This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lVZUPTWkrcD9zWV0d6GRZgTVVtY.roa
File:                     lVZUPTWkrcD9zWV0d6GRZgTVVtY.roa (raw, json)
Hash identifier:          wqHHRXTgzV5U05gKB+m5zqGdaleWNQFqgG+iBB1QzNE=
Subject key identifier:   95:56:54:3D:35:A4:AD:C0:FD:CD:65:74:77:A1:91:66:04:D5:56:D6
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       019B76EB807BA13E7E25C732E757DEE0CB34
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lVZUPTWkrcD9zWV0d6GRZgTVVtY.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35711
IP address blocks:        45.14.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:80:7b:a1:3e:7e:25:c7:32:e7:57:de:e0:cb:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9556543d35a4adc0fdcd657477a1916604d556d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a7:ac:fc:13:60:78:f0:61:84:22:9d:07:6d:
                    06:a1:45:45:f8:c0:7d:19:46:26:bd:a2:70:89:8b:
                    a8:40:39:05:0e:5a:2d:7d:9a:4c:2a:ff:be:09:f2:
                    15:b1:91:ac:1f:6e:43:41:f6:c6:88:4a:f3:ec:ac:
                    1c:0d:eb:36:8c:9e:f7:de:fd:bd:35:af:b0:40:15:
                    f0:0e:9d:93:f4:79:a0:ad:61:47:4d:24:37:b1:24:
                    d6:84:9b:44:eb:d9:0d:99:d9:1c:8c:69:de:20:ad:
                    20:d9:e0:c1:97:98:37:a5:39:2a:94:40:37:66:c2:
                    20:a8:ae:8c:32:29:13:73:66:d1:0e:8a:61:6c:eb:
                    83:f1:6b:37:4a:50:e7:cb:e1:cf:39:ca:f6:72:81:
                    0a:93:ca:df:e4:37:9a:b7:5b:34:bc:fc:f2:40:86:
                    6e:24:87:2b:58:d0:74:8d:24:4d:f2:09:ed:a9:3e:
                    2e:bb:26:a8:c0:fb:8f:fa:b1:e6:db:e6:7c:88:a0:
                    8e:2f:5c:80:fc:42:82:10:94:90:dd:28:38:41:8b:
                    43:b7:33:ed:f6:f7:82:b2:bf:5a:54:9d:f2:1f:92:
                    47:f7:4e:e5:3a:0c:7d:8e:4e:23:85:63:75:c8:60:
                    5e:5e:09:58:b3:6d:b3:18:8e:03:ce:dd:b8:62:f6:
                    94:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:56:54:3D:35:A4:AD:C0:FD:CD:65:74:77:A1:91:66:04:D5:56:D6
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/lVZUPTWkrcD9zWV0d6GRZgTVVtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:5a:af:ae:d5:7d:39:9b:cf:7c:3b:93:e5:85:d2:17:a7:4b:
         93:02:73:4f:ac:29:98:3b:28:64:14:1f:37:ea:e6:58:2a:e8:
         77:07:86:66:e3:32:d2:47:23:7b:78:79:7e:84:34:5e:2f:73:
         d5:8f:d1:08:95:8d:bf:8e:48:17:cd:ab:bd:72:3e:fb:72:d1:
         c6:31:3f:8a:95:c3:e2:cf:38:e9:af:e1:64:31:e8:db:91:0c:
         f9:81:57:15:1f:97:3f:6b:59:16:99:a7:fd:b1:d6:6a:07:47:
         43:9a:d9:13:60:58:f7:63:81:7b:f2:64:17:ca:df:3f:8e:2f:
         a8:30:2e:33:f9:8f:77:71:7e:dd:8f:39:f2:09:b8:2b:fc:74:
         71:95:20:76:b0:57:2f:3f:15:db:7e:6a:dc:ff:1f:49:a6:5e:
         24:a6:05:ef:9d:a1:b8:5f:9b:d8:36:18:fe:08:1d:1a:71:85:
         51:2c:63:6c:f8:f7:ac:0f:47:2a:41:9c:89:50:53:a3:96:10:
         29:8c:e8:b2:5a:07:5c:1f:67:0e:ae:4a:c5:96:6b:94:2b:39:
         e2:1c:29:e2:6c:0b:a3:0d:d2:ee:b0:22:4c:dd:9b:5a:88:d6:
         a5:39:a7:2e:44:62:b2:92:7d:de:d7:fd:2d:d5:f3:da:51:19:
         70:03:af:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264B7oT5+Jccy51fe4Ms0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU2NTQzZDM1YTRhZGMwZmRjZDY1NzQ3N2ExOTE2NjA0ZDU1NmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26es/BNgePBhhCKdB20GoUVF+MB9
GUYmvaJwiYuoQDkFDlotfZpMKv++CfIVsZGsH25DQfbGiErz7KwcDes2jJ733v29
Na+wQBXwDp2T9HmgrWFHTSQ3sSTWhJtE69kNmdkcjGneIK0g2eDBl5g3pTkqlEA3
ZsIgqK6MMikTc2bRDophbOuD8Ws3SlDny+HPOcr2coEKk8rf5Deat1s0vPzyQIZu
JIcrWNB0jSRN8gntqT4uuyaowPuP+rHm2+Z8iKCOL1yA/EKCEJSQ3Sg4QYtDtzPt
9veCsr9aVJ3yH5JH907lOgx9jk4jhWN1yGBeXglYs22zGI4Dzt24YvaUdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVWVD01pK3A/c1ldHehkWYE1VbWMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvbFZaVVBUV2tyY0Q5eldWMGQ2R1JaZ1RWVnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQCbWq+u1X05m898O5PlhdIXp0uTAnNPrCmYOyhkFB83
6uZYKuh3B4Zm4zLSRyN7eHl+hDReL3PVj9EIlY2/jkgXzau9cj77ctHGMT+KlcPi
zzjpr+FkMejbkQz5gVcVH5c/a1kWmaf9sdZqB0dDmtkTYFj3Y4F78mQXyt8/ji+o
MC4z+Y93cX7djznyCbgr/HRxlSB2sFcvPxXbfmrc/x9Jpl4kpgXvnaG4X5vYNhj+
CB0acYVRLGNs+PesD0cqQZyJUFOjlhApjOiyWgdcH2cOrkrFlmuUKzniHCnibAuj
DdLusCJM3ZtaiNalOacuRGKykn3e1/0t1fPaURlwA6/v
-----END CERTIFICATE-----