This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/IPuHLZBymKRXYx-YnfPe_MhR0yA.roa
File:                     IPuHLZBymKRXYx-YnfPe_MhR0yA.roa (raw, json)
Hash identifier:          yDZxC0qnt1slcECmxYfcCYbXQ2iv0xHTebHw2m4awwA=
Subject key identifier:   20:FB:87:2D:90:72:98:A4:57:63:1F:98:9D:F3:DE:FC:C8:51:D3:20
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019B78352239238C3E92879C9FBEB95861B8
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/IPuHLZBymKRXYx-YnfPe_MhR0yA.roa
Signing time:             Thu 01 Jan 2026 06:18:26 +0000
ROA not before:           Thu 01 Jan 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198100
IP address blocks:        45.145.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:22:39:23:8c:3e:92:87:9c:9f:be:b9:58:61:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  1 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20fb872d907298a457631f989df3defcc851d320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7b:7b:bb:ae:3a:4e:d8:08:26:3c:f4:93:0e:
                    9d:2d:63:57:40:c8:3d:bd:21:92:e6:41:96:c4:7c:
                    e5:50:a2:8e:d3:a6:90:f8:97:91:4e:1d:b6:dd:d2:
                    0f:58:90:88:89:7d:ab:45:2b:88:9b:44:41:a5:f1:
                    b0:92:43:13:7e:d6:0b:d0:90:1e:0f:e2:8b:ac:72:
                    d6:01:8a:67:81:0a:9a:ac:db:01:51:81:16:80:7f:
                    c3:2d:7c:cd:76:70:2f:89:f4:c0:e9:41:18:5c:c9:
                    9c:e6:26:52:00:af:aa:a2:36:ae:a2:81:47:d8:93:
                    43:a4:cb:37:a8:d9:7a:78:27:ff:20:c7:db:c1:98:
                    b2:0b:29:c0:72:86:0b:05:c2:0c:1d:af:36:f3:3f:
                    ef:c7:3f:39:58:66:f3:76:a8:f1:41:fa:e7:40:ec:
                    7b:eb:f3:a5:e3:d4:5d:d3:9f:c3:d9:e5:d4:5a:00:
                    9a:0c:82:97:4e:90:6e:d0:d1:c6:dc:74:54:9e:57:
                    ef:d2:27:e5:72:ff:88:57:5d:b5:c2:26:8d:54:66:
                    4d:6d:85:0a:be:50:05:6b:7f:f7:5f:dc:15:fc:4b:
                    79:d7:10:7b:61:1b:6c:98:8d:a3:e1:b7:3d:ac:e2:
                    06:b9:4e:81:4f:57:ce:96:d8:dc:80:ed:48:9a:77:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FB:87:2D:90:72:98:A4:57:63:1F:98:9D:F3:DE:FC:C8:51:D3:20
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/IPuHLZBymKRXYx-YnfPe_MhR0yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:22:f2:ca:ff:dc:2d:48:8a:2c:03:0e:a2:0e:1f:23:01:b3:
         cc:ea:d8:85:c0:1e:00:d2:fe:85:ef:c2:0b:4f:51:d0:53:4a:
         da:57:64:2c:dd:58:3a:37:21:82:5b:de:ef:2d:c1:02:0d:22:
         3e:aa:1f:e6:7b:c9:42:66:66:35:b4:c7:69:99:2e:c7:d5:92:
         1e:8c:62:aa:8a:7a:ec:49:ab:a0:58:53:53:e6:3c:81:d8:b6:
         4b:0a:e0:b6:96:37:30:3f:b6:4f:5a:d3:4e:48:a0:1f:0a:bb:
         22:2d:69:f2:9e:73:d3:a8:53:17:74:bb:9d:df:3b:f7:f8:73:
         4d:8a:c3:40:02:a8:24:90:45:d9:70:3a:72:d7:4c:81:75:5f:
         ca:56:20:af:3f:fb:7b:f3:da:35:95:56:a0:ec:9d:7e:f1:4b:
         76:c9:d4:e0:b2:47:e1:3f:ff:3f:e3:5b:a6:24:43:f8:9f:5a:
         21:9b:43:65:dc:fb:1e:a8:f4:6f:d7:09:51:87:17:b1:47:04:
         00:da:aa:c2:2a:b4:57:20:c7:31:f3:05:de:9f:47:61:c5:44:
         df:eb:62:e3:a4:56:f3:24:f1:7e:2a:b2:a8:7a:c2:a8:45:e4:
         02:de:a8:2e:3b:1e:ce:ab:70:6e:bc:bb:8e:9d:b9:4a:86:94:
         b6:64:01:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NSI5I4w+koecn765WGG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwMTAxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZiODcyZDkwNzI5OGE0NTc2MzFmOTg5ZGYzZGVmY2M4NTFkMzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXt7u646TtgIJjz0kw6dLWNXQMg9
vSGS5kGWxHzlUKKO06aQ+JeRTh223dIPWJCIiX2rRSuIm0RBpfGwkkMTftYL0JAe
D+KLrHLWAYpngQqarNsBUYEWgH/DLXzNdnAvifTA6UEYXMmc5iZSAK+qojauooFH
2JNDpMs3qNl6eCf/IMfbwZiyCynAcoYLBcIMHa828z/vxz85WGbzdqjxQfrnQOx7
6/Ol49Rd05/D2eXUWgCaDIKXTpBu0NHG3HRUnlfv0iflcv+IV121wiaNVGZNbYUK
vlAFa3/3X9wV/Et51xB7YRtsmI2j4bc9rOIGuU6BT1fOltjcgO1Imncg5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD7hy2QcpikV2MfmJ3z3vzIUdMgMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvSVB1SExaQnltS1JYWXgtWW5mUGVfTWhSMHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGaMA0G
CSqGSIb3DQEBCwUAA4IBAQBxIvLK/9wtSIosAw6iDh8jAbPM6tiFwB4A0v6F78IL
T1HQU0raV2Qs3Vg6NyGCW97vLcECDSI+qh/me8lCZmY1tMdpmS7H1ZIejGKqinrs
SaugWFNT5jyB2LZLCuC2ljcwP7ZPWtNOSKAfCrsiLWnynnPTqFMXdLud3zv3+HNN
isNAAqgkkEXZcDpy10yBdV/KViCvP/t789o1lVag7J1+8Ut2ydTgskfhP/8/41um
JEP4n1ohm0Nl3PseqPRv1wlRhxexRwQA2qrCKrRXIMcx8wXen0dhxUTf62LjpFbz
JPF+KrKoesKoReQC3qguOx7Oq3BuvLuOnblKhpS2ZAGp
-----END CERTIFICATE-----