This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/qMp9a9fZ12e7dbvzcdMaCDW60vw.roa
File:                     qMp9a9fZ12e7dbvzcdMaCDW60vw.roa (raw, json)
Hash identifier:          o7dkvXGE+57eQ04kql8R9kA6Rq92Dubxz9WCs56/6I0=
Subject key identifier:   A8:CA:7D:6B:D7:D9:D7:67:BB:75:BB:F3:71:D3:1A:08:35:BA:D2:FC
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019B7C128D3175FCD7C4E5EABCD6B245691E
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/qMp9a9fZ12e7dbvzcdMaCDW60vw.roa
Signing time:             Fri 02 Jan 2026 00:19:09 +0000
ROA not before:           Fri 02 Jan 2026 00:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55933
IP address blocks:        45.150.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 18:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:8d:31:75:fc:d7:c4:e5:ea:bc:d6:b2:45:69:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 00:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8ca7d6bd7d9d767bb75bbf371d31a0835bad2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f9:ca:28:26:9b:24:3b:23:3c:ff:12:f7:7c:
                    e0:2c:a4:52:03:db:66:24:71:38:3c:3d:2e:73:d5:
                    91:84:22:f3:8f:21:cf:55:e0:32:eb:fb:5c:0c:a1:
                    17:dd:e4:33:76:c5:1c:9f:ef:47:47:0c:87:26:21:
                    85:34:98:4f:f0:13:95:ed:23:70:c5:0d:6e:2d:33:
                    0a:65:8a:55:99:b1:2f:3b:34:5f:c2:ee:1e:b1:98:
                    2b:a9:c9:87:37:d1:75:d1:36:42:ae:c2:91:34:4b:
                    52:9d:37:8b:81:2d:8f:4f:6d:35:1c:c6:2e:44:67:
                    4d:fc:30:01:76:02:63:37:d1:0b:ec:06:b3:9c:4c:
                    a4:b9:fc:10:4c:83:44:f3:7d:da:bd:84:6c:5b:4c:
                    1f:a4:ec:c3:9c:c6:ac:21:9a:07:03:70:31:e2:ad:
                    ac:a4:ec:fe:99:c2:0d:cf:93:69:4e:83:c5:e1:43:
                    a8:ae:d0:39:6c:9e:eb:5f:b3:6b:45:d0:be:a2:7c:
                    c7:2d:6f:25:1a:95:b9:39:00:0f:98:de:c8:a5:1d:
                    08:f8:41:e0:50:6f:08:94:b9:b6:c6:87:c7:22:68:
                    a5:3d:c1:5f:fa:83:7b:2b:0e:0a:c7:e2:ca:38:71:
                    f7:d6:e2:9b:e1:8e:0d:64:a3:c5:34:27:f0:37:fa:
                    05:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CA:7D:6B:D7:D9:D7:67:BB:75:BB:F3:71:D3:1A:08:35:BA:D2:FC
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/qMp9a9fZ12e7dbvzcdMaCDW60vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:48:e8:e4:79:40:53:6d:c8:f7:65:da:eb:8c:f9:de:af:19:
         cf:39:07:28:c0:2e:a7:8c:42:79:d3:db:c6:8f:e9:07:89:e7:
         84:cb:e8:83:71:72:b6:15:a6:a3:be:fc:b1:1f:15:35:79:10:
         98:ee:b3:b7:96:f0:82:70:70:4a:13:0b:c6:8f:48:87:81:db:
         db:df:52:75:b8:26:21:59:58:ce:55:17:e1:ae:ad:45:d8:4c:
         fc:2b:2b:26:28:7f:b3:a5:39:82:b2:23:21:32:9f:d5:30:0e:
         93:26:66:b8:9e:ed:1d:bc:bd:c5:10:39:89:69:f2:f0:00:20:
         f4:e5:0d:bd:57:7e:e2:a0:4c:bc:ca:5c:95:17:c0:22:37:99:
         fc:31:97:fc:2c:f4:fc:c9:1e:c3:79:7b:2c:a6:ac:25:8b:55:
         f1:ec:09:23:cd:78:54:80:33:6e:a6:68:ad:7f:a6:12:e4:31:
         2a:0b:11:05:78:76:16:cb:37:a4:7f:98:4b:16:32:4f:c2:e0:
         ab:af:a6:f7:aa:53:d0:f1:93:5f:fc:dc:7d:24:e0:c9:aa:bc:
         df:82:9d:4a:e1:40:24:0b:35:84:5c:49:d5:b3:d9:01:70:ba:
         d4:ff:ef:d4:09:41:57:2f:9a:fd:ff:71:27:53:d2:20:3c:c3:
         01:5a:32:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eo0xdfzXxOXqvNayRWkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjYwMTAyMDAxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGNhN2Q2YmQ3ZDlkNzY3YmI3NWJiZjM3MWQzMWEwODM1YmFkMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPnKKCabJDsjPP8S93zgLKRSA9tm
JHE4PD0uc9WRhCLzjyHPVeAy6/tcDKEX3eQzdsUcn+9HRwyHJiGFNJhP8BOV7SNw
xQ1uLTMKZYpVmbEvOzRfwu4esZgrqcmHN9F10TZCrsKRNEtSnTeLgS2PT201HMYu
RGdN/DABdgJjN9EL7AaznEykufwQTINE833avYRsW0wfpOzDnMasIZoHA3Ax4q2s
pOz+mcINz5NpToPF4UOortA5bJ7rX7NrRdC+onzHLW8lGpW5OQAPmN7IpR0I+EHg
UG8IlLm2xofHImilPcFf+oN7Kw4Kx+LKOHH31uKb4Y4NZKPFNCfwN/oFEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjKfWvX2ddnu3W783HTGgg1utL8MB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvcU1wOWE5ZloxMmU3ZGJ2emNkTWFDRFc2MHZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZbsMA0G
CSqGSIb3DQEBCwUAA4IBAQCNSOjkeUBTbcj3ZdrrjPnerxnPOQcowC6njEJ509vG
j+kHieeEy+iDcXK2FaajvvyxHxU1eRCY7rO3lvCCcHBKEwvGj0iHgdvb31J1uCYh
WVjOVRfhrq1F2Ez8KysmKH+zpTmCsiMhMp/VMA6TJma4nu0dvL3FEDmJafLwACD0
5Q29V37ioEy8ylyVF8AiN5n8MZf8LPT8yR7DeXsspqwli1Xx7AkjzXhUgDNupmit
f6YS5DEqCxEFeHYWyzekf5hLFjJPwuCrr6b3qlPQ8ZNf/Nx9JODJqrzfgp1K4UAk
CzWEXEnVs9kBcLrU/+/UCUFXL5r9/3EnU9IgPMMBWjJG
-----END CERTIFICATE-----