This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/_kQ6sm_mo_p1SKdQoRItAP8rezY.roa
File:                     _kQ6sm_mo_p1SKdQoRItAP8rezY.roa (raw, json)
Hash identifier:          FamL8pGq13zRSsk9bbJZ26sKBwj3qZkJI9rn7zZOeO8=
Subject key identifier:   FE:44:3A:B2:6F:E6:A3:FA:75:48:A7:50:A1:12:2D:00:FF:2B:7B:36
Certificate issuer:       /CN=e2dac150848325f0f72587064f8aba37c5ff3790
Certificate serial:       019B7F15E9B10AB13B526492E815C9AA99FC
Authority key identifier: E2:DA:C1:50:84:83:25:F0:F7:25:87:06:4F:8A:BA:37:C5:FF:37:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/_kQ6sm_mo_p1SKdQoRItAP8rezY.roa
Signing time:             Fri 02 Jan 2026 14:21:41 +0000
ROA not before:           Fri 02 Jan 2026 14:21:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39257
IP address blocks:        45.67.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e9:b1:0a:b1:3b:52:64:92:e8:15:c9:aa:99:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2dac150848325f0f72587064f8aba37c5ff3790
        Validity
            Not Before: Jan  2 14:21:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe443ab26fe6a3fa7548a750a1122d00ff2b7b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:52:ca:d6:59:a3:55:35:d5:20:ef:14:8f:
                    1c:28:63:c9:15:ab:2f:60:cd:b5:50:a3:82:c6:56:
                    fe:b2:6a:6a:89:96:41:26:39:91:bd:65:24:35:d6:
                    6c:e9:13:74:7a:d0:61:d2:af:ff:20:00:8c:b7:3f:
                    49:59:fb:ed:52:ad:42:65:b5:42:3c:cb:d4:23:85:
                    3b:77:37:f5:58:98:c4:b5:8b:c2:05:b2:69:f6:87:
                    46:be:5b:22:5f:b4:07:69:2b:d1:5a:11:22:b3:cb:
                    f9:23:f1:2c:80:43:63:84:50:64:7c:82:ba:bc:62:
                    d0:4e:cf:c2:e8:49:b2:0d:cb:e4:15:82:a8:d2:4d:
                    f0:f6:c0:ab:e4:6b:6f:37:38:f8:29:46:4c:5d:81:
                    0e:57:04:4a:e6:33:ec:ff:27:d6:ca:78:8d:ee:65:
                    c8:ab:c2:e1:fc:a4:36:a5:b8:33:be:15:d7:7b:eb:
                    06:95:a6:48:7c:12:46:9b:f2:b9:b8:4b:86:84:06:
                    74:3b:1d:f6:ec:82:28:db:97:32:90:fb:4a:8c:9b:
                    a7:f6:aa:b4:bc:87:81:34:6d:d0:52:41:86:27:a7:
                    ae:04:e4:c1:92:d1:e8:d8:3b:6c:0c:64:6a:1b:da:
                    fe:e7:db:d9:ae:9e:16:cd:2c:67:bf:7e:99:12:1f:
                    3e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:44:3A:B2:6F:E6:A3:FA:75:48:A7:50:A1:12:2D:00:FF:2B:7B:36
            X509v3 Authority Key Identifier:
                keyid:E2:DA:C1:50:84:83:25:F0:F7:25:87:06:4F:8A:BA:37:C5:FF:37:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/_kQ6sm_mo_p1SKdQoRItAP8rezY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:6d:58:e1:e3:2a:f7:7e:2d:7a:b4:76:f5:ba:7a:03:f1:63:
         d1:92:b2:39:fd:8d:a2:c9:59:83:81:b3:ba:a9:ea:3c:bb:a9:
         3a:50:d1:a3:72:ef:ee:0a:4c:82:74:94:fd:d4:f1:75:2b:9e:
         13:ea:26:28:a2:df:35:75:03:c6:0f:ad:7a:4c:38:84:a6:85:
         01:ed:dc:82:8d:50:d7:62:05:3c:96:b1:1b:b3:bf:b8:16:3f:
         21:05:09:ac:7e:0a:5e:b8:c1:53:ae:77:64:ec:f8:5c:0c:34:
         33:d1:e2:1c:f3:95:e4:42:c7:7e:57:da:35:a9:33:28:ae:f1:
         b7:fe:5a:ac:99:62:e3:a5:84:de:93:6f:df:da:7a:a3:98:93:
         60:35:bb:f2:9b:0c:1a:9b:de:f7:e3:77:6e:e4:7d:cf:fc:f3:
         7e:cf:1f:8e:7a:b4:0c:d9:01:e8:d8:c9:26:8f:ae:26:a0:69:
         b4:10:06:39:18:01:7d:88:53:53:ee:32:f8:cb:50:e6:71:48:
         01:24:0d:00:48:6d:bb:47:d1:65:8e:87:e4:53:62:26:c3:8f:
         a2:a4:1e:ce:20:1c:d5:ea:bb:26:20:37:73:07:64:5e:5c:4e:
         3b:96:b1:12:f6:ac:0b:1c:08:a7:e8:25:ce:72:29:45:dd:3c:
         50:0a:21:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FemxCrE7UmSS6BXJqpn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZGFjMTUwODQ4MzI1ZjBmNzI1ODcwNjRmOGFiYTM3YzVm
ZjM3OTAwHhcNMjYwMTAyMTQyMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTQ0M2FiMjZmZTZhM2ZhNzU0OGE3NTBhMTEyMmQwMGZmMmI3YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJhSytZZo1U11SDvFI8cKGPJFasv
YM21UKOCxlb+smpqiZZBJjmRvWUkNdZs6RN0etBh0q//IACMtz9JWfvtUq1CZbVC
PMvUI4U7dzf1WJjEtYvCBbJp9odGvlsiX7QHaSvRWhEis8v5I/EsgENjhFBkfIK6
vGLQTs/C6EmyDcvkFYKo0k3w9sCr5GtvNzj4KUZMXYEOVwRK5jPs/yfWyniN7mXI
q8Lh/KQ2pbgzvhXXe+sGlaZIfBJGm/K5uEuGhAZ0Ox327IIo25cykPtKjJun9qq0
vIeBNG3QUkGGJ6euBOTBktHo2DtsDGRqG9r+59vZrp4WzSxnv36ZEh8+FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5EOrJv5qP6dUinUKESLQD/K3s2MB8GA1UdIwQY
MBaAFOLawVCEgyXw9yWHBk+KujfF/zeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRyQlVJU0RKZkQzSlljR1Q0cTZOOFhfTjVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mMDk3NTktNmNlYi00NzU0LWJiZTUt
M2I5ZTNjNTNiYWIwLzEvX2tRNnNtX21vX3AxU0tkUW9SSXRBUDhyZXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mMDk3NTktNmNlYi00NzU0LWJiZTUtM2I5ZTNjNTNiYWIw
LzEvNHRyQlVJU0RKZkQzSlljR1Q0cTZOOFhfTjVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUMcMA0G
CSqGSIb3DQEBCwUAA4IBAQABbVjh4yr3fi16tHb1unoD8WPRkrI5/Y2iyVmDgbO6
qeo8u6k6UNGjcu/uCkyCdJT91PF1K54T6iYoot81dQPGD616TDiEpoUB7dyCjVDX
YgU8lrEbs7+4Fj8hBQmsfgpeuMFTrndk7PhcDDQz0eIc85XkQsd+V9o1qTMorvG3
/lqsmWLjpYTek2/f2nqjmJNgNbvymwwam97343du5H3P/PN+zx+OerQM2QHo2Mkm
j64moGm0EAY5GAF9iFNT7jL4y1DmcUgBJA0ASG27R9FljofkU2Imw4+ipB7OIBzV
6rsmIDdzB2ReXE47lrES9qwLHAin6CXOcilF3TxQCiGa
-----END CERTIFICATE-----