This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/fHiLAjeGI5fzHUJT-wjG-vUQaUc.roa
File:                     fHiLAjeGI5fzHUJT-wjG-vUQaUc.roa (raw, json)
Hash identifier:          b2nJsInyFTD4R4jnJKV9oymyFGug4tERm9L1VVzvdQU=
Subject key identifier:   7C:78:8B:02:37:86:23:97:F3:1D:42:53:FB:08:C6:FA:F5:10:69:47
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019B7910306234B9C0ACC890005C6D5BEC35
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/fHiLAjeGI5fzHUJT-wjG-vUQaUc.roa
Signing time:             Thu 01 Jan 2026 10:17:42 +0000
ROA not before:           Thu 01 Jan 2026 10:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211407
IP address blocks:        45.149.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:30:62:34:b9:c0:ac:c8:90:00:5c:6d:5b:ec:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  1 10:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c788b0237862397f31d4253fb08c6faf5106947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f8:14:f5:3b:28:b4:97:67:b1:f9:c2:9e:64:
                    ef:a0:05:d7:89:10:10:33:a4:2e:7b:15:ad:02:de:
                    a4:b2:51:3c:e5:22:d4:41:58:7f:41:b6:da:5e:3e:
                    31:21:2d:cf:2b:97:15:cd:a6:e9:3d:9e:cb:41:80:
                    35:ad:53:84:ff:12:9f:77:00:90:7b:ff:32:3d:f7:
                    66:df:29:12:9d:c0:55:b2:f4:48:14:9f:81:ec:7e:
                    4f:63:0f:4c:38:68:f0:f2:f7:7b:9d:49:46:6d:6a:
                    79:2e:4a:6c:13:28:f2:dd:da:3a:7f:98:58:1d:a6:
                    a8:ab:47:86:ec:61:f9:20:04:af:37:49:ff:17:fa:
                    a0:3f:1f:21:41:ed:74:ce:30:4a:0f:92:16:18:09:
                    48:d2:63:26:70:21:b2:e0:a4:ed:2d:23:ec:7d:77:
                    25:d6:01:f1:77:94:c6:c7:31:fb:24:a8:cf:bf:a1:
                    f9:ed:0d:17:0a:90:e5:c1:86:ac:a2:37:bd:78:b9:
                    52:13:0b:92:6d:18:c9:0e:12:1a:f1:85:ce:ab:54:
                    d8:e6:77:e8:35:8c:23:3c:77:26:04:33:e4:9a:f3:
                    de:87:2e:9f:cf:11:54:a7:f0:20:28:40:fd:d1:e1:
                    09:66:e4:f2:b5:da:bb:12:5e:3f:28:0a:bd:88:70:
                    62:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:78:8B:02:37:86:23:97:F3:1D:42:53:FB:08:C6:FA:F5:10:69:47
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/fHiLAjeGI5fzHUJT-wjG-vUQaUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:85:6f:f5:0c:32:cb:a7:30:75:0b:57:ee:85:07:66:b4:3d:
         c8:d5:31:98:ce:ac:cc:b7:81:cc:91:5c:49:1a:23:7d:4b:35:
         5d:75:b7:60:0c:3d:3d:26:31:7c:0d:0c:59:cf:48:cc:1d:4e:
         5d:ba:f0:01:00:af:f5:03:72:14:5e:2b:d2:22:19:9d:6f:e0:
         cc:45:60:b6:7f:c6:81:eb:3d:e4:e5:fb:a8:06:02:50:c5:82:
         19:1b:04:c6:e8:16:e3:4c:1c:e6:90:e9:12:80:1a:d0:02:67:
         56:ee:ed:d7:91:6b:46:81:9e:6f:02:c5:07:ff:26:4e:a9:ec:
         cb:78:ad:dd:8c:ab:80:7f:b2:e1:38:57:d1:c9:22:8c:66:e7:
         74:4d:fe:38:fc:13:21:0d:6e:d1:ea:d5:77:48:0e:b8:88:e8:
         d7:9b:9a:2d:2d:f8:fe:9a:da:f9:30:49:33:a8:b5:07:3a:04:
         b6:92:18:81:c3:f4:ac:fb:cd:d6:a0:3f:c6:77:4f:ce:ea:a8:
         db:61:e3:f0:ca:fa:cd:f1:60:37:65:57:63:e4:ef:bb:fb:12:
         f3:96:41:f9:d4:fd:09:2e:d1:2a:70:e8:42:3a:33:18:ce:b3:
         37:3c:66:e5:83:16:43:bd:ce:64:ce:ac:4e:49:98:62:f0:57:
         59:22:84:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EDBiNLnArMiQAFxtW+w1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwMTAxMTAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzc4OGIwMjM3ODYyMzk3ZjMxZDQyNTNmYjA4YzZmYWY1MTA2OTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgU9TsotJdnsfnCnmTvoAXXiRAQ
M6QuexWtAt6kslE85SLUQVh/QbbaXj4xIS3PK5cVzabpPZ7LQYA1rVOE/xKfdwCQ
e/8yPfdm3ykSncBVsvRIFJ+B7H5PYw9MOGjw8vd7nUlGbWp5LkpsEyjy3do6f5hY
Haaoq0eG7GH5IASvN0n/F/qgPx8hQe10zjBKD5IWGAlI0mMmcCGy4KTtLSPsfXcl
1gHxd5TGxzH7JKjPv6H57Q0XCpDlwYasoje9eLlSEwuSbRjJDhIa8YXOq1TY5nfo
NYwjPHcmBDPkmvPehy6fzxFUp/AgKED90eEJZuTytdq7El4/KAq9iHBimwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx4iwI3hiOX8x1CU/sIxvr1EGlHMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZkhpTEFqZUdJNWZ6SFVKVC13akctdlVRYVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZVdMA0G
CSqGSIb3DQEBCwUAA4IBAQBehW/1DDLLpzB1C1fuhQdmtD3I1TGYzqzMt4HMkVxJ
GiN9SzVddbdgDD09JjF8DQxZz0jMHU5duvABAK/1A3IUXivSIhmdb+DMRWC2f8aB
6z3k5fuoBgJQxYIZGwTG6BbjTBzmkOkSgBrQAmdW7u3XkWtGgZ5vAsUH/yZOqezL
eK3djKuAf7LhOFfRySKMZud0Tf44/BMhDW7R6tV3SA64iOjXm5otLfj+mtr5MEkz
qLUHOgS2khiBw/Ss+83WoD/Gd0/O6qjbYePwyvrN8WA3ZVdj5O+7+xLzlkH51P0J
LtEqcOhCOjMYzrM3PGblgxZDvc5kzqxOSZhi8FdZIoSJ
-----END CERTIFICATE-----