This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/UEd4i0yJoTMMf_ouShVkmXg-2aA.roa
File:                     UEd4i0yJoTMMf_ouShVkmXg-2aA.roa (raw, json)
Hash identifier:          4zGbYGb6JFtW5tegW+z/MuiLQzGa6F+tvz4cx0GU1lo=
Subject key identifier:   50:47:78:8B:4C:89:A1:33:0C:7F:FA:2E:4A:15:64:99:78:3E:D9:A0
Certificate issuer:       /CN=2a7148c461f5e77e107af73566a27e343561dc1d
Certificate serial:       019B7C80D3527E08BB9578BB86EFFA0DDD81
Authority key identifier: 2A:71:48:C4:61:F5:E7:7E:10:7A:F7:35:66:A2:7E:34:35:61:DC:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/UEd4i0yJoTMMf_ouShVkmXg-2aA.roa
Signing time:             Fri 02 Jan 2026 02:19:36 +0000
ROA not before:           Fri 02 Jan 2026 02:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        45.156.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 20:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:d3:52:7e:08:bb:95:78:bb:86:ef:fa:0d:dd:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a7148c461f5e77e107af73566a27e343561dc1d
        Validity
            Not Before: Jan  2 02:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5047788b4c89a1330c7ffa2e4a156499783ed9a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:47:0d:65:21:62:be:37:4f:1b:3b:34:0e:8e:
                    62:dc:e3:a9:42:35:bc:2b:11:35:66:ad:ac:74:70:
                    7f:e3:29:c6:8e:5c:94:b0:37:ae:b1:b2:97:20:d3:
                    b1:e5:7a:5a:5c:aa:b1:f7:1a:66:dc:b9:b4:82:7b:
                    be:ca:e9:8d:17:30:67:2c:e2:ed:b3:84:d2:9a:65:
                    a8:be:21:32:e6:b9:1b:55:17:a6:9c:06:27:13:e6:
                    13:7d:8f:7d:a0:53:c4:6a:af:d5:50:b7:e6:de:f0:
                    a9:d6:c2:8d:0d:49:4d:70:6b:f7:7c:5e:58:4b:f0:
                    c8:9f:4f:12:7b:f1:4c:59:a2:56:27:17:ca:8a:84:
                    e9:64:34:c6:24:cb:fa:45:ab:3a:d7:17:38:7d:a9:
                    ab:88:20:78:49:1d:84:a8:50:b9:1f:7a:1c:b1:31:
                    0b:b9:12:0a:e4:e9:1f:50:0b:7a:74:56:e6:a1:c0:
                    f8:17:30:f7:c1:a8:58:77:14:44:20:06:b1:9f:a8:
                    70:48:db:29:26:07:70:77:11:ea:09:4d:b6:c0:a5:
                    6d:a9:dd:97:e6:b5:ce:0a:bd:ed:af:65:63:8c:dc:
                    d9:0a:60:84:8c:79:9c:56:13:98:cc:e6:ef:65:e3:
                    24:16:5f:04:01:a5:42:93:05:16:aa:07:bf:1a:3a:
                    2b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:47:78:8B:4C:89:A1:33:0C:7F:FA:2E:4A:15:64:99:78:3E:D9:A0
            X509v3 Authority Key Identifier:
                keyid:2A:71:48:C4:61:F5:E7:7E:10:7A:F7:35:66:A2:7E:34:35:61:DC:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KnFIxGH1534Qevc1ZqJ-NDVh3B0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/UEd4i0yJoTMMf_ouShVkmXg-2aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9afaf5-e696-483e-8365-34efd5b9e9cd/1/KnFIxGH1534Qevc1ZqJ-NDVh3B0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ff:c2:b8:86:b3:9f:87:59:7e:6c:b0:99:3a:58:ac:e4:b9:
         51:59:50:d3:d0:84:0b:05:17:d1:d6:40:84:72:ac:f7:70:55:
         33:63:9c:09:76:bc:81:f1:87:b2:8b:d6:06:ea:d6:87:17:2a:
         72:d7:15:df:42:2a:c4:d8:7a:ef:d8:bf:d6:96:3b:fd:2a:65:
         e1:9c:80:4b:c0:53:96:3d:9a:fa:cd:1e:e1:54:23:df:93:a9:
         bc:9d:f0:57:ba:6e:8d:60:3c:e6:cd:3e:70:b5:6c:8a:35:bd:
         e6:19:fe:44:88:14:3e:89:22:0b:9b:cb:dd:19:74:6c:b5:66:
         6b:f3:d6:3f:1c:ca:94:ea:0d:83:60:9d:4f:67:20:c2:53:7f:
         5f:b1:eb:30:75:77:37:cc:1b:a3:cf:6c:98:e1:2f:63:d9:85:
         0c:de:bb:28:37:80:d2:00:a8:7e:48:62:c3:01:8e:a8:1f:8b:
         af:f8:3c:33:80:25:e4:6e:11:d2:b0:a6:46:3d:48:34:0c:60:
         44:0b:ae:d9:ac:d4:a5:14:42:6d:ee:3a:de:f7:a0:0a:6e:eb:
         c4:32:58:97:b5:14:4a:68:24:81:be:8d:ff:8d:44:5f:24:67:
         b8:fc:39:b3:3c:7c:d4:3b:ba:24:a4:d2:fc:13:09:09:5a:6a:
         15:1f:1b:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gNNSfgi7lXi7hu/6Dd2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNzE0OGM0NjFmNWU3N2UxMDdhZjczNTY2YTI3ZTM0MzU2
MWRjMWQwHhcNMjYwMTAyMDIxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQ3Nzg4YjRjODlhMTMzMGM3ZmZhMmU0YTE1NjQ5OTc4M2VkOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0cNZSFivjdPGzs0Do5i3OOpQjW8
KxE1Zq2sdHB/4ynGjlyUsDeusbKXINOx5XpaXKqx9xpm3Lm0gnu+yumNFzBnLOLt
s4TSmmWoviEy5rkbVRemnAYnE+YTfY99oFPEaq/VULfm3vCp1sKNDUlNcGv3fF5Y
S/DIn08Se/FMWaJWJxfKioTpZDTGJMv6Ras61xc4famriCB4SR2EqFC5H3ocsTEL
uRIK5OkfUAt6dFbmocD4FzD3wahYdxREIAaxn6hwSNspJgdwdxHqCU22wKVtqd2X
5rXOCr3tr2VjjNzZCmCEjHmcVhOYzObvZeMkFl8EAaVCkwUWqge/GjorKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBHeItMiaEzDH/6LkoVZJl4PtmgMB8GA1UdIwQY
MBaAFCpxSMRh9ed+EHr3NWaifjQ1YdwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS25GSXhHSDE1MzRRZXZjMVpxSi1ORFZoM0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85YWZhZjUtZTY5Ni00ODNlLTgzNjUt
MzRlZmQ1YjllOWNkLzEvVUVkNGkweUpvVE1NZl9vdVNoVmttWGctMmFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85YWZhZjUtZTY5Ni00ODNlLTgzNjUtMzRlZmQ1YjllOWNk
LzEvS25GSXhHSDE1MzRRZXZjMVpxSi1ORFZoM0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZx/MA0G
CSqGSIb3DQEBCwUAA4IBAQBX/8K4hrOfh1l+bLCZOlis5LlRWVDT0IQLBRfR1kCE
cqz3cFUzY5wJdryB8Yeyi9YG6taHFypy1xXfQirE2Hrv2L/Wljv9KmXhnIBLwFOW
PZr6zR7hVCPfk6m8nfBXum6NYDzmzT5wtWyKNb3mGf5EiBQ+iSILm8vdGXRstWZr
89Y/HMqU6g2DYJ1PZyDCU39fseswdXc3zBujz2yY4S9j2YUM3rsoN4DSAKh+SGLD
AY6oH4uv+DwzgCXkbhHSsKZGPUg0DGBEC67ZrNSlFEJt7jre96AKbuvEMliXtRRK
aCSBvo3/jURfJGe4/DmzPHzUO7okpNL8EwkJWmoVHxui
-----END CERTIFICATE-----