxM0beJqKDRWla+rws/Emu45ND0ry73NzpSrU
t42+Sw+lLqISy9GCH7P5pQuVdV84jY2PSFv7zgh/AVB6sf1O0CladDSqQZ74nSd3
GjBywp7Oc+b/GxLgcNE9dRRRKZ31D4SJF3GoUoU17iZmghYFSKOG9kEiEqBHH15z
8HE3U2WYii7u7byHDiecTYyn31Bh6s3eMrDC9ONq38EYoJrXkFMQXVti0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrFOH7L4xPxinmQcC/cSK/b3JMxMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvZXNVNGZzdmpFX0dLZVpCd0w5eElyOXZja3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSGMA0G
CSqGSIb3DQEBCwUAA4IBAQAEKaDBipK95pQrZQjUe2soBbly2dxYlIPfNotDHDGx
bzMmEaW/S2xYytU7KztbwvDL1e+JwkEtkqdNHa+eSTEktAclYC11/3BxRUEeoLi5
cDyNCdreNYWKJSH5ycenDF5nLOs/0nTC5PfOZcglSs3up4KEwVxb4a3BycfG++gt
CGz+xKRMSHsjZHfy5Ts/AfQJkx0na/FPhk3wYe+zDEM1C99lULOUmaeo6kDveuXx
4tjopZBCQN8QkXfM/rAWGs0Zu+gy41uv0pd+BBq6UOd/EDvlAbqz6Zx8hyMQPjUL
Je0OvD/rhyRaPdAGmtvF7lzbI/fNfvhWXf2/xqKHHFBn
-----END CERTIFICATE-----