This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/BKLkIdToQetqMN6t0fILb38dSDc.roa
File:                     BKLkIdToQetqMN6t0fILb38dSDc.roa (raw, json)
Hash identifier:          RhVkHdE+vukqBXIHV6N+0FaehH32ohYDLGAwN+SuRTk=
Subject key identifier:   04:A2:E4:21:D4:E8:41:EB:6A:30:DE:AD:D1:F2:0B:6F:7F:1D:48:37
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       019B78A3386A2CEF576F315FE7D6156A69AA
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/BKLkIdToQetqMN6t0fILb38dSDc.roa
Signing time:             Thu 01 Jan 2026 08:18:41 +0000
ROA not before:           Thu 01 Jan 2026 08:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15440
IP address blocks:        45.153.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:38:6a:2c:ef:57:6f:31:5f:e7:d6:15:6a:69:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Jan  1 08:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04a2e421d4e841eb6a30deadd1f20b6f7f1d4837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bb:ec:28:f2:cc:d8:00:4f:2f:5a:88:13:35:
                    5e:4c:02:6d:f8:a1:5f:7f:fe:3f:6b:86:81:8d:de:
                    40:2a:a8:58:74:4e:09:35:95:4b:87:8b:74:94:43:
                    f4:af:d3:1e:7d:8e:4d:83:3c:67:89:53:17:9e:a0:
                    a3:85:23:ef:16:98:18:9d:80:bf:d9:7a:8b:e2:8d:
                    f7:8e:8c:91:a3:75:83:5b:6f:60:cc:2c:d5:99:3d:
                    58:67:76:ba:c8:cf:46:ec:ff:14:5d:11:d4:45:e1:
                    42:d8:3c:44:69:f3:9d:88:14:17:b2:da:37:3d:cf:
                    ea:33:d6:55:38:4f:10:51:54:8e:01:ac:8e:e5:d9:
                    81:c3:c1:ce:37:ee:85:7d:3d:c1:6d:ff:1a:d6:2b:
                    de:d4:17:3d:8e:21:06:7c:4f:73:82:25:5d:cf:a7:
                    ff:4c:95:6e:7a:79:b9:67:b8:93:b7:53:a1:cb:c1:
                    e3:72:de:91:4a:5a:1f:41:ad:c9:27:6d:4d:96:9d:
                    82:2a:84:88:2c:c3:43:d4:fa:f1:61:8c:52:b3:da:
                    b5:99:f2:66:58:7f:ff:a8:c5:c0:88:0b:f0:8f:37:
                    27:59:19:de:04:a3:09:bb:27:b3:4b:d6:ad:aa:05:
                    41:0b:18:98:92:8c:fd:ed:4f:ca:87:33:3d:5c:5f:
                    89:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A2:E4:21:D4:E8:41:EB:6A:30:DE:AD:D1:F2:0B:6F:7F:1D:48:37
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/BKLkIdToQetqMN6t0fILb38dSDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d7:4a:78:e5:ab:dc:f3:fe:69:41:d8:ea:d2:5a:57:ea:c6:
         c9:ae:5e:d5:47:a6:7d:5d:94:e4:8a:f3:63:ea:b5:bf:de:49:
         09:97:ee:98:0c:db:69:c3:c8:ac:dc:28:cc:92:c0:c0:cb:61:
         50:6a:90:d1:98:12:d5:45:bc:28:d6:48:84:98:45:33:07:a0:
         dd:ec:c3:89:ed:12:a4:7b:9e:77:9f:14:b8:7d:f5:02:b5:c0:
         f3:db:b4:d0:95:dc:18:5e:33:2b:dc:f3:86:2a:91:55:57:62:
         dd:ac:7c:4b:6f:d9:22:a7:5f:94:a0:57:bc:81:ce:c9:12:c3:
         f9:e4:e4:9d:22:03:18:d8:83:e8:37:bf:54:c9:f5:65:d7:6f:
         81:53:c6:1d:98:fa:44:d9:be:31:44:2f:a8:b6:40:45:1b:08:
         8f:4e:b4:e1:be:50:38:fa:c7:2c:ab:dc:cc:ce:e2:bc:b8:56:
         e3:ad:f1:52:c6:42:13:c9:e9:b2:d7:30:83:3d:b3:ac:c1:66:
         79:1d:fc:bb:10:01:7d:36:86:b5:9d:7d:17:6d:5c:bf:53:a3:
         87:4c:3c:e6:c4:7e:9c:00:16:b7:20:b8:15:94:bc:90:13:f6:
         98:23:b6:14:64:4e:e9:2b:80:e4:a6:38:ae:97:f0:ac:29:f8:
         97:ca:14:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ozhqLO9XbzFf59YVammqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjYwMTAxMDgxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGEyZTQyMWQ0ZTg0MWViNmEzMGRlYWRkMWYyMGI2ZjdmMWQ0ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbvsKPLM2ABPL1qIEzVeTAJt+KFf
f/4/a4aBjd5AKqhYdE4JNZVLh4t0lEP0r9MefY5NgzxniVMXnqCjhSPvFpgYnYC/
2XqL4o33joyRo3WDW29gzCzVmT1YZ3a6yM9G7P8UXRHUReFC2DxEafOdiBQXsto3
Pc/qM9ZVOE8QUVSOAayO5dmBw8HON+6FfT3Bbf8a1ive1Bc9jiEGfE9zgiVdz6f/
TJVuenm5Z7iTt1Ohy8Hjct6RSlofQa3JJ21Nlp2CKoSILMND1PrxYYxSs9q1mfJm
WH//qMXAiAvwjzcnWRneBKMJuyezS9atqgVBCxiYkoz97U/KhzM9XF+J+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASi5CHU6EHrajDerdHyC29/HUg3MB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvQktMa0lkVG9RZXRxTU42dDBmSUxiMzhkU0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZntMA0G
CSqGSIb3DQEBCwUAA4IBAQAh10p45avc8/5pQdjq0lpX6sbJrl7VR6Z9XZTkivNj
6rW/3kkJl+6YDNtpw8is3CjMksDAy2FQapDRmBLVRbwo1kiEmEUzB6Dd7MOJ7RKk
e553nxS4ffUCtcDz27TQldwYXjMr3POGKpFVV2LdrHxLb9kip1+UoFe8gc7JEsP5
5OSdIgMY2IPoN79UyfVl12+BU8YdmPpE2b4xRC+otkBFGwiPTrThvlA4+scsq9zM
zuK8uFbjrfFSxkITyemy1zCDPbOswWZ5Hfy7EAF9Noa1nX0XbVy/U6OHTDzmxH6c
ABa3ILgVlLyQE/aYI7YUZE7pK4Dkpjiul/CsKfiXyhSb
-----END CERTIFICATE-----