This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NsEsawM0FZt_Y6RkvLGSDWeqq3c.roa
File:                     NsEsawM0FZt_Y6RkvLGSDWeqq3c.roa (raw, json)
Hash identifier:          KCWIzd512cUDcdxEx28u24klpS7YY2od8a7y4CXsTEw=
Subject key identifier:   36:C1:2C:6B:03:34:15:9B:7F:63:A4:64:BC:B1:92:0D:67:AA:AB:77
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC7A3D4B51662EB430433CD0986AF07
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NsEsawM0FZt_Y6RkvLGSDWeqq3c.roa
Signing time:             Thu 01 Jan 2026 18:17:42 +0000
ROA not before:           Thu 01 Jan 2026 18:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214424
IP address blocks:        45.129.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:a3:d4:b5:16:62:eb:43:04:33:cd:09:86:af:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36c12c6b0334159b7f63a464bcb1920d67aaab77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9d:31:bd:a8:b7:2f:b5:cb:d8:f1:29:b5:69:
                    d1:8e:95:d4:97:1a:df:5c:54:dd:fc:d1:38:c1:f4:
                    8b:5e:94:9e:69:e1:81:1f:b5:04:32:9b:a5:63:d7:
                    3f:e5:8a:ce:3e:7e:6e:09:b9:a9:d9:70:86:25:1c:
                    a9:93:25:8d:0a:c9:f5:37:e2:19:00:33:11:07:8a:
                    71:07:c8:b2:22:03:0f:c6:eb:89:c2:9a:40:41:e1:
                    81:c4:12:d8:66:01:4e:c4:94:40:e6:01:0f:d5:f0:
                    f8:d5:89:a9:4c:94:0d:0f:10:b5:26:b9:cd:da:b0:
                    c2:c4:87:d0:dd:ec:d3:72:74:00:a8:63:7f:ad:c2:
                    16:a0:8f:04:76:51:52:24:a5:55:94:f2:4b:44:cf:
                    1d:93:20:85:45:f3:ef:b5:bc:ae:1f:4e:50:dd:81:
                    e2:28:a6:d7:8b:46:50:88:64:24:58:cc:bb:48:39:
                    00:e7:88:31:a0:09:0f:79:2a:25:18:ec:56:4d:05:
                    81:33:ef:16:e3:06:e7:f1:93:7d:35:40:22:95:0d:
                    aa:1a:72:93:2b:81:1b:71:a8:93:d6:6d:81:e4:fb:
                    9a:ff:14:96:1a:f8:40:50:cf:61:4c:13:9d:4d:a6:
                    04:e9:db:68:98:8f:e3:a3:15:23:aa:20:ff:2f:94:
                    b2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:C1:2C:6B:03:34:15:9B:7F:63:A4:64:BC:B1:92:0D:67:AA:AB:77
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/NsEsawM0FZt_Y6RkvLGSDWeqq3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:2e:8b:5d:12:69:a6:21:56:cb:7d:ec:92:2b:10:95:b4:ed:
         fc:c9:3a:2f:49:c4:09:2d:74:4e:d1:1f:5c:79:ea:ed:00:c4:
         ff:e4:79:20:0e:c9:4a:91:9b:2d:03:f0:6b:3c:4e:ab:19:e2:
         5d:61:38:2a:5e:cd:35:a1:ee:45:5c:27:0c:ef:f6:08:6f:24:
         bf:b8:e2:1a:75:b2:84:87:fd:2e:29:59:65:fb:f8:27:ae:77:
         68:d3:3f:ed:44:26:fd:f6:f3:e8:bb:fb:99:da:6c:74:26:2e:
         1b:b5:8f:cd:09:2e:59:b5:de:e7:50:f3:97:89:1d:92:0e:85:
         12:c8:88:06:6e:2a:58:eb:6b:fc:d5:10:3b:60:a4:a0:67:dd:
         d8:65:97:9d:b8:36:a1:a0:9c:90:7d:4b:36:35:57:59:da:c9:
         ca:cf:87:b8:78:12:fe:0d:71:3c:f4:b8:73:3b:ae:3c:3a:7f:
         7c:1f:6b:6a:2e:4c:3b:fb:a3:e8:74:e4:51:2f:3c:90:2e:64:
         cb:7f:a6:e6:e2:57:9d:10:ce:a9:01:5c:07:47:83:b8:48:b6:
         f5:82:70:5d:81:50:3c:89:03:9f:17:04:4b:f0:ab:c1:75:44:
         c6:bb:f7:7c:3c:fe:e4:aa:a6:28:1a:7e:12:9f:83:8d:4f:6a:
         fb:a4:29:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x6PUtRZi60MEM80Jhq8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmMxMmM2YjAzMzQxNTliN2Y2M2E0NjRiY2IxOTIwZDY3YWFhYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3p0xvai3L7XL2PEptWnRjpXUlxrf
XFTd/NE4wfSLXpSeaeGBH7UEMpulY9c/5YrOPn5uCbmp2XCGJRypkyWNCsn1N+IZ
ADMRB4pxB8iyIgMPxuuJwppAQeGBxBLYZgFOxJRA5gEP1fD41YmpTJQNDxC1JrnN
2rDCxIfQ3ezTcnQAqGN/rcIWoI8EdlFSJKVVlPJLRM8dkyCFRfPvtbyuH05Q3YHi
KKbXi0ZQiGQkWMy7SDkA54gxoAkPeSolGOxWTQWBM+8W4wbn8ZN9NUAilQ2qGnKT
K4EbcaiT1m2B5Pua/xSWGvhAUM9hTBOdTaYE6dtomI/joxUjqiD/L5SyEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbBLGsDNBWbf2OkZLyxkg1nqqt3MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvTnNFc2F3TTBGWnRfWTZSa3ZMR1NEV2VxcTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGqMA0G
CSqGSIb3DQEBCwUAA4IBAQBALotdEmmmIVbLfeySKxCVtO38yTovScQJLXRO0R9c
eertAMT/5HkgDslKkZstA/BrPE6rGeJdYTgqXs01oe5FXCcM7/YIbyS/uOIadbKE
h/0uKVll+/gnrndo0z/tRCb99vPou/uZ2mx0Ji4btY/NCS5Ztd7nUPOXiR2SDoUS
yIgGbipY62v81RA7YKSgZ93YZZeduDahoJyQfUs2NVdZ2snKz4e4eBL+DXE89Lhz
O648On98H2tqLkw7+6PodORRLzyQLmTLf6bm4ledEM6pAVwHR4O4SLb1gnBdgVA8
iQOfFwRL8KvBdUTGu/d8PP7kqqYoGn4Sn4ONT2r7pCmc
-----END CERTIFICATE-----