This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/vWKFpPFVl35hfIog_KoQjclWrmY.roa
File:                     vWKFpPFVl35hfIog_KoQjclWrmY.roa (raw, json)
Hash identifier:          7m8wK3gsN1166dBeFVQxAfE0K89nsZEcg+lnonfGv9Q=
Subject key identifier:   BD:62:85:A4:F1:55:97:7E:61:7C:8A:20:FC:AA:10:8D:C9:56:AE:66
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       019B78A3378F8EC05F541A3EE25977B8E1A2
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/vWKFpPFVl35hfIog_KoQjclWrmY.roa
Signing time:             Thu 01 Jan 2026 08:18:41 +0000
ROA not before:           Thu 01 Jan 2026 08:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3356
IP address blocks:        45.142.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:37:8f:8e:c0:5f:54:1a:3e:e2:59:77:b8:e1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Jan  1 08:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd6285a4f155977e617c8a20fcaa108dc956ae66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:97:22:8c:42:f1:11:f4:fd:41:e3:3f:e4:76:
                    ed:3d:ea:79:ba:7c:38:30:8b:e9:fc:78:8f:0e:95:
                    77:3e:75:e6:7b:53:e5:c1:0f:72:9e:66:6f:b2:a2:
                    c7:fa:15:c2:f2:78:76:b0:1c:51:1d:e7:e9:ca:2f:
                    7b:5b:a9:ae:b5:8d:b9:69:35:33:26:9a:e3:fa:83:
                    8a:e5:50:c2:5b:12:da:4d:42:57:ba:e3:12:89:61:
                    25:70:3d:3c:b3:be:a9:62:ed:82:67:b1:cd:cb:45:
                    a9:4f:18:73:7a:fe:fc:75:10:2d:6f:a5:10:69:09:
                    65:c1:39:62:b3:c9:82:77:64:c9:25:1a:4c:5b:87:
                    1b:10:ed:aa:a6:17:69:a2:ff:41:a5:04:84:ef:5a:
                    ae:4f:58:48:e0:76:be:6b:93:25:76:c1:31:99:07:
                    3a:73:5e:99:3e:8e:30:43:71:36:a9:aa:6f:c5:6c:
                    73:03:a4:6c:2f:ce:f2:77:ca:15:37:ab:a4:d2:d8:
                    a9:d9:1a:cc:06:3c:a5:ea:2a:40:d7:12:92:75:2f:
                    9f:15:db:0e:24:4a:18:8e:e1:a9:7b:03:92:d2:be:
                    b1:6a:05:30:a2:7d:24:13:79:7a:55:bb:6d:71:bb:
                    e5:cb:0a:20:b9:8a:27:97:55:e3:b0:24:37:8b:78:
                    57:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:62:85:A4:F1:55:97:7E:61:7C:8A:20:FC:AA:10:8D:C9:56:AE:66
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/vWKFpPFVl35hfIog_KoQjclWrmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:b3:70:27:61:c3:be:c6:81:6c:55:f6:bd:72:28:78:3a:56:
         f4:ba:bb:3a:58:fb:18:ff:56:a4:83:aa:d0:d3:2e:ed:de:f1:
         1f:35:2e:78:c9:c4:bc:bb:9b:87:2a:ef:f2:bd:fb:73:0b:77:
         95:34:62:2c:f1:8c:17:e2:7c:b0:1b:20:ab:1a:89:dc:11:9c:
         35:09:bd:9f:23:54:50:d7:18:af:df:d6:33:65:fc:a9:69:fd:
         50:31:28:3b:9d:68:7f:dc:ea:0c:0f:87:3a:cb:89:a3:ce:e2:
         38:cf:ac:82:77:61:e1:6f:7c:68:9a:90:fd:b3:1d:a8:cc:27:
         55:87:10:88:24:cf:c7:f5:7d:a4:97:73:36:43:20:00:0f:3f:
         d9:4b:e9:44:b8:75:bc:c8:b4:b7:e9:a9:7d:f7:ce:02:6e:3e:
         a4:08:76:c3:48:55:b3:15:88:b8:d9:99:b3:85:42:91:e8:fc:
         01:51:72:63:ad:8c:48:58:a2:4e:51:22:0b:42:d6:af:60:2a:
         2b:ad:a0:76:98:9d:13:b8:18:42:cd:20:ea:28:5e:b8:1c:0c:
         13:93:6f:ec:45:5e:7d:81:c5:74:8a:73:9a:d8:54:ed:9f:68:
         d9:57:d8:d7:06:11:e7:93:3b:0d:fa:87:72:b0:cb:13:3c:54:
         b1:c3:8e:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ozePjsBfVBo+4ll3uOGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjYwMTAxMDgxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDYyODVhNGYxNTU5NzdlNjE3YzhhMjBmY2FhMTA4ZGM5NTZhZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJcijELxEfT9QeM/5HbtPep5unw4
MIvp/HiPDpV3PnXme1PlwQ9ynmZvsqLH+hXC8nh2sBxRHefpyi97W6mutY25aTUz
Jprj+oOK5VDCWxLaTUJXuuMSiWElcD08s76pYu2CZ7HNy0WpTxhzev78dRAtb6UQ
aQllwTlis8mCd2TJJRpMW4cbEO2qphdpov9BpQSE71quT1hI4Ha+a5MldsExmQc6
c16ZPo4wQ3E2qapvxWxzA6RsL87yd8oVN6uk0tip2RrMBjyl6ipA1xKSdS+fFdsO
JEoYjuGpewOS0r6xagUwon0kE3l6VbttcbvlywoguYonl1XjsCQ3i3hXdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1ihaTxVZd+YXyKIPyqEI3JVq5mMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvdldLRnBQRlZsMzVoZklvZ19Lb1FqY2xXcm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY40MA0G
CSqGSIb3DQEBCwUAA4IBAQA/s3AnYcO+xoFsVfa9cih4Olb0urs6WPsY/1akg6rQ
0y7t3vEfNS54ycS8u5uHKu/yvftzC3eVNGIs8YwX4nywGyCrGoncEZw1Cb2fI1RQ
1xiv39YzZfypaf1QMSg7nWh/3OoMD4c6y4mjzuI4z6yCd2Hhb3xompD9sx2ozCdV
hxCIJM/H9X2kl3M2QyAADz/ZS+lEuHW8yLS36al9984Cbj6kCHbDSFWzFYi42Zmz
hUKR6PwBUXJjrYxIWKJOUSILQtavYCorraB2mJ0TuBhCzSDqKF64HAwTk2/sRV59
gcV0inOa2FTtn2jZV9jXBhHnkzsN+odysMsTPFSxw45i
-----END CERTIFICATE-----