This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/0T1AgadQnTT1ndiweRyvS_vkm-A.roa
File:                     0T1AgadQnTT1ndiweRyvS_vkm-A.roa (raw, json)
Hash identifier:          /3Ju2hidnDzh8I33GDIaLYQdRHbtjqqOqVBYvQZmXDw=
Subject key identifier:   D1:3D:40:81:A7:50:9D:34:F5:9D:D8:B0:79:1C:AF:4B:FB:E4:9B:E0
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019B77C680402D4FF4971A60A3CA0A1C10AC
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/0T1AgadQnTT1ndiweRyvS_vkm-A.roa
Signing time:             Thu 01 Jan 2026 04:17:36 +0000
ROA not before:           Thu 01 Jan 2026 04:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401838
IP address blocks:        185.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:80:40:2d:4f:f4:97:1a:60:a3:ca:0a:1c:10:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 04:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d13d4081a7509d34f59dd8b0791caf4bfbe49be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:93:13:f3:86:47:ba:45:52:ca:ac:a5:75:20:
                    89:21:8a:eb:26:b6:7b:73:17:d5:d5:8b:3c:63:e1:
                    b4:5d:90:60:8a:94:4c:7d:22:c8:a4:2b:4b:e4:f4:
                    47:ca:0d:3b:7f:72:69:58:55:cf:07:17:2d:12:22:
                    39:48:ce:2c:31:e0:a9:ae:93:38:f6:88:51:3a:24:
                    75:8d:a3:0c:23:2c:a1:c4:69:a4:07:69:74:23:2f:
                    03:22:53:c8:53:5d:c9:22:c3:f4:0d:b8:d1:99:6b:
                    3a:d4:ab:bd:16:ef:88:0f:39:85:64:f6:e8:b6:47:
                    00:8f:98:d4:38:44:7d:9a:19:23:d8:ac:76:73:55:
                    3a:53:aa:39:88:9c:12:74:82:ff:e7:b0:bf:e5:be:
                    51:56:ef:5c:d2:9e:18:f5:5c:43:c0:c9:2c:8c:86:
                    84:89:ba:db:82:49:48:be:d9:b8:8b:a7:84:29:85:
                    09:78:2c:74:e3:e3:9f:db:df:9f:5f:08:5d:05:bb:
                    63:5f:e3:78:a9:0c:cc:ee:fa:4e:01:2f:4e:1c:87:
                    f9:c6:6f:b7:b5:2b:b4:1f:59:93:84:d6:36:8a:34:
                    b0:25:30:3d:2b:b7:e7:ea:f9:c3:f1:6c:31:d0:cd:
                    83:d3:c7:00:89:72:9f:d4:5a:b8:c4:42:9d:71:ec:
                    f7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3D:40:81:A7:50:9D:34:F5:9D:D8:B0:79:1C:AF:4B:FB:E4:9B:E0
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/0T1AgadQnTT1ndiweRyvS_vkm-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d5:d2:bd:d3:25:fd:c8:78:cd:89:6e:8e:03:4b:15:09:a1:
         72:3d:b1:29:a3:43:de:1c:46:5a:3b:6c:d5:35:83:09:fa:95:
         da:76:cc:25:17:dd:63:6a:25:59:e2:50:e9:f8:eb:3c:a2:cb:
         5f:c6:29:57:77:35:e9:9f:59:51:26:51:a3:75:4e:21:49:3e:
         de:96:47:b7:cf:60:e1:3f:b8:ee:47:a2:7d:65:93:da:11:1c:
         fc:c8:02:7f:86:66:18:65:4f:01:77:c3:83:91:98:d0:a0:81:
         f1:79:0b:d1:e3:c5:d4:8e:e3:65:13:ce:ad:81:76:cf:c4:7f:
         21:45:e6:b1:e2:48:a8:8a:bb:55:78:80:3a:2c:50:93:f5:b1:
         37:b6:4d:eb:70:e6:e7:ed:c5:fb:d2:12:68:fa:1f:94:2c:96:
         cf:01:28:ac:56:a1:6c:c2:52:37:1d:e0:2f:e8:25:64:77:03:
         07:1b:32:d9:6d:84:5b:b5:29:f3:17:38:15:49:21:a3:14:77:
         8a:10:0b:93:13:f1:4a:88:7f:d9:b5:af:a1:05:a5:de:cd:ac:
         8f:63:8f:93:07:00:1c:95:4d:d0:0a:98:93:44:bf:ea:f4:90:
         87:bd:1a:0f:bc:dd:d0:5f:bc:a5:62:51:da:e1:40:8b:0c:ef:
         7b:9d:19:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xoBALU/0lxpgo8oKHBCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwMTAxMDQxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNkNDA4MWE3NTA5ZDM0ZjU5ZGQ4YjA3OTFjYWY0YmZiZTQ5YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpMT84ZHukVSyqyldSCJIYrrJrZ7
cxfV1Ys8Y+G0XZBgipRMfSLIpCtL5PRHyg07f3JpWFXPBxctEiI5SM4sMeCprpM4
9ohROiR1jaMMIyyhxGmkB2l0Iy8DIlPIU13JIsP0DbjRmWs61Ku9Fu+IDzmFZPbo
tkcAj5jUOER9mhkj2Kx2c1U6U6o5iJwSdIL/57C/5b5RVu9c0p4Y9VxDwMksjIaE
ibrbgklIvtm4i6eEKYUJeCx04+Of29+fXwhdBbtjX+N4qQzM7vpOAS9OHIf5xm+3
tSu0H1mThNY2ijSwJTA9K7fn6vnD8Wwx0M2D08cAiXKf1Fq4xEKdcez3PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNE9QIGnUJ009Z3YsHkcr0v75JvgMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvMFQxQWdhZFFuVFQxbmRpd2VSeXZTX3ZrbS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZE0MA0G
CSqGSIb3DQEBCwUAA4IBAQBC1dK90yX9yHjNiW6OA0sVCaFyPbEpo0PeHEZaO2zV
NYMJ+pXadswlF91jaiVZ4lDp+Os8ostfxilXdzXpn1lRJlGjdU4hST7elke3z2Dh
P7juR6J9ZZPaERz8yAJ/hmYYZU8Bd8ODkZjQoIHxeQvR48XUjuNlE86tgXbPxH8h
Reax4kioirtVeIA6LFCT9bE3tk3rcObn7cX70hJo+h+ULJbPASisVqFswlI3HeAv
6CVkdwMHGzLZbYRbtSnzFzgVSSGjFHeKEAuTE/FKiH/Zta+hBaXezayPY4+TBwAc
lU3QCpiTRL/q9JCHvRoPvN3QX7ylYlHa4UCLDO97nRnx
-----END CERTIFICATE-----