This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/P2rUWmGQtbBmqctNiSQO8OXzg4I.roa
File:                     P2rUWmGQtbBmqctNiSQO8OXzg4I.roa (raw, json)
Hash identifier:          bkGnGwFiN2vuWeWrlQUo7BY3bYxabah/LiMHvh76HzA=
Subject key identifier:   3F:6A:D4:5A:61:90:B5:B0:66:A9:CB:4D:89:24:0E:F0:E5:F3:83:82
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019B7C128D856128AA16569968392075CFF6
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/P2rUWmGQtbBmqctNiSQO8OXzg4I.roa
Signing time:             Fri 02 Jan 2026 00:19:09 +0000
ROA not before:           Fri 02 Jan 2026 00:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134823
IP address blocks:        45.11.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:8d:85:61:28:aa:16:56:99:68:39:20:75:cf:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 00:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f6ad45a6190b5b066a9cb4d89240ef0e5f38382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:92:af:53:3d:31:43:79:3a:ba:67:83:97:c4:
                    34:75:63:0a:16:27:29:b6:82:d5:82:50:43:4c:2f:
                    a0:3a:85:6a:ac:ca:05:21:ed:b1:b1:49:0a:eb:b2:
                    d7:36:ca:e8:ce:c5:39:de:00:6e:e9:ae:38:ed:b5:
                    f3:55:c3:54:6d:c3:34:cb:1b:b4:e7:3d:2e:5f:88:
                    f5:19:cb:a8:b6:8e:67:e8:8a:45:ce:a5:e5:59:bc:
                    d2:97:f5:d7:3c:36:68:e1:6c:e3:ac:0b:08:ee:9b:
                    8a:21:7d:63:57:36:c0:3d:e7:57:a1:ef:b3:3a:81:
                    fb:dc:a7:10:3c:6d:21:94:df:cc:46:d1:06:95:48:
                    eb:4b:ef:4d:85:01:1c:7c:a4:9a:9d:1d:f1:03:37:
                    00:f2:87:15:1e:8b:03:3d:9b:3b:f3:73:88:21:35:
                    f9:21:b9:5a:ea:5f:48:13:3c:68:e3:d5:59:cb:97:
                    79:5c:50:83:18:e4:0f:e5:04:51:3e:95:65:09:9a:
                    9f:7a:3a:bf:0b:1d:53:a6:f0:0d:0d:42:64:91:5f:
                    ed:0e:60:a7:4a:0a:3b:43:1e:95:52:8f:7c:67:7c:
                    b5:21:0e:d7:8e:09:0b:6b:c4:83:b6:7b:09:e0:fb:
                    55:96:78:54:3f:16:e9:3d:ff:9b:d3:1d:ad:6e:96:
                    4f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6A:D4:5A:61:90:B5:B0:66:A9:CB:4D:89:24:0E:F0:E5:F3:83:82
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/P2rUWmGQtbBmqctNiSQO8OXzg4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:90:60:36:80:e8:9d:22:55:59:81:1a:47:43:a7:0d:c5:27:
         b0:6f:b7:30:90:db:49:af:fd:71:c9:28:76:6e:30:30:e1:0d:
         96:ba:c6:c2:e1:b9:49:60:ff:02:cf:2d:17:bd:50:c3:ae:ca:
         d2:c0:ad:20:5c:f8:b0:1f:dd:cc:f2:62:e6:4a:7d:02:21:03:
         48:69:ad:34:26:58:ce:60:d4:53:c6:b5:04:50:5a:a0:f9:75:
         a5:b3:7b:e2:0a:dd:c0:c3:b0:f2:56:db:32:0a:93:7d:37:b1:
         95:af:70:b9:31:fc:9f:5a:5d:e9:57:c2:90:9c:de:01:48:ee:
         68:e0:06:6b:3f:6f:83:b2:6c:b1:5e:4c:53:75:3c:30:a7:03:
         cc:83:77:c7:11:99:90:09:00:4d:d3:f2:df:1a:95:37:1e:9b:
         26:ff:01:48:f4:0e:a6:31:72:6d:e7:48:38:39:5d:bd:a6:ed:
         38:9f:a2:26:80:71:77:22:f6:04:c8:46:7c:60:24:11:eb:a7:
         48:82:8b:37:8e:7c:86:64:00:2d:4b:3d:e8:04:27:a7:a3:59:
         e3:78:61:b5:a7:f7:b0:14:40:66:b7:aa:84:fc:17:d6:b0:98:
         00:bd:3b:c9:96:0d:3d:0d:14:6c:69:53:89:66:f8:7d:ee:6b:
         5f:f5:20:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eo2FYSiqFlaZaDkgdc/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwMTAyMDAxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZhZDQ1YTYxOTBiNWIwNjZhOWNiNGQ4OTI0MGVmMGU1ZjM4MzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5KvUz0xQ3k6umeDl8Q0dWMKFicp
toLVglBDTC+gOoVqrMoFIe2xsUkK67LXNsrozsU53gBu6a447bXzVcNUbcM0yxu0
5z0uX4j1Gcuoto5n6IpFzqXlWbzSl/XXPDZo4WzjrAsI7puKIX1jVzbAPedXoe+z
OoH73KcQPG0hlN/MRtEGlUjrS+9NhQEcfKSanR3xAzcA8ocVHosDPZs783OIITX5
Ibla6l9IEzxo49VZy5d5XFCDGOQP5QRRPpVlCZqfejq/Cx1TpvANDUJkkV/tDmCn
Sgo7Qx6VUo98Z3y1IQ7XjgkLa8SDtnsJ4PtVlnhUPxbpPf+b0x2tbpZPVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9q1FphkLWwZqnLTYkkDvDl84OCMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvUDJyVVdtR1F0YkJtcWN0TmlTUU84T1h6ZzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtOMA0G
CSqGSIb3DQEBCwUAA4IBAQABkGA2gOidIlVZgRpHQ6cNxSewb7cwkNtJr/1xySh2
bjAw4Q2WusbC4blJYP8Czy0XvVDDrsrSwK0gXPiwH93M8mLmSn0CIQNIaa00JljO
YNRTxrUEUFqg+XWls3viCt3Aw7DyVtsyCpN9N7GVr3C5MfyfWl3pV8KQnN4BSO5o
4AZrP2+DsmyxXkxTdTwwpwPMg3fHEZmQCQBN0/LfGpU3Hpsm/wFI9A6mMXJt50g4
OV29pu04n6ImgHF3IvYEyEZ8YCQR66dIgos3jnyGZAAtSz3oBCeno1njeGG1p/ew
FEBmt6qE/BfWsJgAvTvJlg09DRRsaVOJZvh97mtf9SCz
-----END CERTIFICATE-----