This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/i_fheKNVQZhWFTdE7yImbk9ro-w.roa
File:                     i_fheKNVQZhWFTdE7yImbk9ro-w.roa (raw, json)
Hash identifier:          eeoqLJuO/FD+LMpZeegvKuJwG9knkScCqqvz3uiCruM=
Subject key identifier:   8B:F7:E1:78:A3:55:41:98:56:15:37:44:EF:22:26:6E:4F:6B:A3:EC
Certificate issuer:       /CN=a1a55bf2888753e44675b61dda30394d90156c0a
Certificate serial:       019BAC4FDF2B15A02D4CA985C2A7BD29FB43
Authority key identifier: A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/i_fheKNVQZhWFTdE7yImbk9ro-w.roa
Signing time:             Sun 11 Jan 2026 09:07:54 +0000
ROA not before:           Sun 11 Jan 2026 09:07:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        45.138.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 19:27:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ac:4f:df:2b:15:a0:2d:4c:a9:85:c2:a7:bd:29:fb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1a55bf2888753e44675b61dda30394d90156c0a
        Validity
            Not Before: Jan 11 09:07:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bf7e178a355419856153744ef22266e4f6ba3ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:68:83:5e:1a:ae:d2:9a:d9:7c:2e:f8:51:2e:
                    6b:4e:8d:1a:ca:3e:66:ce:e7:39:d8:c2:62:9a:d1:
                    5b:78:84:45:b7:62:a2:96:a5:cb:86:e4:30:80:84:
                    3e:cc:7d:5d:ca:2a:45:26:69:71:38:c6:78:14:04:
                    b8:1e:d1:de:8e:04:07:87:82:50:4a:5e:f2:26:32:
                    35:d9:6d:eb:d9:70:46:c6:c1:ff:a5:1a:72:d2:ef:
                    0a:87:84:dc:08:b3:70:a2:28:64:79:09:97:09:b8:
                    a1:4c:0d:92:14:a5:2b:5b:10:d0:fe:87:ea:82:db:
                    de:a7:fd:ef:7a:57:20:6e:42:ac:a3:6e:5c:36:24:
                    f5:ea:48:4e:83:ab:a7:3a:1d:b1:ee:ef:61:61:84:
                    f7:86:97:77:3a:06:80:99:f3:77:9e:7f:28:75:3f:
                    5e:35:31:08:6e:5f:f0:74:e8:9b:5c:22:55:f6:e4:
                    86:5f:ca:8e:69:9d:e5:17:6e:b4:02:f8:f4:3a:cf:
                    4c:e4:55:27:81:48:c0:e7:7a:db:a8:ca:72:20:c0:
                    ee:85:19:5a:fe:d3:27:7c:3f:4f:7c:13:84:ed:5d:
                    e9:ac:67:ec:f3:92:56:c6:31:d8:87:97:c0:2f:96:
                    88:b3:0f:bf:a3:95:c2:a1:a1:11:07:4d:19:a7:04:
                    6d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F7:E1:78:A3:55:41:98:56:15:37:44:EF:22:26:6E:4F:6B:A3:EC
            X509v3 Authority Key Identifier:
                keyid:A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/i_fheKNVQZhWFTdE7yImbk9ro-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:8e:93:ae:f3:7f:a9:67:b8:da:53:a6:1f:c8:6c:5c:68:f2:
         88:d1:b2:a7:f7:d0:83:de:bf:f0:c6:01:c0:2f:14:c1:a1:c9:
         92:03:5f:aa:00:7f:b3:ba:27:f7:d8:4b:ee:31:88:96:c5:be:
         1d:e3:96:39:94:69:5a:09:8e:b4:2a:e5:d1:60:47:98:bc:de:
         55:e1:85:bc:47:4a:ae:6c:a5:be:64:8c:23:30:37:b8:ea:f1:
         a4:fb:03:8e:0d:9b:28:81:97:f5:7b:f6:84:20:00:9d:0f:b5:
         14:d5:10:a0:14:f2:7f:b3:e7:83:86:a6:d8:87:14:fa:d9:62:
         1b:c4:af:c9:e3:a8:77:69:dd:1a:c0:7d:b3:4e:ae:2b:d5:3c:
         e2:9c:36:44:04:11:d3:ba:08:67:e4:c1:eb:81:81:ec:85:a3:
         06:1f:9a:d5:b3:26:65:96:01:82:5e:ab:0e:46:ec:3a:c0:71:
         a3:82:f7:d9:4f:9c:44:25:bc:37:83:2a:ed:e9:34:80:e5:97:
         70:58:55:bf:28:65:ba:85:00:75:ec:a1:8c:77:b8:c4:b3:48:
         be:3a:5d:a7:e1:3b:30:8e:54:a9:3a:7b:fc:0d:ab:98:7a:3b:
         5e:4e:b9:d3:31:f3:e5:e4:f4:49:42:9e:68:47:aa:56:9f:a6:
         4d:d5:ad:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZusT98rFaAtTKmFwqe9KftDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTU1YmYyODg4NzUzZTQ0Njc1YjYxZGRhMzAzOTRkOTAx
NTZjMGEwHhcNMjYwMTExMDkwNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY3ZTE3OGEzNTU0MTk4NTYxNTM3NDRlZjIyMjY2ZTRmNmJhM2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGiDXhqu0prZfC74US5rTo0ayj5m
zuc52MJimtFbeIRFt2KilqXLhuQwgIQ+zH1dyipFJmlxOMZ4FAS4HtHejgQHh4JQ
Sl7yJjI12W3r2XBGxsH/pRpy0u8Kh4TcCLNwoihkeQmXCbihTA2SFKUrWxDQ/ofq
gtvep/3velcgbkKso25cNiT16khOg6unOh2x7u9hYYT3hpd3OgaAmfN3nn8odT9e
NTEIbl/wdOibXCJV9uSGX8qOaZ3lF260Avj0Os9M5FUngUjA53rbqMpyIMDuhRla
/tMnfD9PfBOE7V3prGfs85JWxjHYh5fAL5aIsw+/o5XCoaERB00ZpwRtGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIv34XijVUGYVhU3RO8iJm5Pa6PsMB8GA1UdIwQY
MBaAFKGlW/KIh1PkRnW2HdowOU2QFWwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQt
MjdjOWQ5MTE0MjM4LzEvaV9maGVLTlZRWmhXRlRkRTd5SW1iazlyby13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQtMjdjOWQ5MTE0MjM4
LzEvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq/MA0G
CSqGSIb3DQEBCwUAA4IBAQBtjpOu83+pZ7jaU6YfyGxcaPKI0bKn99CD3r/wxgHA
LxTBocmSA1+qAH+zuif32EvuMYiWxb4d45Y5lGlaCY60KuXRYEeYvN5V4YW8R0qu
bKW+ZIwjMDe46vGk+wOODZsogZf1e/aEIACdD7UU1RCgFPJ/s+eDhqbYhxT62WIb
xK/J46h3ad0awH2zTq4r1TzinDZEBBHTughn5MHrgYHshaMGH5rVsyZllgGCXqsO
Ruw6wHGjgvfZT5xEJbw3gyrt6TSA5ZdwWFW/KGW6hQB17KGMd7jEs0i+Ol2n4Tsw
jlSpOnv8DauYejteTrnTMfPl5PRJQp5oR6pWn6ZN1a3V
-----END CERTIFICATE-----