This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/S4Q6dDZv7ODkY9Hdj6FMXesARjs.roa
File:                     S4Q6dDZv7ODkY9Hdj6FMXesARjs.roa (raw, json)
Hash identifier:          BfnQdIEMTPrwdIfmNAj/Eaatuwz9h9D3qynkoTNAarY=
Subject key identifier:   4B:84:3A:74:36:6F:EC:E0:E4:63:D1:DD:8F:A1:4C:5D:EB:00:46:3B
Certificate issuer:       /CN=9bbae6e3ed766de47aba6693bb5af8a648974310
Certificate serial:       019B7835480A7F259F51857C763103859F18
Authority key identifier: 9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/S4Q6dDZv7ODkY9Hdj6FMXesARjs.roa
Signing time:             Thu 01 Jan 2026 06:18:36 +0000
ROA not before:           Thu 01 Jan 2026 06:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206703
IP address blocks:        45.85.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:48:0a:7f:25:9f:51:85:7c:76:31:03:85:9f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbae6e3ed766de47aba6693bb5af8a648974310
        Validity
            Not Before: Jan  1 06:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b843a74366fece0e463d1dd8fa14c5deb00463b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:97:f0:6a:15:1b:28:90:92:3a:ff:49:35:2e:
                    f3:8d:e3:5b:37:c7:3a:51:a4:40:c6:0e:ee:4e:c7:
                    d2:f7:ff:6a:e4:9b:b8:24:1a:f5:8d:60:e4:04:ef:
                    c5:91:68:05:9f:de:fc:37:7c:54:fe:58:49:41:7c:
                    18:32:98:6e:9f:c3:ac:45:34:d3:51:d4:96:93:3c:
                    92:27:da:45:b0:9c:a7:65:b9:d8:50:61:a1:ca:01:
                    0b:2c:57:1d:b0:bb:a6:74:9f:cb:b1:72:49:d6:6c:
                    e8:59:b1:f5:3c:cd:4e:28:75:d3:45:3a:4f:3c:8b:
                    77:d8:42:7d:76:b1:22:e7:fd:87:62:86:c3:31:b5:
                    55:ef:11:1b:93:68:d0:8c:55:01:7c:6e:df:bd:30:
                    38:28:ae:95:54:60:67:00:6e:80:d9:1c:fc:e5:21:
                    ea:4b:2f:8c:f8:cc:8b:42:12:57:12:ac:51:9d:6f:
                    18:ac:b0:2c:21:9d:ca:41:87:90:0a:dd:d7:bf:87:
                    5e:0c:42:a1:a1:c7:c0:bc:d4:48:a5:c3:e3:d2:23:
                    16:04:c5:3c:63:ab:6e:2f:e7:f0:b3:92:3c:6b:0b:
                    70:93:bd:f7:c9:c4:ff:15:c3:7a:d1:f0:1f:54:ee:
                    e8:87:b4:9f:be:0b:2a:0e:7f:1c:49:c3:c4:05:e1:
                    d6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:84:3A:74:36:6F:EC:E0:E4:63:D1:DD:8F:A1:4C:5D:EB:00:46:3B
            X509v3 Authority Key Identifier:
                keyid:9B:BA:E6:E3:ED:76:6D:E4:7A:BA:66:93:BB:5A:F8:A6:48:97:43:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7rm4-12beR6umaTu1r4pkiXQxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/S4Q6dDZv7ODkY9Hdj6FMXesARjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d3953b-b942-4b75-9c9d-985c64fe27ee/1/m7rm4-12beR6umaTu1r4pkiXQxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:57:7f:08:3e:bf:8a:19:e5:f9:b2:79:d4:c9:df:14:8d:f5:
         1a:d4:d7:bd:15:a5:33:28:d1:c1:79:7e:b0:da:ac:76:59:df:
         4c:c7:48:39:b4:af:8c:02:44:46:fd:35:41:c6:5a:5e:73:10:
         83:1f:31:99:f3:10:0b:2d:47:7c:2b:86:81:ec:2c:19:45:e5:
         c1:cb:1a:07:ca:a5:e3:04:8f:e6:c4:d0:0f:a3:c0:6d:64:65:
         a4:b9:5e:88:05:d6:58:85:4f:fd:09:5f:b6:af:8e:a5:b1:76:
         e3:46:4b:61:8a:7d:ab:1e:12:f8:4e:7d:4a:b4:7f:2e:e4:2f:
         4d:2d:ec:09:be:76:0b:ad:ea:72:de:56:2a:46:c9:6d:35:0e:
         8b:08:ff:eb:96:5f:d4:f8:47:04:00:98:d6:f3:40:41:48:9d:
         92:4d:fb:44:50:d8:9a:a3:8c:11:01:77:b8:cc:b3:c6:ca:08:
         46:b7:ad:c4:56:a2:ac:5f:9c:7a:d5:0e:48:6f:c4:61:8e:af:
         60:a9:1a:e8:08:59:9b:6e:3b:81:02:f3:b5:2d:07:8f:f2:12:
         1f:5e:cb:65:a4:63:28:cd:74:ec:83:3f:07:82:48:48:37:ce:
         ef:de:c5:8f:4f:dc:16:3d:38:d2:05:49:0a:c5:c6:eb:90:36:
         ce:e8:90:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUgKfyWfUYV8djEDhZ8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmFlNmUzZWQ3NjZkZTQ3YWJhNjY5M2JiNWFmOGE2NDg5
NzQzMTAwHhcNMjYwMTAxMDYxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjg0M2E3NDM2NmZlY2UwZTQ2M2QxZGQ4ZmExNGM1ZGViMDA0NjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopfwahUbKJCSOv9JNS7zjeNbN8c6
UaRAxg7uTsfS9/9q5Ju4JBr1jWDkBO/FkWgFn978N3xU/lhJQXwYMphun8OsRTTT
UdSWkzySJ9pFsJynZbnYUGGhygELLFcdsLumdJ/LsXJJ1mzoWbH1PM1OKHXTRTpP
PIt32EJ9drEi5/2HYobDMbVV7xEbk2jQjFUBfG7fvTA4KK6VVGBnAG6A2Rz85SHq
Sy+M+MyLQhJXEqxRnW8YrLAsIZ3KQYeQCt3Xv4deDEKhocfAvNRIpcPj0iMWBMU8
Y6tuL+fws5I8awtwk733ycT/FcN60fAfVO7oh7SfvgsqDn8cScPEBeHWCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuEOnQ2b+zg5GPR3Y+hTF3rAEY7MB8GA1UdIwQY
MBaAFJu65uPtdm3kerpmk7ta+KZIl0MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQt
OTg1YzY0ZmUyN2VlLzEvUzRRNmREWnY3T0RrWTlIZGo2Rk1YZXNBUmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kMzk1M2ItYjk0Mi00Yjc1LTljOWQtOTg1YzY0ZmUyN2Vl
LzEvbTdybTQtMTJiZVI2dW1hVHUxcjRwa2lYUXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVX8MA0G
CSqGSIb3DQEBCwUAA4IBAQCMV38IPr+KGeX5snnUyd8UjfUa1Ne9FaUzKNHBeX6w
2qx2Wd9Mx0g5tK+MAkRG/TVBxlpecxCDHzGZ8xALLUd8K4aB7CwZReXByxoHyqXj
BI/mxNAPo8BtZGWkuV6IBdZYhU/9CV+2r46lsXbjRkthin2rHhL4Tn1KtH8u5C9N
LewJvnYLrepy3lYqRsltNQ6LCP/rll/U+EcEAJjW80BBSJ2STftEUNiao4wRAXe4
zLPGyghGt63EVqKsX5x61Q5Ib8Rhjq9gqRroCFmbbjuBAvO1LQeP8hIfXstlpGMo
zXTsgz8HgkhIN87v3sWPT9wWPTjSBUkKxcbrkDbO6JA+
-----END CERTIFICATE-----