This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/Xx-SB8IlNsgbkMiQx4mSYmp_c3E.roa
File:                     Xx-SB8IlNsgbkMiQx4mSYmp_c3E.roa (raw, json)
Hash identifier:          H5EmddF0UXVmW0gvQsSUA/i6ZSdl9kyVO20xUD/pd1Q=
Subject key identifier:   5F:1F:92:07:C2:25:36:C8:1B:90:C8:90:C7:89:92:62:6A:7F:73:71
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       019B79ECD1025F7D5E2074167885F3269F28
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/Xx-SB8IlNsgbkMiQx4mSYmp_c3E.roa
Signing time:             Thu 01 Jan 2026 14:18:41 +0000
ROA not before:           Thu 01 Jan 2026 14:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        45.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:d1:02:5f:7d:5e:20:74:16:78:85:f3:26:9f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Jan  1 14:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f1f9207c22536c81b90c890c78992626a7f7371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4b:c9:ce:5a:f1:1a:11:23:11:89:de:78:e3:
                    72:ec:6a:5f:db:b6:cb:45:ba:af:1c:19:8a:46:cb:
                    62:9b:63:a5:77:e3:5d:f9:2a:53:35:a6:fa:80:1b:
                    38:80:c5:02:ba:d8:ac:8d:86:59:b6:e1:a1:0f:ab:
                    ad:38:68:fa:40:24:cc:e0:2d:04:53:21:08:5d:00:
                    a5:de:b4:3d:c0:a7:59:81:72:21:b1:5e:c2:a5:83:
                    0f:f8:1a:08:75:b2:5e:08:df:2a:94:09:9c:1c:ff:
                    b8:8d:36:10:d7:6d:54:66:e6:97:24:0d:c5:6b:09:
                    97:93:da:93:b9:62:cf:7d:08:c9:f8:3b:94:0b:f9:
                    ed:30:4a:ea:88:bd:16:2b:f7:68:84:f5:8e:ac:c1:
                    b7:71:b9:49:97:ee:9e:91:ff:5e:d9:43:92:10:c8:
                    3d:5f:ac:d2:2f:ca:b8:aa:8d:36:69:47:32:2b:b8:
                    0e:4c:bc:4a:fe:1e:fa:99:4b:c9:5b:83:45:aa:4b:
                    1b:9b:42:99:64:c9:8b:30:84:3b:a5:b3:4b:35:4b:
                    1d:f3:b0:3f:65:ce:4e:ec:1b:be:6e:9d:d6:ec:14:
                    88:1c:3d:3d:20:45:61:30:0c:5a:d1:a4:2f:cd:8d:
                    e6:10:af:16:0b:dd:08:cc:63:01:24:62:9e:b5:12:
                    b1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1F:92:07:C2:25:36:C8:1B:90:C8:90:C7:89:92:62:6A:7F:73:71
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/Xx-SB8IlNsgbkMiQx4mSYmp_c3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:00:d4:3a:00:be:d0:8d:99:f5:da:13:16:da:e5:d5:e0:e2:
         b8:53:30:6d:c6:e7:a4:7d:eb:45:2d:d4:5b:fd:0f:54:7e:05:
         8c:f4:24:97:70:67:02:2f:9f:e4:4a:7d:17:22:1d:29:6e:d0:
         50:73:5f:b5:8c:5c:d7:d9:44:24:03:57:8f:4a:5a:b2:f6:73:
         fa:26:e7:0d:ee:a8:77:ad:88:07:42:da:86:9e:15:42:73:c8:
         82:79:c7:83:1e:37:06:33:b5:0d:f0:a4:68:9a:57:8c:96:65:
         4e:07:0b:cd:c9:37:de:8b:a3:95:eb:85:e4:fd:68:45:15:41:
         50:60:21:b8:df:fd:c8:94:8b:ef:e7:9c:7c:ef:a7:9f:1d:b0:
         a8:c5:bf:05:eb:2a:b8:e4:13:3b:38:46:91:4d:9d:10:d8:15:
         58:51:32:67:6f:59:d2:3e:0a:2b:00:f4:7f:4c:29:c1:d1:a0:
         f6:9f:be:ef:ab:da:5e:37:f9:68:b3:a9:40:19:85:d1:32:35:
         99:f7:99:15:82:89:f0:90:4d:43:06:ec:7c:c9:24:da:60:83:
         a5:9d:31:da:99:08:40:3d:98:40:c5:67:a8:27:ba:7d:68:b8:
         f7:4a:3d:49:b1:2a:f9:dc:00:6b:a2:0c:95:4c:fd:28:6b:1d:
         ca:f4:c3:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57NECX31eIHQWeIXzJp8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjYwMTAxMTQxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFmOTIwN2MyMjUzNmM4MWI5MGM4OTBjNzg5OTI2MjZhN2Y3MzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUvJzlrxGhEjEYneeONy7Gpf27bL
RbqvHBmKRstim2Old+Nd+SpTNab6gBs4gMUCutisjYZZtuGhD6utOGj6QCTM4C0E
UyEIXQCl3rQ9wKdZgXIhsV7CpYMP+BoIdbJeCN8qlAmcHP+4jTYQ121UZuaXJA3F
awmXk9qTuWLPfQjJ+DuUC/ntMErqiL0WK/dohPWOrMG3cblJl+6ekf9e2UOSEMg9
X6zSL8q4qo02aUcyK7gOTLxK/h76mUvJW4NFqksbm0KZZMmLMIQ7pbNLNUsd87A/
Zc5O7Bu+bp3W7BSIHD09IEVhMAxa0aQvzY3mEK8WC90IzGMBJGKetRKxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8fkgfCJTbIG5DIkMeJkmJqf3NxMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvWHgtU0I4SWxOc2dia01pUXg0bVNZbXBfYzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZE0MA0G
CSqGSIb3DQEBCwUAA4IBAQACANQ6AL7QjZn12hMW2uXV4OK4UzBtxuekfetFLdRb
/Q9UfgWM9CSXcGcCL5/kSn0XIh0pbtBQc1+1jFzX2UQkA1ePSlqy9nP6JucN7qh3
rYgHQtqGnhVCc8iCeceDHjcGM7UN8KRomleMlmVOBwvNyTfei6OV64Xk/WhFFUFQ
YCG43/3IlIvv55x876efHbCoxb8F6yq45BM7OEaRTZ0Q2BVYUTJnb1nSPgorAPR/
TCnB0aD2n77vq9peN/los6lAGYXRMjWZ95kVgonwkE1DBux8ySTaYIOlnTHamQhA
PZhAxWeoJ7p9aLj3Sj1JsSr53ABrogyVTP0oax3K9MPq
-----END CERTIFICATE-----