This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/IpDWemiKZaoNjPq8sGaXonGJiZs.roa
File:                     IpDWemiKZaoNjPq8sGaXonGJiZs.roa (raw, json)
Hash identifier:          YKtm+mGbMhfEBjfoqQxcFI/Ylp5SqVpR111OSySE8/8=
Subject key identifier:   22:90:D6:7A:68:8A:65:AA:0D:8C:FA:BC:B0:66:97:A2:71:89:89:9B
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA48D3D554CA7A7A271C4FB2532D93C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/IpDWemiKZaoNjPq8sGaXonGJiZs.roa
Signing time:             Thu 01 Jan 2026 22:19:00 +0000
ROA not before:           Thu 01 Jan 2026 22:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35751
IP address blocks:        45.133.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:8d:3d:55:4c:a7:a7:a2:71:c4:fb:25:32:d9:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2290d67a688a65aa0d8cfabcb06697a27189899b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:fe:a2:27:1a:38:76:9f:f6:75:6a:c6:f9:1e:
                    09:37:10:33:10:72:b6:31:e7:63:47:80:4c:4b:bd:
                    b9:f5:91:2f:ff:1c:72:3e:9f:f4:04:d5:00:48:6b:
                    32:8f:8a:46:c3:4a:b2:3a:90:e7:15:2d:2a:30:fb:
                    1b:29:97:6a:80:3b:f3:26:e5:c4:b4:a4:5c:55:64:
                    18:b2:af:e0:be:c1:2f:8d:ff:8a:e3:83:57:8c:71:
                    3b:f0:1c:d6:47:a9:1c:0e:9f:02:24:ca:49:77:26:
                    cb:6c:6b:2c:38:7c:aa:0d:0f:6a:5e:8c:37:45:42:
                    02:4e:07:7f:44:3a:7c:2f:7c:4a:89:8d:03:69:15:
                    27:cd:00:3a:a7:51:b4:4b:90:96:8d:c2:1b:66:65:
                    63:b7:81:2a:3f:2f:be:71:85:70:0a:7a:63:10:e0:
                    b9:dc:06:4b:25:0b:aa:46:5d:37:0c:45:c9:42:ef:
                    82:20:ad:47:e3:4c:5e:b5:c3:34:fc:a3:d9:38:fb:
                    ba:97:71:8f:0d:a8:b7:f9:0b:c5:77:16:ed:56:b0:
                    05:9b:3d:fa:7b:c1:52:f9:df:08:a7:79:74:d7:85:
                    44:55:d0:8e:0a:59:65:b7:0a:fc:92:d5:a8:1f:8e:
                    ed:dd:0d:be:89:b3:39:01:49:77:f1:f6:05:04:79:
                    07:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:90:D6:7A:68:8A:65:AA:0D:8C:FA:BC:B0:66:97:A2:71:89:89:9B
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/IpDWemiKZaoNjPq8sGaXonGJiZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:a4:68:08:b3:46:89:19:6b:82:d1:df:b0:f2:5f:c7:df:02:
         ed:df:09:12:da:55:e2:11:5e:ce:c5:3e:e6:20:17:1b:79:a5:
         a4:74:bc:5b:b3:32:f3:9d:d4:42:21:78:7b:6a:35:8e:d8:49:
         85:1e:4a:2e:7d:0d:c3:28:e1:9b:a0:a8:59:6c:bf:07:82:12:
         ca:82:c4:a4:32:00:e9:a5:d1:e0:75:9d:8c:3a:e3:71:84:99:
         77:e7:a0:9b:c4:db:14:d1:38:19:d8:90:d3:8e:5c:90:b5:f3:
         c3:b8:9b:cb:15:94:38:d2:e2:cf:f7:22:6c:08:30:90:14:1e:
         0f:cb:2e:26:0c:a8:10:07:be:13:a6:94:33:3d:bc:f1:b3:b8:
         1b:7b:ed:6b:56:22:7e:68:e9:a2:71:16:63:51:05:41:8f:30:
         67:a4:80:c8:72:f6:eb:b3:cd:b5:22:39:af:06:2c:65:e1:94:
         14:aa:3a:ba:3e:25:52:0a:12:cf:62:3b:fa:1f:23:35:34:af:
         84:06:cd:f2:68:d7:5f:a5:85:16:c2:ec:66:c9:9e:f4:76:4c:
         4b:14:b8:88:a2:21:6a:3b:7b:84:93:bc:27:92:40:23:46:b5:
         85:b3:06:dd:0f:34:85:22:0e:5c:72:a7:bb:95:67:85:c5:a4:
         de:04:ae:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pI09VUynp6JxxPslMtk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjkwZDY3YTY4OGE2NWFhMGQ4Y2ZhYmNiMDY2OTdhMjcxODk4OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1v6iJxo4dp/2dWrG+R4JNxAzEHK2
MedjR4BMS7259ZEv/xxyPp/0BNUASGsyj4pGw0qyOpDnFS0qMPsbKZdqgDvzJuXE
tKRcVWQYsq/gvsEvjf+K44NXjHE78BzWR6kcDp8CJMpJdybLbGssOHyqDQ9qXow3
RUICTgd/RDp8L3xKiY0DaRUnzQA6p1G0S5CWjcIbZmVjt4EqPy++cYVwCnpjEOC5
3AZLJQuqRl03DEXJQu+CIK1H40xetcM0/KPZOPu6l3GPDai3+QvFdxbtVrAFmz36
e8FS+d8Ip3l014VEVdCOCllltwr8ktWoH47t3Q2+ibM5AUl38fYFBHkHxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKQ1npoimWqDYz6vLBml6JxiYmbMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvSXBEV2VtaUtaYW9OalBxOHNHYVhvbkdKaVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYUgMA0G
CSqGSIb3DQEBCwUAA4IBAQAmpGgIs0aJGWuC0d+w8l/H3wLt3wkS2lXiEV7OxT7m
IBcbeaWkdLxbszLzndRCIXh7ajWO2EmFHkoufQ3DKOGboKhZbL8HghLKgsSkMgDp
pdHgdZ2MOuNxhJl356CbxNsU0TgZ2JDTjlyQtfPDuJvLFZQ40uLP9yJsCDCQFB4P
yy4mDKgQB74TppQzPbzxs7gbe+1rViJ+aOmicRZjUQVBjzBnpIDIcvbrs821Ijmv
Bixl4ZQUqjq6PiVSChLPYjv6HyM1NK+EBs3yaNdfpYUWwuxmyZ70dkxLFLiIoiFq
O3uEk7wnkkAjRrWFswbdDzSFIg5ccqe7lWeFxaTeBK6p
-----END CERTIFICATE-----