This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/06lKPwR6pJnhp1Dr2FLGIdvF0MM.roa
File:                     06lKPwR6pJnhp1Dr2FLGIdvF0MM.roa (raw, json)
Hash identifier:          T9BCuVnnPEnOGP2tK0VN93mkRK3+tfQxnvI1P0JYimo=
Subject key identifier:   D3:A9:4A:3F:04:7A:A4:99:E1:A7:50:EB:D8:52:C6:21:DB:C5:D0:C3
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EAC5EA231A2B7477390B59E98D38DC
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/06lKPwR6pJnhp1Dr2FLGIdvF0MM.roa
Signing time:             Thu 01 Jan 2026 00:17:36 +0000
ROA not before:           Thu 01 Jan 2026 00:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138997
IP address blocks:        45.8.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c5:ea:23:1a:2b:74:77:39:0b:59:e9:8d:38:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3a94a3f047aa499e1a750ebd852c621dbc5d0c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:cc:fb:81:f2:8b:a4:40:de:f6:ac:09:24:
                    36:a8:32:d1:9d:33:36:57:62:9f:62:86:1c:94:ea:
                    b9:ee:c4:b6:c3:84:2d:43:ed:a6:86:f2:29:1c:4a:
                    21:7d:cd:0c:5c:d9:d3:f5:15:6b:05:ed:b4:0b:99:
                    d9:f4:87:72:ef:a6:68:32:f5:41:c9:32:8e:0d:09:
                    51:85:1b:80:f5:2c:05:2d:ff:5e:65:75:56:0b:19:
                    70:90:b5:29:ff:9d:fa:67:49:1a:15:76:0f:c5:a5:
                    2c:e5:f2:0b:a7:c9:d0:cf:95:dd:89:f3:4c:13:a7:
                    35:68:68:78:15:10:c4:f5:32:64:61:01:4e:17:40:
                    88:11:c0:94:a4:06:40:3d:1b:3f:87:54:4a:0f:04:
                    40:77:4f:5f:b0:0b:87:21:0d:4c:2a:03:e6:9c:73:
                    5c:d8:0d:9c:70:d2:1e:b6:04:96:2a:d6:58:dd:ae:
                    72:9f:31:e4:ae:78:80:2b:29:1b:ec:3b:06:a3:f9:
                    73:0a:16:e2:d8:d6:0b:5b:d7:04:82:69:f7:70:05:
                    e6:fc:8a:fc:98:b6:36:63:54:24:4f:08:2c:00:dd:
                    bb:54:be:a0:3d:cb:7c:78:09:d5:bb:c5:93:44:7d:
                    73:85:ed:90:b7:fb:06:fc:34:d1:00:4e:b2:ff:4d:
                    80:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A9:4A:3F:04:7A:A4:99:E1:A7:50:EB:D8:52:C6:21:DB:C5:D0:C3
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/06lKPwR6pJnhp1Dr2FLGIdvF0MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:00:24:4f:ad:b0:68:3d:f1:3d:ee:8b:5c:10:c3:ce:6d:c1:
         c8:64:f1:5a:8e:c1:45:b1:a6:f8:45:4b:bc:e0:05:1a:08:cb:
         2f:c8:4e:92:9b:52:59:e6:d8:3f:11:c7:fd:1e:34:1f:27:7c:
         76:ec:a4:d6:f8:fb:4e:a4:19:17:88:ee:8c:fd:2a:98:68:25:
         70:28:35:29:6e:bb:db:a5:5c:97:df:ad:15:3b:23:e9:a7:b4:
         ea:ab:79:11:84:fe:39:60:0d:99:18:b3:15:43:ae:1c:be:95:
         94:11:43:e8:15:fb:86:34:07:cc:08:dd:61:8e:1c:28:61:28:
         fa:59:e1:a5:ca:70:78:00:06:03:86:b4:f3:d4:df:d8:3a:95:
         c3:c1:43:20:3b:af:79:08:f0:27:59:fa:46:51:8a:b5:75:ee:
         b8:b9:c7:b9:bc:be:bd:92:bd:82:e5:dd:e9:b1:91:7a:83:4d:
         0c:04:3c:5a:d4:d9:cc:2d:62:80:ee:51:85:eb:56:3a:43:dd:
         6a:54:d4:e8:95:08:0b:b1:2c:62:9b:f4:1c:9e:c6:0d:ff:12:
         17:b7:4f:c4:30:44:d7:a0:ab:29:ec:8a:39:41:2b:f6:5d:d8:
         a4:cd:01:da:76:36:6d:fc:58:c5:0f:a6:a0:37:b5:a0:21:4b:
         2f:b2:a2:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26sXqIxordHc5C1npjTjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E5NGEzZjA0N2FhNDk5ZTFhNzUwZWJkODUyYzYyMWRiYzVkMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbbM+4Hyi6RA3vasCSQ2qDLRnTM2
V2KfYoYclOq57sS2w4QtQ+2mhvIpHEohfc0MXNnT9RVrBe20C5nZ9Idy76ZoMvVB
yTKODQlRhRuA9SwFLf9eZXVWCxlwkLUp/536Z0kaFXYPxaUs5fILp8nQz5XdifNM
E6c1aGh4FRDE9TJkYQFOF0CIEcCUpAZAPRs/h1RKDwRAd09fsAuHIQ1MKgPmnHNc
2A2ccNIetgSWKtZY3a5ynzHkrniAKykb7DsGo/lzChbi2NYLW9cEgmn3cAXm/Ir8
mLY2Y1QkTwgsAN27VL6gPct8eAnVu8WTRH1zhe2Qt/sG/DTRAE6y/02AtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOpSj8EeqSZ4adQ69hSxiHbxdDDMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMDZsS1B3UjZwSm5ocDFEcjJGTEdJZHZGME1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQCnACRPrbBoPfE97otcEMPObcHIZPFajsFFsab4RUu8
4AUaCMsvyE6Sm1JZ5tg/Ecf9HjQfJ3x27KTW+PtOpBkXiO6M/SqYaCVwKDUpbrvb
pVyX360VOyPpp7Tqq3kRhP45YA2ZGLMVQ64cvpWUEUPoFfuGNAfMCN1hjhwoYSj6
WeGlynB4AAYDhrTz1N/YOpXDwUMgO695CPAnWfpGUYq1de64uce5vL69kr2C5d3p
sZF6g00MBDxa1NnMLWKA7lGF61Y6Q91qVNTolQgLsSxim/QcnsYN/xIXt0/EMETX
oKsp7Io5QSv2XdikzQHadjZt/FjFD6agN7WgIUsvsqK3
-----END CERTIFICATE-----