This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/I7fsskDuUPI9n8W5CoTEOcyP-yY.roa
File:                     I7fsskDuUPI9n8W5CoTEOcyP-yY.roa (raw, json)
Hash identifier:          j0FldRENTyqrwhFAUXXW5c1Z5syjLGG68j+m+XUr/mM=
Subject key identifier:   23:B7:EC:B2:40:EE:50:F2:3D:9F:C5:B9:0A:84:C4:39:CC:8F:FB:26
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B360F8546AE2631FD11FAF657403F6F
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/I7fsskDuUPI9n8W5CoTEOcyP-yY.roa
Signing time:             Thu 01 Jan 2026 20:18:19 +0000
ROA not before:           Thu 01 Jan 2026 20:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        45.142.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:0f:85:46:ae:26:31:fd:11:fa:f6:57:40:3f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23b7ecb240ee50f23d9fc5b90a84c439cc8ffb26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:fb:72:0d:ab:71:a3:6e:71:89:64:28:f8:
                    62:5b:b6:d0:c6:8e:2f:17:ec:39:de:c9:b5:72:77:
                    51:f8:20:b0:ca:9a:c8:59:8f:ef:fc:8c:97:04:d2:
                    2d:4f:4f:eb:eb:89:80:95:25:df:f9:77:ad:ca:86:
                    6d:2f:3a:08:e1:ea:c3:94:67:97:a0:a1:5d:b4:20:
                    38:20:a9:e8:37:6f:d7:21:36:72:1c:f7:44:11:b1:
                    a2:1e:76:1e:5f:ea:db:16:ff:f4:fe:9e:b5:02:91:
                    49:b4:72:9b:4d:d6:36:66:cf:88:25:ac:76:a0:83:
                    52:57:d9:47:b0:69:cf:ac:5e:7d:67:db:24:6b:70:
                    37:06:9a:3a:dc:e5:6b:e4:e2:4a:22:8c:73:62:46:
                    d0:c1:66:98:20:bb:64:a8:3d:ef:60:f1:b5:7b:3e:
                    ff:a3:0c:b1:47:b9:47:36:49:77:45:48:8b:e7:5e:
                    c6:2d:1b:91:bf:66:78:40:67:d4:ff:e5:b1:5c:db:
                    a4:94:d8:16:40:82:04:42:96:dc:79:e4:4d:11:12:
                    3d:d2:42:8a:17:fb:9c:92:34:fb:42:cb:24:e4:a9:
                    7e:ae:1c:f2:c3:88:40:fc:cf:a1:f3:33:c4:4c:9b:
                    ab:30:98:5f:6f:a3:56:48:63:b4:a9:96:8c:8e:bc:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B7:EC:B2:40:EE:50:F2:3D:9F:C5:B9:0A:84:C4:39:CC:8F:FB:26
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/I7fsskDuUPI9n8W5CoTEOcyP-yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:a0:0e:ea:33:92:bc:87:50:e5:38:15:79:75:5d:21:52:17:
         97:ed:e7:0b:83:14:8c:0a:2c:80:84:9d:81:84:23:c8:7c:57:
         69:17:6e:1a:d7:53:0d:59:4e:28:e6:83:c8:e4:72:37:58:70:
         db:b3:dd:3f:9c:d9:d6:ee:c1:0a:fa:39:86:04:7b:c1:32:fb:
         a5:24:b6:bf:08:24:96:97:c7:0f:49:73:f1:12:9e:69:88:02:
         1e:c1:e3:38:a5:ed:15:3a:9d:c6:0a:46:4a:1a:61:10:7d:96:
         28:64:bc:9f:91:4b:e0:40:8c:1f:9a:b9:e0:6f:10:c3:b7:34:
         64:7c:22:7a:5a:c2:0e:7e:33:38:c6:9a:56:b2:16:ba:70:f6:
         d3:1b:7f:1b:cd:43:11:c6:55:e2:df:3f:95:75:91:3c:3f:a4:
         6c:81:16:61:e3:d7:87:f3:60:2c:8a:47:2d:a8:d2:0f:32:6c:
         a3:cc:11:a8:45:b5:3a:ea:1b:aa:c9:83:c8:ff:f5:04:85:28:
         4a:88:65:4a:2c:f7:dc:b3:b9:75:0c:18:22:88:ca:53:66:59:
         1e:87:41:ae:d2:2c:5b:98:04:d8:5d:03:dc:77:3c:71:1b:16:
         02:ce:6e:9b:55:79:09:8c:92:95:cf:af:71:f2:66:ea:31:df:
         7f:2e:5a:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ng+FRq4mMf0R+vZXQD9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2I3ZWNiMjQwZWU1MGYyM2Q5ZmM1YjkwYTg0YzQzOWNjOGZmYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IT7cg2rcaNucYlkKPhiW7bQxo4v
F+w53sm1cndR+CCwyprIWY/v/IyXBNItT0/r64mAlSXf+XetyoZtLzoI4erDlGeX
oKFdtCA4IKnoN2/XITZyHPdEEbGiHnYeX+rbFv/0/p61ApFJtHKbTdY2Zs+IJax2
oINSV9lHsGnPrF59Z9ska3A3Bpo63OVr5OJKIoxzYkbQwWaYILtkqD3vYPG1ez7/
owyxR7lHNkl3RUiL517GLRuRv2Z4QGfU/+WxXNuklNgWQIIEQpbceeRNERI90kKK
F/uckjT7Qssk5Kl+rhzyw4hA/M+h8zPETJurMJhfb6NWSGO0qZaMjrwotQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCO37LJA7lDyPZ/FuQqExDnMj/smMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvSTdmc3NrRHVVUEk5bjhXNUNvVEVPY3lQLXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY7YMA0G
CSqGSIb3DQEBCwUAA4IBAQCKoA7qM5K8h1DlOBV5dV0hUheX7ecLgxSMCiyAhJ2B
hCPIfFdpF24a11MNWU4o5oPI5HI3WHDbs90/nNnW7sEK+jmGBHvBMvulJLa/CCSW
l8cPSXPxEp5piAIeweM4pe0VOp3GCkZKGmEQfZYoZLyfkUvgQIwfmrngbxDDtzRk
fCJ6WsIOfjM4xppWsha6cPbTG38bzUMRxlXi3z+VdZE8P6RsgRZh49eH82Asikct
qNIPMmyjzBGoRbU66huqyYPI//UEhShKiGVKLPfcs7l1DBgiiMpTZlkeh0Gu0ixb
mATYXQPcdzxxGxYCzm6bVXkJjJKVz69x8mbqMd9/Llqu
-----END CERTIFICATE-----