This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DBm7RiZPu9uJ4qJoyd2UDd6Ko-I.roa
File:                     DBm7RiZPu9uJ4qJoyd2UDd6Ko-I.roa (raw, json)
Hash identifier:          ZiN3VQOZGCdoJ0wiIJXFlAa8uQv6CBIGnRlFx5eobDY=
Subject key identifier:   0C:19:BB:46:26:4F:BB:DB:89:E2:A2:68:C9:DD:94:0D:DE:8A:A3:E2
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC79DC3383694CCAEC37290E803D5F5
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DBm7RiZPu9uJ4qJoyd2UDd6Ko-I.roa
Signing time:             Thu 01 Jan 2026 18:17:41 +0000
ROA not before:           Thu 01 Jan 2026 18:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201211
IP address blocks:        45.147.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:9d:c3:38:36:94:cc:ae:c3:72:90:e8:03:d5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c19bb46264fbbdb89e2a268c9dd940dde8aa3e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:af:ae:24:79:0d:1f:42:95:36:38:16:70:e9:
                    d5:2e:76:65:99:39:83:08:bf:2c:4c:25:06:8c:9d:
                    8d:0c:42:41:a0:b5:d8:6a:d8:0b:22:55:92:aa:9b:
                    08:44:b5:29:89:e9:f8:c5:1a:90:db:75:84:48:15:
                    79:40:08:d1:6f:8f:9c:90:3c:b0:df:bc:70:d9:af:
                    81:cd:85:d2:81:eb:49:18:b2:9b:db:c2:42:59:41:
                    46:12:35:3b:ad:3c:26:bc:bb:16:fd:28:e6:64:f7:
                    9a:47:0e:fc:06:58:f4:8c:c9:ab:3b:86:b8:2b:a7:
                    c8:f4:d8:31:fb:8d:d0:3f:46:87:6e:47:30:db:57:
                    28:94:f5:8d:e5:cb:b5:ff:2b:58:0a:d6:38:50:70:
                    0b:d9:66:21:d5:ff:0d:25:4b:39:69:ee:33:d6:a6:
                    c8:e1:1a:75:a1:35:0c:98:cb:62:d6:7a:63:6a:23:
                    3f:45:72:1f:dc:cf:fa:28:93:e5:17:95:4c:a0:77:
                    7e:0b:bf:60:1d:95:32:ea:a5:8e:73:f9:20:aa:50:
                    d5:06:31:48:5a:5b:32:d6:04:83:e3:a9:80:6d:7b:
                    2b:0d:b2:d2:49:0d:e3:b9:97:6f:36:d9:6b:9b:9b:
                    ab:1c:0c:e2:11:58:8c:71:cd:c9:b4:b6:66:ea:52:
                    85:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:19:BB:46:26:4F:BB:DB:89:E2:A2:68:C9:DD:94:0D:DE:8A:A3:E2
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/DBm7RiZPu9uJ4qJoyd2UDd6Ko-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:76:1f:fd:81:bf:7b:a3:6d:13:72:95:d2:6f:1d:0d:88:2a:
         85:77:97:a7:dc:f9:ed:c0:fe:aa:a5:05:16:fd:c6:94:46:55:
         5a:9c:c8:e4:b9:c8:81:b1:cc:42:17:80:f5:e2:7a:8d:ed:19:
         54:32:cd:8a:ad:12:ea:e7:95:52:e6:b6:3d:9e:74:1f:5f:59:
         58:59:b5:86:97:80:4b:19:9e:c1:15:14:ee:33:84:e4:85:ef:
         05:63:10:77:eb:ee:3d:2a:cd:10:fa:7f:19:13:bc:ab:ed:ec:
         f9:9d:73:73:5f:d1:fd:4a:5d:0f:cc:fd:41:93:61:51:56:bd:
         8b:05:38:4a:90:bb:19:29:d8:67:48:31:48:21:0f:d3:22:b4:
         6f:0d:65:53:99:be:b9:12:cc:7e:ed:f6:ca:52:7f:4b:46:4a:
         31:48:ec:e4:49:89:fa:4c:23:3d:d0:51:89:b2:c9:eb:23:be:
         a1:47:09:2e:39:f3:c2:76:05:ae:1b:de:5e:18:ac:30:b5:70:
         51:6a:ef:93:65:6a:ad:8e:95:0d:0a:d9:7c:e4:74:ee:c4:b1:
         95:17:f9:94:a3:61:94:a0:46:bc:97:2d:cf:dd:89:64:dc:ea:
         20:b2:20:6d:33:24:39:d4:a1:5c:f5:95:b6:41:e9:af:62:c9:
         c9:6d:47:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x53DODaUzK7DcpDoA9X1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzE5YmI0NjI2NGZiYmRiODllMmEyNjhjOWRkOTQwZGRlOGFhM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26+uJHkNH0KVNjgWcOnVLnZlmTmD
CL8sTCUGjJ2NDEJBoLXYatgLIlWSqpsIRLUpien4xRqQ23WESBV5QAjRb4+ckDyw
37xw2a+BzYXSgetJGLKb28JCWUFGEjU7rTwmvLsW/SjmZPeaRw78Blj0jMmrO4a4
K6fI9Ngx+43QP0aHbkcw21colPWN5cu1/ytYCtY4UHAL2WYh1f8NJUs5ae4z1qbI
4Rp1oTUMmMti1npjaiM/RXIf3M/6KJPlF5VMoHd+C79gHZUy6qWOc/kgqlDVBjFI
Wlsy1gSD46mAbXsrDbLSSQ3juZdvNtlrm5urHAziEViMcc3JtLZm6lKFPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwZu0YmT7vbieKiaMndlA3eiqPiMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvREJtN1JpWlB1OXVKNHFKb3lkMlVEZDZLby1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMCMA0G
CSqGSIb3DQEBCwUAA4IBAQCZdh/9gb97o20TcpXSbx0NiCqFd5en3PntwP6qpQUW
/caURlVanMjkuciBscxCF4D14nqN7RlUMs2KrRLq55VS5rY9nnQfX1lYWbWGl4BL
GZ7BFRTuM4Tkhe8FYxB36+49Ks0Q+n8ZE7yr7ez5nXNzX9H9Sl0PzP1Bk2FRVr2L
BThKkLsZKdhnSDFIIQ/TIrRvDWVTmb65Esx+7fbKUn9LRkoxSOzkSYn6TCM90FGJ
ssnrI76hRwkuOfPCdgWuG95eGKwwtXBRau+TZWqtjpUNCtl85HTuxLGVF/mUo2GU
oEa8ly3P3Ylk3OogsiBtMyQ51KFc9ZW2QemvYsnJbUde
-----END CERTIFICATE-----