This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/sr2F0zsExdSQr-zgnrk17i9FhUg.roa
File:                     sr2F0zsExdSQr-zgnrk17i9FhUg.roa (raw, json)
Hash identifier:          hKUfnAYzGISD3itupUfCkChJsvs636FejLl9Oqr8aQA=
Subject key identifier:   B2:BD:85:D3:3B:04:C5:D4:90:AF:EC:E0:9E:B9:35:EE:2F:45:85:48
Certificate issuer:       /CN=ca51789a23135ac2268c22a285600a5f9b053770
Certificate serial:       019B7A5AF01BA4871045A615DCC91AD346F8
Authority key identifier: CA:51:78:9A:23:13:5A:C2:26:8C:22:A2:85:60:0A:5F:9B:05:37:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/sr2F0zsExdSQr-zgnrk17i9FhUg.roa
Signing time:             Thu 01 Jan 2026 16:18:58 +0000
ROA not before:           Thu 01 Jan 2026 16:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        45.129.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f0:1b:a4:87:10:45:a6:15:dc:c9:1a:d3:46:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca51789a23135ac2268c22a285600a5f9b053770
        Validity
            Not Before: Jan  1 16:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2bd85d33b04c5d490afece09eb935ee2f458548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1b:44:0c:e5:9c:25:ff:90:b5:68:2f:ac:a8:
                    86:00:61:ae:6c:f5:25:cb:c7:93:e4:9f:e6:57:ac:
                    1f:fc:1b:a4:11:ca:de:0c:4c:04:59:d9:46:ad:fa:
                    96:68:00:68:bc:7e:ad:81:68:fc:ce:eb:0c:53:ff:
                    fc:84:bf:7d:ca:73:33:2a:77:bb:72:34:db:02:c8:
                    51:42:a6:ea:19:34:18:34:c9:db:eb:dd:3a:76:bd:
                    47:c1:c5:b3:52:f6:bc:4b:25:12:23:ba:d3:80:a5:
                    16:11:2d:0f:13:3e:61:1b:15:27:73:b1:dc:b5:00:
                    0c:f8:3f:a1:0d:41:1f:9d:a8:f2:ea:e9:7a:88:9c:
                    6d:43:c0:34:2e:e7:be:a5:13:50:75:ae:c6:e7:b9:
                    ee:c9:7a:64:b7:24:48:7d:db:95:3d:c1:4e:7a:c4:
                    82:3b:e2:76:d0:5c:f5:30:e9:fc:a4:4b:d3:94:ae:
                    2d:f9:38:28:c9:df:3d:4d:fa:ed:84:f4:df:7c:b4:
                    ce:fb:7e:76:93:d8:3c:e4:cd:b8:5a:4a:06:55:bb:
                    5a:1d:dd:52:6d:35:0f:88:94:7e:2c:a2:d4:92:af:
                    67:d9:8c:ae:f7:41:fb:cb:ef:76:da:f3:8c:2d:fa:
                    37:45:87:15:43:2f:d1:0f:2a:45:ca:d7:79:83:e5:
                    04:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:BD:85:D3:3B:04:C5:D4:90:AF:EC:E0:9E:B9:35:EE:2F:45:85:48
            X509v3 Authority Key Identifier:
                keyid:CA:51:78:9A:23:13:5A:C2:26:8C:22:A2:85:60:0A:5F:9B:05:37:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ylF4miMTWsImjCKihWAKX5sFN3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/sr2F0zsExdSQr-zgnrk17i9FhUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b4bf60-d593-40d2-9783-1e19168f5d73/1/ylF4miMTWsImjCKihWAKX5sFN3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:2c:48:7f:1c:85:03:28:91:b9:74:60:37:a3:79:97:1c:f1:
         62:3c:89:53:dd:0d:ec:52:24:40:e4:b6:1c:17:b6:00:69:49:
         35:e5:25:45:8d:75:d3:12:e8:48:a9:0f:3d:5b:97:f3:c7:5c:
         bd:da:38:05:8a:5c:71:ee:54:23:a5:4d:0e:26:3d:ab:18:12:
         28:4a:10:c6:6d:91:f5:e5:9a:aa:03:38:1a:2c:23:8f:48:ba:
         89:a0:79:54:aa:83:12:28:a2:c4:0d:db:46:6c:16:ec:9f:a4:
         fe:1a:30:c7:82:ba:a3:ca:75:0f:59:6a:8a:c0:da:70:a7:89:
         4a:ef:fb:91:97:3d:83:f3:73:b3:8e:82:04:26:b1:22:01:db:
         69:ee:72:04:0b:b5:83:fe:66:23:58:db:91:b0:6e:79:d3:52:
         89:8f:7b:2d:a3:96:98:cd:af:8b:ab:0a:d9:97:9a:af:2b:72:
         1e:50:f1:5d:2c:f3:c3:ac:d6:3c:ed:dd:3f:cc:a4:98:1a:5f:
         ea:cd:57:3a:0b:f8:2a:8e:8b:fa:41:0b:a3:50:98:8e:6d:61:
         12:ce:3f:95:7b:cf:f7:cc:1f:a7:b6:4a:de:c5:65:1b:da:46:
         6d:f0:8d:1e:bf:d4:4c:ec:3e:ca:99:06:bc:16:8b:f3:f2:c2:
         99:d7:d8:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WvAbpIcQRaYV3Mka00b4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNTE3ODlhMjMxMzVhYzIyNjhjMjJhMjg1NjAwYTVmOWIw
NTM3NzAwHhcNMjYwMTAxMTYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmJkODVkMzNiMDRjNWQ0OTBhZmVjZTA5ZWI5MzVlZTJmNDU4NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhtEDOWcJf+QtWgvrKiGAGGubPUl
y8eT5J/mV6wf/BukEcreDEwEWdlGrfqWaABovH6tgWj8zusMU//8hL99ynMzKne7
cjTbAshRQqbqGTQYNMnb6906dr1HwcWzUva8SyUSI7rTgKUWES0PEz5hGxUnc7Hc
tQAM+D+hDUEfnajy6ul6iJxtQ8A0Lue+pRNQda7G57nuyXpktyRIfduVPcFOesSC
O+J20Fz1MOn8pEvTlK4t+Tgoyd89TfrthPTffLTO+352k9g85M24WkoGVbtaHd1S
bTUPiJR+LKLUkq9n2Yyu90H7y+922vOMLfo3RYcVQy/RDypFytd5g+UE/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLK9hdM7BMXUkK/s4J65Ne4vRYVIMB8GA1UdIwQY
MBaAFMpReJojE1rCJowiooVgCl+bBTdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxGNG1pTVRXc0ltakNLaWhXQUtYNXNGTjNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iNGJmNjAtZDU5My00MGQyLTk3ODMt
MWUxOTE2OGY1ZDczLzEvc3IyRjB6c0V4ZFNRci16Z25yazE3aTlGaFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iNGJmNjAtZDU5My00MGQyLTk3ODMtMWUxOTE2OGY1ZDcz
LzEveWxGNG1pTVRXc0ltakNLaWhXQUtYNXNGTjNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFFMA0G
CSqGSIb3DQEBCwUAA4IBAQCSLEh/HIUDKJG5dGA3o3mXHPFiPIlT3Q3sUiRA5LYc
F7YAaUk15SVFjXXTEuhIqQ89W5fzx1y92jgFilxx7lQjpU0OJj2rGBIoShDGbZH1
5ZqqAzgaLCOPSLqJoHlUqoMSKKLEDdtGbBbsn6T+GjDHgrqjynUPWWqKwNpwp4lK
7/uRlz2D83OzjoIEJrEiAdtp7nIEC7WD/mYjWNuRsG5501KJj3sto5aYza+LqwrZ
l5qvK3IeUPFdLPPDrNY87d0/zKSYGl/qzVc6C/gqjov6QQujUJiObWESzj+Ve8/3
zB+ntkrexWUb2kZt8I0ev9RM7D7KmQa8Fovz8sKZ19gA
-----END CERTIFICATE-----