This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/6aW5lIi7oMnv0JtmoIYru-ajW2U.roa
File:                     6aW5lIi7oMnv0JtmoIYru-ajW2U.roa (raw, json)
Hash identifier:          hiLXgzBLgftqnSKxGdk0TFz/543p7sGbEcxREIu87FA=
Subject key identifier:   E9:A5:B9:94:88:BB:A0:C9:EF:D0:9B:66:A0:86:2B:BB:E6:A3:5B:65
Certificate issuer:       /CN=a1a55bf2888753e44675b61dda30394d90156c0a
Certificate serial:       019BA8FB83AD1CD37280B2A6E04EE9DEBE6A
Authority key identifier: A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/6aW5lIi7oMnv0JtmoIYru-ajW2U.roa
Signing time:             Sat 10 Jan 2026 17:36:54 +0000
ROA not before:           Sat 10 Jan 2026 17:36:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        45.138.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a8:fb:83:ad:1c:d3:72:80:b2:a6:e0:4e:e9:de:be:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1a55bf2888753e44675b61dda30394d90156c0a
        Validity
            Not Before: Jan 10 17:36:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9a5b99488bba0c9efd09b66a0862bbbe6a35b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:05:d6:2d:59:a3:f0:e9:cf:6c:df:1a:a8:3f:
                    c0:81:9c:87:a7:da:b4:ad:5e:52:4e:63:ea:76:d7:
                    83:78:d5:df:4e:6b:bb:b4:12:cf:1b:47:e8:cb:2d:
                    95:ab:dd:05:74:11:48:0c:8b:da:43:38:88:cc:be:
                    a2:dc:ad:ca:02:57:22:12:1d:3a:28:9e:30:67:a1:
                    e0:6f:4f:16:f6:a5:d2:26:e3:be:8f:f4:be:cf:11:
                    0a:a8:0e:59:96:f6:ec:b7:f7:ba:ad:dd:96:50:67:
                    20:39:66:56:5a:da:c1:59:76:85:97:45:a8:9c:d8:
                    66:12:27:e5:4a:ee:12:3c:e7:bd:4c:b3:9e:55:ef:
                    e4:68:be:cf:30:db:f9:23:ff:1d:59:4f:cd:20:68:
                    77:61:06:41:5c:0a:b7:70:bc:4f:72:1a:7f:3e:7b:
                    97:df:71:12:eb:0d:4b:12:e1:eb:3e:93:b1:34:94:
                    65:94:5d:64:e0:6c:20:c9:b4:dc:5d:52:bf:b1:46:
                    80:63:29:6a:b3:1c:6e:30:4a:8c:0c:8f:bc:76:05:
                    03:bc:25:53:34:b8:3d:fa:ba:a5:d5:19:1c:f3:55:
                    07:f9:89:35:47:61:50:79:75:f3:03:e6:89:1e:01:
                    dc:d3:bc:c1:92:f7:51:60:b2:8c:b5:b7:7a:54:a5:
                    de:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A5:B9:94:88:BB:A0:C9:EF:D0:9B:66:A0:86:2B:BB:E6:A3:5B:65
            X509v3 Authority Key Identifier:
                keyid:A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/6aW5lIi7oMnv0JtmoIYru-ajW2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:94:8c:42:8c:e7:ad:c9:05:61:ad:6d:a6:b1:58:a9:33:a1:
         fe:47:54:65:a2:f2:d3:f7:00:dc:c0:b1:d4:92:4b:99:a9:98:
         35:9b:7c:3b:79:d8:03:49:52:19:55:c7:d9:0d:ca:ca:57:7b:
         39:d3:ad:ee:86:f5:11:ab:8b:d4:bd:7a:27:0c:72:f7:a3:54:
         2a:79:2b:8f:29:05:02:78:76:0c:e2:49:f9:6e:79:78:18:23:
         94:2f:c8:1c:47:14:41:35:19:b7:85:9e:fd:cd:84:ee:07:00:
         11:a7:10:76:c9:2c:9b:c9:93:bf:f0:fc:82:cf:4a:0c:f6:08:
         69:60:cc:9f:ef:11:f0:bc:b5:4f:0e:6d:25:7b:0d:c3:b4:9f:
         b3:af:a1:65:1e:03:ae:30:ca:6b:f9:9e:b7:17:a3:85:90:ee:
         03:f8:3f:aa:83:c7:48:b8:54:fb:39:f6:b6:35:49:d2:3d:6e:
         4d:99:04:d5:66:af:1e:b8:5e:0d:f7:54:46:bc:d8:65:af:0c:
         75:e4:3b:cb:56:10:43:31:de:07:37:85:ec:7b:6e:da:7a:9b:
         bb:d1:8b:57:bb:f4:14:a4:35:64:ec:62:03:ac:59:7d:77:3c:
         90:bb:61:2c:6e:18:78:ee:54:1c:8d:a6:aa:a5:89:0a:c5:eb:
         6f:d7:1f:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuo+4OtHNNygLKm4E7p3r5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTU1YmYyODg4NzUzZTQ0Njc1YjYxZGRhMzAzOTRkOTAx
NTZjMGEwHhcNMjYwMTEwMTczNjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWE1Yjk5NDg4YmJhMGM5ZWZkMDliNjZhMDg2MmJiYmU2YTM1YjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAXWLVmj8OnPbN8aqD/AgZyHp9q0
rV5STmPqdteDeNXfTmu7tBLPG0foyy2Vq90FdBFIDIvaQziIzL6i3K3KAlciEh06
KJ4wZ6Hgb08W9qXSJuO+j/S+zxEKqA5Zlvbst/e6rd2WUGcgOWZWWtrBWXaFl0Wo
nNhmEiflSu4SPOe9TLOeVe/kaL7PMNv5I/8dWU/NIGh3YQZBXAq3cLxPchp/PnuX
33ES6w1LEuHrPpOxNJRllF1k4GwgybTcXVK/sUaAYylqsxxuMEqMDI+8dgUDvCVT
NLg9+rql1Rkc81UH+Yk1R2FQeXXzA+aJHgHc07zBkvdRYLKMtbd6VKXeYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmluZSIu6DJ79CbZqCGK7vmo1tlMB8GA1UdIwQY
MBaAFKGlW/KIh1PkRnW2HdowOU2QFWwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQt
MjdjOWQ5MTE0MjM4LzEvNmFXNWxJaTdvTW52MEp0bW9JWXJ1LWFqVzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQtMjdjOWQ5MTE0MjM4
LzEvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq/MA0G
CSqGSIb3DQEBCwUAA4IBAQBVlIxCjOetyQVhrW2msVipM6H+R1RlovLT9wDcwLHU
kkuZqZg1m3w7edgDSVIZVcfZDcrKV3s5063uhvURq4vUvXonDHL3o1QqeSuPKQUC
eHYM4kn5bnl4GCOUL8gcRxRBNRm3hZ79zYTuBwARpxB2ySybyZO/8PyCz0oM9ghp
YMyf7xHwvLVPDm0lew3DtJ+zr6FlHgOuMMpr+Z63F6OFkO4D+D+qg8dIuFT7Ofa2
NUnSPW5NmQTVZq8euF4N91RGvNhlrwx15DvLVhBDMd4HN4Xse27aepu70YtXu/QU
pDVk7GIDrFl9dzyQu2Esbhh47lQcjaaqpYkKxetv1x8O
-----END CERTIFICATE-----