This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Ct_iUneimu29k3lorVHqDQkI5ko.roa
File:                     Ct_iUneimu29k3lorVHqDQkI5ko.roa (raw, json)
Hash identifier:          prea/mktEEp9J2hmENedR7tKBd2SBMd0XSaJoNQyWhg=
Subject key identifier:   0A:DF:E2:52:77:A2:9A:ED:BD:93:79:68:AD:51:EA:0D:09:08:E6:4A
Certificate issuer:       /CN=0f17bf2498f3682d7183e47f75b28af41c2815b9
Certificate serial:       019AE0B6CF3DF65A9BCB3B0A320D5C77125C
Authority key identifier: 0F:17:BF:24:98:F3:68:2D:71:83:E4:7F:75:B2:8A:F4:1C:28:15:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Ct_iUneimu29k3lorVHqDQkI5ko.roa
Signing time:             Tue 02 Dec 2025 20:17:48 +0000
ROA not before:           Tue 02 Dec 2025 20:17:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8888
IP address blocks:        45.128.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 05:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:e0:b6:cf:3d:f6:5a:9b:cb:3b:0a:32:0d:5c:77:12:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f17bf2498f3682d7183e47f75b28af41c2815b9
        Validity
            Not Before: Dec  2 20:17:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0adfe25277a29aedbd937968ad51ea0d0908e64a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1b:4c:19:c8:b7:02:43:aa:e7:08:e3:84:6a:
                    6f:27:af:af:e1:1f:c3:6c:dc:92:8b:84:0c:9a:03:
                    b1:78:19:f6:5f:03:eb:60:88:90:ce:56:30:61:78:
                    6a:f0:7a:d1:49:98:27:aa:b5:32:b8:ab:e4:5a:1c:
                    30:ad:95:7b:b1:86:37:62:09:08:4e:93:d5:0d:54:
                    95:a6:8f:fa:54:34:6a:35:72:7a:f6:f3:a0:c7:10:
                    78:ba:9f:c8:ee:0b:6f:6f:9b:47:b5:91:67:d5:6c:
                    a6:3e:40:01:f1:40:06:30:39:1b:85:f2:6d:21:46:
                    17:40:ad:62:68:43:f5:bb:ae:f0:64:ca:36:b1:64:
                    a8:87:32:39:d2:08:8d:0a:a9:7a:60:83:c4:d0:c3:
                    79:cb:2f:45:0c:38:58:c9:21:2a:94:12:41:2d:48:
                    3f:bb:3f:cb:0c:9e:a0:bf:3f:4b:39:f6:f4:9c:18:
                    12:cc:78:f0:e7:5a:2e:33:e1:de:e0:9e:57:c4:97:
                    1e:4f:0d:fe:e5:87:6f:5d:3c:13:12:6a:11:16:66:
                    52:26:69:95:6c:b6:42:51:84:33:7f:d5:c5:7f:de:
                    44:67:91:08:31:8e:56:53:7d:f5:60:69:4e:07:99:
                    da:95:99:c7:4c:65:00:d2:db:df:bb:28:c7:e0:eb:
                    a3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DF:E2:52:77:A2:9A:ED:BD:93:79:68:AD:51:EA:0D:09:08:E6:4A
            X509v3 Authority Key Identifier:
                keyid:0F:17:BF:24:98:F3:68:2D:71:83:E4:7F:75:B2:8A:F4:1C:28:15:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Ct_iUneimu29k3lorVHqDQkI5ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7be614-1e6e-4b40-b6dc-a49cbb84f982/1/Dxe_JJjzaC1xg-R_dbKK9BwoFbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:38:7b:93:fb:c4:a3:3e:5b:b7:2a:0a:bb:f9:e1:20:06:a0:
         ce:18:60:8b:43:d1:55:e5:d1:90:1c:b0:76:73:e5:44:76:c0:
         3a:8a:3a:34:80:bd:98:6a:5e:e9:63:bc:eb:98:0c:0e:46:86:
         9b:25:ba:81:dd:75:b7:8a:43:93:26:ca:c1:2c:2d:56:f3:c1:
         c7:fc:19:2c:0b:8a:19:a5:8b:83:57:53:81:e8:b0:81:64:10:
         36:5a:06:7c:ab:5c:61:4b:64:c3:72:38:36:1f:48:43:9d:4f:
         b6:45:a5:d6:2c:f0:a4:56:fd:1d:57:44:39:70:49:d9:1e:a3:
         8c:b5:b5:61:0a:02:c5:f2:cb:d5:e4:73:6e:b7:de:fc:2a:4b:
         f9:1c:61:af:f0:72:a4:47:19:cf:f2:d2:cd:43:ce:93:40:db:
         dd:a0:85:a9:6b:ed:16:e4:d2:99:64:51:52:9a:e0:92:9f:99:
         46:93:cd:bd:72:b2:f9:17:0a:2a:2e:8a:f2:7e:7b:fb:18:80:
         10:35:44:50:18:cb:94:ef:fd:03:3f:b9:6d:17:0f:b1:e2:1d:
         66:10:1e:ae:c7:2d:85:c4:59:9a:b5:b7:97:86:58:f1:77:b2:
         09:c6:91:00:58:e5:39:ec:18:48:2d:22:f5:7a:3b:0f:e6:bc:
         93:17:1b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrgts899lqbyzsKMg1cdxJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMTdiZjI0OThmMzY4MmQ3MTgzZTQ3Zjc1YjI4YWY0MWMy
ODE1YjkwHhcNMjUxMjAyMjAxNzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRmZTI1Mjc3YTI5YWVkYmQ5Mzc5NjhhZDUxZWEwZDA5MDhlNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8htMGci3AkOq5wjjhGpvJ6+v4R/D
bNySi4QMmgOxeBn2XwPrYIiQzlYwYXhq8HrRSZgnqrUyuKvkWhwwrZV7sYY3YgkI
TpPVDVSVpo/6VDRqNXJ69vOgxxB4up/I7gtvb5tHtZFn1WymPkAB8UAGMDkbhfJt
IUYXQK1iaEP1u67wZMo2sWSohzI50giNCql6YIPE0MN5yy9FDDhYySEqlBJBLUg/
uz/LDJ6gvz9LOfb0nBgSzHjw51ouM+He4J5XxJceTw3+5YdvXTwTEmoRFmZSJmmV
bLZCUYQzf9XFf95EZ5EIMY5WU331YGlOB5nalZnHTGUA0tvfuyjH4OujVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArf4lJ3oprtvZN5aK1R6g0JCOZKMB8GA1UdIwQY
MBaAFA8XvySY82gtcYPkf3WyivQcKBW5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHhlX0pKanphQzF4Zy1SX2RiS0s5QndvRmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83YmU2MTQtMWU2ZS00YjQwLWI2ZGMt
YTQ5Y2JiODRmOTgyLzEvQ3RfaVVuZWltdTI5azNsb3JWSHFEUWtJNWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83YmU2MTQtMWU2ZS00YjQwLWI2ZGMtYTQ5Y2JiODRmOTgy
LzEvRHhlX0pKanphQzF4Zy1SX2RiS0s5QndvRmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYDeMA0G
CSqGSIb3DQEBCwUAA4IBAQAxOHuT+8SjPlu3Kgq7+eEgBqDOGGCLQ9FV5dGQHLB2
c+VEdsA6ijo0gL2Yal7pY7zrmAwORoabJbqB3XW3ikOTJsrBLC1W88HH/BksC4oZ
pYuDV1OB6LCBZBA2WgZ8q1xhS2TDcjg2H0hDnU+2RaXWLPCkVv0dV0Q5cEnZHqOM
tbVhCgLF8svV5HNut978Kkv5HGGv8HKkRxnP8tLNQ86TQNvdoIWpa+0W5NKZZFFS
muCSn5lGk829crL5FwoqLoryfnv7GIAQNURQGMuU7/0DP7ltFw+x4h1mEB6uxy2F
xFmatbeXhljxd7IJxpEAWOU57BhILSL1ejsP5ryTFxtu
-----END CERTIFICATE-----