This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wJ_sCxEwg8Qjg9wdVj5bIJ-HpB0.roa
File:                     wJ_sCxEwg8Qjg9wdVj5bIJ-HpB0.roa (raw, json)
Hash identifier:          CDEJeNP+I0uQsJuNJPP9VeZxEU5XxR9iUVpbaAQTQQM=
Subject key identifier:   C0:9F:EC:0B:11:30:83:C4:23:83:DC:1D:56:3E:5B:20:9F:87:A4:1D
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B7911534FD76BA45CB41C2544F1F43317
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wJ_sCxEwg8Qjg9wdVj5bIJ-HpB0.roa
Signing time:             Thu 01 Jan 2026 10:18:57 +0000
ROA not before:           Thu 01 Jan 2026 10:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211541
IP address blocks:        45.43.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:53:4f:d7:6b:a4:5c:b4:1c:25:44:f1:f4:33:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c09fec0b113083c42383dc1d563e5b209f87a41d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a4:e7:7a:9a:e2:7e:ba:94:86:00:8d:bd:76:
                    a7:12:56:f3:86:e5:a3:41:df:9a:e3:b2:cb:96:29:
                    e5:64:a9:c7:70:63:98:55:f8:c9:b7:27:68:b1:1e:
                    88:c8:67:df:f5:5d:21:db:3c:67:63:84:b1:d4:b4:
                    00:58:55:ec:01:57:7f:63:89:45:aa:78:1c:da:06:
                    d9:a4:05:e9:98:72:13:9b:f1:40:b1:f7:b9:56:ae:
                    1e:be:a7:49:aa:87:7a:8b:07:2f:de:d2:23:9b:6e:
                    a4:dd:80:ee:5b:89:96:79:0e:5c:b7:99:98:ca:4d:
                    72:9a:1c:ad:ad:10:75:0c:92:52:34:d1:a9:0b:59:
                    98:a4:67:6b:a1:88:8c:e7:c8:82:a5:17:53:d6:a6:
                    3a:bb:25:b7:43:75:a1:16:f9:67:62:31:6b:8a:6e:
                    6c:ef:86:cd:f1:c9:7f:7d:b3:d3:66:c9:27:26:a0:
                    df:76:04:60:cb:61:73:0f:7c:af:5d:4b:bb:84:59:
                    c4:d6:43:a6:bd:dd:4c:3f:d3:20:ac:bb:fa:7c:0c:
                    f7:0e:44:e9:25:29:31:ca:ed:85:80:28:54:f3:27:
                    13:08:60:15:50:2a:79:c6:61:3a:13:3f:5b:79:91:
                    28:39:a5:40:f7:f0:27:2d:9f:94:58:fc:11:03:3c:
                    8c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:9F:EC:0B:11:30:83:C4:23:83:DC:1D:56:3E:5B:20:9F:87:A4:1D
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wJ_sCxEwg8Qjg9wdVj5bIJ-HpB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:60:dc:90:3e:49:e9:86:5d:59:81:99:d4:af:fe:c8:0b:a1:
         1f:4f:d8:f8:7e:21:27:8e:23:fa:95:a7:5e:e8:91:14:82:90:
         ae:e6:7f:6a:3c:80:0f:69:36:41:a4:24:ad:37:db:85:bf:80:
         12:5d:ae:59:d5:99:b8:60:d1:80:1b:1f:f9:71:ed:db:36:51:
         f2:88:c0:ff:4a:4e:d5:6c:f5:a8:83:11:3b:72:39:a1:77:8b:
         e0:24:2d:97:85:e2:9e:a1:3e:45:de:66:fc:80:d0:63:64:ff:
         28:c9:fc:2d:91:11:2c:ee:26:e4:c5:4c:41:07:50:64:27:b9:
         e9:7e:82:1d:fe:35:c6:2b:1d:96:f1:24:3f:be:05:1b:9e:8d:
         3f:33:38:ad:60:1d:eb:1e:45:be:40:97:2b:cf:ec:96:ff:cf:
         39:ee:fb:3a:40:e5:3c:18:3b:73:64:41:c5:78:e2:2a:1c:29:
         59:0f:2f:1e:80:db:db:4a:93:9c:fb:b8:5b:09:cd:de:de:fd:
         00:5f:93:59:20:fa:c4:27:be:7d:6a:6c:02:2d:fa:50:d6:68:
         23:46:d0:ac:66:4c:58:98:0d:1d:95:4e:54:67:86:d5:07:4b:
         81:11:c1:5d:30:cd:aa:5a:cb:08:89:ee:ed:4a:34:9a:3c:8e:
         f8:77:83:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EVNP12ukXLQcJUTx9DMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDlmZWMwYjExMzA4M2M0MjM4M2RjMWQ1NjNlNWIyMDlmODdhNDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaTneprifrqUhgCNvXanElbzhuWj
Qd+a47LLlinlZKnHcGOYVfjJtydosR6IyGff9V0h2zxnY4Sx1LQAWFXsAVd/Y4lF
qngc2gbZpAXpmHITm/FAsfe5Vq4evqdJqod6iwcv3tIjm26k3YDuW4mWeQ5ct5mY
yk1ymhytrRB1DJJSNNGpC1mYpGdroYiM58iCpRdT1qY6uyW3Q3WhFvlnYjFrim5s
74bN8cl/fbPTZsknJqDfdgRgy2FzD3yvXUu7hFnE1kOmvd1MP9MgrLv6fAz3DkTp
JSkxyu2FgChU8ycTCGAVUCp5xmE6Ez9beZEoOaVA9/AnLZ+UWPwRAzyMCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCf7AsRMIPEI4PcHVY+WyCfh6QdMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvd0pfc0N4RXdnOFFqZzl3ZFZqNWJJSi1IcEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSuZMA0G
CSqGSIb3DQEBCwUAA4IBAQAJYNyQPknphl1ZgZnUr/7IC6EfT9j4fiEnjiP6lade
6JEUgpCu5n9qPIAPaTZBpCStN9uFv4ASXa5Z1Zm4YNGAGx/5ce3bNlHyiMD/Sk7V
bPWogxE7cjmhd4vgJC2XheKeoT5F3mb8gNBjZP8oyfwtkREs7ibkxUxBB1BkJ7np
foId/jXGKx2W8SQ/vgUbno0/MzitYB3rHkW+QJcrz+yW/8857vs6QOU8GDtzZEHF
eOIqHClZDy8egNvbSpOc+7hbCc3e3v0AX5NZIPrEJ759amwCLfpQ1mgjRtCsZkxY
mA0dlU5UZ4bVB0uBEcFdMM2qWssIie7tSjSaPI74d4Nb
-----END CERTIFICATE-----