This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/x2MM1e6RzNZDA4hLyDx2reSAtec.roa
File:                     x2MM1e6RzNZDA4hLyDx2reSAtec.roa (raw, json)
Hash identifier:          LoKZDS1lTFaAe/itPWyVaeaD97C4a8VpDh8K0DR+aq0=
Subject key identifier:   C7:63:0C:D5:EE:91:CC:D6:43:03:88:4B:C8:3C:76:AD:E4:80:B5:E7
Certificate issuer:       /CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
Certificate serial:       019B7C126582F778F0C779B61B717E0F1E25
Authority key identifier: 99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/x2MM1e6RzNZDA4hLyDx2reSAtec.roa
Signing time:             Fri 02 Jan 2026 00:18:58 +0000
ROA not before:           Fri 02 Jan 2026 00:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209325
IP address blocks:        45.66.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:65:82:f7:78:f0:c7:79:b6:1b:71:7e:0f:1e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
        Validity
            Not Before: Jan  2 00:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7630cd5ee91ccd64303884bc83c76ade480b5e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:17:43:09:d8:87:0f:88:4a:df:19:96:03:4f:
                    a1:f9:f5:52:c5:71:d1:8b:f2:a4:de:c8:ea:8d:e8:
                    54:b8:14:45:4f:04:7c:a3:c0:86:8e:c1:67:48:5f:
                    ba:93:11:8d:a7:08:14:cf:a2:40:98:5c:9e:a8:01:
                    90:93:56:f1:c2:87:91:1b:83:f8:2c:e0:99:ae:d6:
                    72:82:ea:97:75:24:0f:36:fd:a3:0c:c5:b1:55:e1:
                    40:36:22:c8:ef:92:a5:c7:1a:25:60:49:d8:4d:90:
                    d7:ec:49:4c:50:13:0c:af:99:28:d8:2f:e4:b9:75:
                    aa:d0:58:86:0d:40:1f:80:f9:a5:e2:b0:29:9c:b4:
                    e2:4c:e8:7d:3d:6f:43:79:36:d2:7e:83:29:91:17:
                    84:f3:4a:35:11:4d:6b:14:8b:f6:45:78:cc:cd:af:
                    26:ac:b8:86:d3:59:24:23:0e:1b:17:2a:d9:05:f8:
                    57:cd:a5:4f:94:18:d9:c6:4d:6b:65:00:fe:0f:65:
                    8f:03:fe:72:20:1d:de:58:77:af:dc:ef:68:25:31:
                    f6:46:68:a5:5a:85:f7:3a:25:a6:b9:f1:85:07:65:
                    f8:57:59:db:0d:bc:bb:14:5d:0f:bb:a6:ca:b0:31:
                    b2:9d:ad:28:58:d6:7b:f2:ee:e2:ab:18:71:7c:94:
                    cc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:63:0C:D5:EE:91:CC:D6:43:03:88:4B:C8:3C:76:AD:E4:80:B5:E7
            X509v3 Authority Key Identifier:
                keyid:99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/x2MM1e6RzNZDA4hLyDx2reSAtec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:cc:1a:e1:9c:2a:8c:b0:b1:50:08:42:31:24:8a:86:84:48:
         db:b1:28:e1:5e:ec:fb:10:9a:16:cd:9b:0e:aa:06:ea:f0:c0:
         11:13:36:19:24:80:52:bd:84:76:ba:ec:40:57:d1:43:13:14:
         ba:b7:7a:ce:94:e9:3b:96:0e:cc:9e:ef:11:49:33:5c:21:2e:
         94:08:e9:3b:c7:bf:9a:96:61:d9:5b:03:d9:d3:6a:ee:ea:a2:
         45:c1:0f:a9:7b:4d:b7:5a:f5:b9:c3:2b:ff:4a:af:ba:23:d5:
         bb:76:44:f2:92:c5:58:aa:19:62:84:1c:bb:8c:6a:ce:3f:8b:
         d4:ab:e3:0f:08:8e:20:72:14:02:c2:f7:12:dc:ac:b5:fd:0f:
         41:7b:ba:86:b1:9a:e8:27:4a:09:70:14:2e:cf:0d:07:79:31:
         d6:65:41:33:78:c2:fd:a6:da:a8:8d:cb:13:49:8e:32:25:e4:
         ac:63:72:e8:37:c2:03:9d:0f:9d:ce:9b:1f:f8:9d:dd:a1:6e:
         16:2a:c9:0f:b5:b4:8a:68:6c:a7:b0:2c:e8:48:0d:81:bb:7f:
         5e:7f:be:5d:5d:6f:c8:01:06:43:7e:5d:9f:a3:31:0a:71:82:
         e0:57:25:4c:a0:61:08:0e:53:26:67:da:5b:37:0f:ac:43:cc:
         c2:4a:1b:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EmWC93jwx3m2G3F+Dx4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZjBiMmM4ZDdiM2NhMTNjNTljNTMzNzJmMjVlMjAyYzg1
YWFkYzUwHhcNMjYwMTAyMDAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzYzMGNkNWVlOTFjY2Q2NDMwMzg4NGJjODNjNzZhZGU0ODBiNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphdDCdiHD4hK3xmWA0+h+fVSxXHR
i/Kk3sjqjehUuBRFTwR8o8CGjsFnSF+6kxGNpwgUz6JAmFyeqAGQk1bxwoeRG4P4
LOCZrtZyguqXdSQPNv2jDMWxVeFANiLI75KlxxolYEnYTZDX7ElMUBMMr5ko2C/k
uXWq0FiGDUAfgPml4rApnLTiTOh9PW9DeTbSfoMpkReE80o1EU1rFIv2RXjMza8m
rLiG01kkIw4bFyrZBfhXzaVPlBjZxk1rZQD+D2WPA/5yIB3eWHev3O9oJTH2Rmil
WoX3OiWmufGFB2X4V1nbDby7FF0Pu6bKsDGyna0oWNZ78u7iqxhxfJTMlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdjDNXukczWQwOIS8g8dq3kgLXnMB8GA1UdIwQY
MBaAFJnwssjXs8oTxZxTNy8l4gLIWq3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYt
MTk0ZTBjNjUxZDczLzEveDJNTTFlNlJ6TlpEQTRoTHlEeDJyZVNBdGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYtMTk0ZTBjNjUxZDcz
LzEvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLULAMA0G
CSqGSIb3DQEBCwUAA4IBAQBKzBrhnCqMsLFQCEIxJIqGhEjbsSjhXuz7EJoWzZsO
qgbq8MAREzYZJIBSvYR2uuxAV9FDExS6t3rOlOk7lg7Mnu8RSTNcIS6UCOk7x7+a
lmHZWwPZ02ru6qJFwQ+pe023WvW5wyv/Sq+6I9W7dkTyksVYqhlihBy7jGrOP4vU
q+MPCI4gchQCwvcS3Ky1/Q9Be7qGsZroJ0oJcBQuzw0HeTHWZUEzeML9ptqojcsT
SY4yJeSsY3LoN8IDnQ+dzpsf+J3doW4WKskPtbSKaGynsCzoSA2Bu39ef75dXW/I
AQZDfl2fozEKcYLgVyVMoGEIDlMmZ9pbNw+sQ8zCShs0
-----END CERTIFICATE-----