This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/FGWSmCiFor0nTfWbxjmzYP_XTWE.roa
File:                     FGWSmCiFor0nTfWbxjmzYP_XTWE.roa (raw, json)
Hash identifier:          SoNbcAzZOAbsaX1DWlnc7rcsM5HKeRW27Hbeu6b+U0I=
Subject key identifier:   14:65:92:98:28:85:A2:BD:27:4D:F5:9B:C6:39:B3:60:FF:D7:4D:61
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       019B7F15C926C9F3DD1A03E0EFF4489D1841
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/FGWSmCiFor0nTfWbxjmzYP_XTWE.roa
Signing time:             Fri 02 Jan 2026 14:21:32 +0000
ROA not before:           Fri 02 Jan 2026 14:21:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        45.158.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:c9:26:c9:f3:dd:1a:03:e0:ef:f4:48:9d:18:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Jan  2 14:21:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=146592982885a2bd274df59bc639b360ffd74d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:dc:7d:3e:15:2e:93:c4:38:c2:26:2e:85:
                    2e:d9:98:84:cc:cc:e6:a6:84:55:43:d1:16:f0:30:
                    d9:87:f9:ee:7f:04:e7:a1:ef:10:0f:93:39:ad:57:
                    27:74:e8:c6:7d:19:ad:f2:bf:d2:8c:cc:46:4a:ae:
                    7a:75:e0:4d:00:af:6a:6d:2a:83:54:b7:69:1d:1e:
                    1b:27:fb:33:f4:71:6c:e8:74:b2:18:32:b0:3e:a2:
                    ef:4b:39:d9:68:8b:08:9a:04:04:82:03:11:d7:02:
                    8e:64:40:c0:09:d7:63:47:ff:89:99:84:23:06:f9:
                    2d:83:fd:5c:0c:3a:50:7c:88:d1:ca:6a:07:5c:40:
                    5b:75:06:08:bf:57:fd:98:e4:82:c0:6d:ab:10:8f:
                    a3:ea:4b:d5:83:8c:05:1f:a2:65:1a:9d:51:3a:35:
                    31:46:31:51:f2:4e:1d:a2:fe:fb:2c:f9:a0:45:32:
                    67:c2:4a:6f:00:72:ba:93:5f:ad:68:da:10:86:a6:
                    be:cf:35:30:1f:9d:16:50:58:94:bd:a9:0f:78:ef:
                    47:18:ec:c0:d0:ea:d5:0e:e2:cd:70:19:de:5b:86:
                    48:cb:ba:b2:c1:c7:56:f0:f7:e0:7a:d9:92:bb:18:
                    c1:ba:59:af:c3:68:ae:88:00:35:ae:45:e8:fa:5a:
                    b6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:65:92:98:28:85:A2:BD:27:4D:F5:9B:C6:39:B3:60:FF:D7:4D:61
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/FGWSmCiFor0nTfWbxjmzYP_XTWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:c0:38:c6:fc:d3:a3:f9:e5:a2:0e:74:1a:6f:01:e8:20:66:
         e5:09:8b:1f:21:94:16:ea:87:1d:37:21:a5:03:ee:c8:ee:69:
         a6:7b:fa:ae:cc:11:ac:65:89:fe:7d:cc:da:0b:61:32:ec:2c:
         53:f2:6e:7f:97:6a:0b:81:c8:9e:e3:c0:55:96:f9:d6:d7:6d:
         fa:67:c7:e1:08:9c:74:2b:85:5c:94:c4:3c:3e:68:a5:92:c9:
         da:b1:1a:71:3c:ad:1f:76:45:2f:95:1f:6d:93:1b:69:55:a6:
         5c:31:74:2b:45:ac:14:63:d4:a7:e4:df:06:af:bc:0b:b5:23:
         8a:fe:0e:c3:14:80:c5:38:ae:f7:47:fc:40:39:1e:25:db:16:
         83:b2:24:48:9f:4a:56:d6:f8:10:90:60:8b:82:d5:99:c7:6f:
         c4:d7:3e:41:fe:a7:3e:f7:d6:3b:7f:19:d9:c3:62:3b:4d:39:
         43:c0:8b:76:fd:81:db:35:40:1d:dd:8f:05:2c:fc:76:f2:04:
         ab:23:af:47:e6:57:68:9a:c6:0e:06:ec:bc:3e:2d:15:ca:29:
         e1:b5:8a:11:7e:8d:96:aa:bb:2f:57:32:b0:49:7c:33:cf:d6:
         6f:15:49:b9:29:04:76:9b:57:32:ac:d2:73:65:eb:be:e9:06:
         78:97:1a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FckmyfPdGgPg7/RInRhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjYwMTAyMTQyMTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDY1OTI5ODI4ODVhMmJkMjc0ZGY1OWJjNjM5YjM2MGZmZDc0ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviLcfT4VLpPEOMImLoUu2ZiEzMzm
poRVQ9EW8DDZh/nufwTnoe8QD5M5rVcndOjGfRmt8r/SjMxGSq56deBNAK9qbSqD
VLdpHR4bJ/sz9HFs6HSyGDKwPqLvSznZaIsImgQEggMR1wKOZEDACddjR/+JmYQj
Bvktg/1cDDpQfIjRymoHXEBbdQYIv1f9mOSCwG2rEI+j6kvVg4wFH6JlGp1ROjUx
RjFR8k4dov77LPmgRTJnwkpvAHK6k1+taNoQhqa+zzUwH50WUFiUvakPeO9HGOzA
0OrVDuLNcBneW4ZIy7qywcdW8PfgetmSuxjBulmvw2iuiAA1rkXo+lq2uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRlkpgohaK9J031m8Y5s2D/101hMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvRkdXU21DaUZvcjBuVGZXYnhqbXpZUF9YVFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ58MA0G
CSqGSIb3DQEBCwUAA4IBAQBewDjG/NOj+eWiDnQabwHoIGblCYsfIZQW6ocdNyGl
A+7I7mmme/quzBGsZYn+fczaC2Ey7CxT8m5/l2oLgcie48BVlvnW1236Z8fhCJx0
K4VclMQ8PmilksnasRpxPK0fdkUvlR9tkxtpVaZcMXQrRawUY9Sn5N8Gr7wLtSOK
/g7DFIDFOK73R/xAOR4l2xaDsiRIn0pW1vgQkGCLgtWZx2/E1z5B/qc+99Y7fxnZ
w2I7TTlDwIt2/YHbNUAd3Y8FLPx28gSrI69H5ldomsYOBuy8Pi0VyinhtYoRfo2W
qrsvVzKwSXwzz9ZvFUm5KQR2m1cyrNJzZeu+6QZ4lxrE
-----END CERTIFICATE-----