This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/ZULgnv1vUcaSRPHBt3f8yab0O9c.roa
File:                     ZULgnv1vUcaSRPHBt3f8yab0O9c.roa (raw, json)
Hash identifier:          jtGw6spAwbZMxk291AkgPgYHxkEjP4bXMfp0PoEj1w4=
Subject key identifier:   65:42:E0:9E:FD:6F:51:C6:92:44:F1:C1:B7:77:FC:C9:A6:F4:3B:D7
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA49FE6C312A6B6F67AD4378EE2FA7B
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/ZULgnv1vUcaSRPHBt3f8yab0O9c.roa
Signing time:             Thu 01 Jan 2026 22:19:05 +0000
ROA not before:           Thu 01 Jan 2026 22:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202999
IP address blocks:        45.130.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:9f:e6:c3:12:a6:b6:f6:7a:d4:37:8e:e2:fa:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6542e09efd6f51c69244f1c1b777fcc9a6f43bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b1:b6:e4:e7:b9:66:37:59:80:76:05:fa:c3:
                    fc:b2:a2:bc:0f:7e:f6:5e:3a:53:8d:3e:02:0a:20:
                    f4:2c:d6:bb:ca:a9:b7:4a:0e:c4:f4:e9:60:b6:84:
                    e6:32:4e:91:08:40:77:02:06:3e:8f:6e:17:50:4b:
                    10:25:94:38:4d:d7:c9:13:2b:e6:ad:4e:8f:d7:5a:
                    51:6b:80:39:37:f4:37:bc:d9:86:83:ab:6c:aa:66:
                    fc:13:73:c7:9d:3f:7b:6f:99:5f:cf:11:94:f3:df:
                    dd:39:33:0c:2e:f7:0c:cf:4b:de:75:de:8e:2b:06:
                    6c:d7:38:f4:ef:cf:26:a3:df:20:63:99:a2:62:9b:
                    d9:f7:bc:05:4f:ce:fc:04:51:1e:d0:7d:91:fd:4c:
                    5c:0b:ed:68:f3:7f:51:09:74:71:f6:4f:5c:74:37:
                    29:54:04:c6:e4:4f:70:12:5c:cb:77:05:76:bc:7e:
                    9f:92:3d:1b:ab:91:73:af:15:86:3b:23:9f:33:2b:
                    ea:6e:61:d2:2b:8b:aa:e0:41:e1:1a:81:ca:13:86:
                    5a:c7:08:c1:fa:fe:f7:e4:e7:51:60:b9:04:d3:9b:
                    75:74:45:55:12:7a:cf:33:a6:21:e4:72:78:d7:d4:
                    59:c3:66:83:e5:20:7a:09:49:d0:84:ae:01:4b:c2:
                    cb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:42:E0:9E:FD:6F:51:C6:92:44:F1:C1:B7:77:FC:C9:A6:F4:3B:D7
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/ZULgnv1vUcaSRPHBt3f8yab0O9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f4:96:f1:b1:23:1a:fd:1d:a5:57:47:3d:c2:64:72:66:ca:
         d7:23:f5:7f:27:c8:16:2a:18:62:a0:23:6d:14:34:eb:96:97:
         34:52:c1:12:7d:73:96:18:d3:5f:b6:1a:30:e4:73:8b:33:ef:
         1b:98:74:49:64:8f:13:0a:b1:39:2f:f8:df:10:b1:76:13:e2:
         bd:36:22:4c:79:b5:30:f3:80:00:35:02:eb:2e:fc:fb:0c:91:
         00:9a:2c:ec:61:47:12:1b:89:46:c2:3a:69:de:9f:c6:dc:1b:
         cc:96:62:2b:c0:17:80:f8:b6:aa:c6:1f:8a:ba:41:d6:6d:c4:
         10:69:8b:93:5e:01:16:7a:f0:9f:eb:68:ae:5e:37:6a:09:8b:
         49:d3:e3:b4:5f:84:34:c3:10:9d:c3:5b:72:09:59:8a:a3:25:
         f0:25:77:8c:bd:d7:fc:95:41:40:3b:a3:14:0a:d6:6d:d6:0c:
         ff:5e:5d:78:e9:1b:6c:3d:32:ca:64:1e:19:c7:11:c3:3c:d3:
         22:61:e7:e1:76:f6:52:95:84:29:a5:36:21:54:b7:13:66:75:
         0e:8d:1c:31:36:6c:d2:e9:55:ba:c9:71:9b:94:d0:34:e0:0f:
         22:9f:42:7d:1d:04:c9:ad:4a:6b:1c:a3:8c:73:3c:60:8f:9b:
         8e:17:60:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pJ/mwxKmtvZ61DeO4vp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQyZTA5ZWZkNmY1MWM2OTI0NGYxYzFiNzc3ZmNjOWE2ZjQzYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrG25Oe5ZjdZgHYF+sP8sqK8D372
XjpTjT4CCiD0LNa7yqm3Sg7E9OlgtoTmMk6RCEB3AgY+j24XUEsQJZQ4TdfJEyvm
rU6P11pRa4A5N/Q3vNmGg6tsqmb8E3PHnT97b5lfzxGU89/dOTMMLvcMz0vedd6O
KwZs1zj0788mo98gY5miYpvZ97wFT878BFEe0H2R/UxcC+1o839RCXRx9k9cdDcp
VATG5E9wElzLdwV2vH6fkj0bq5FzrxWGOyOfMyvqbmHSK4uq4EHhGoHKE4ZaxwjB
+v735OdRYLkE05t1dEVVEnrPM6Yh5HJ419RZw2aD5SB6CUnQhK4BS8LL9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVC4J79b1HGkkTxwbd3/Mmm9DvXMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvWlVMZ252MXZVY2FTUlBIQnQzZjh5YWIwTzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYKVMA0G
CSqGSIb3DQEBCwUAA4IBAQBv9JbxsSMa/R2lV0c9wmRyZsrXI/V/J8gWKhhioCNt
FDTrlpc0UsESfXOWGNNfthow5HOLM+8bmHRJZI8TCrE5L/jfELF2E+K9NiJMebUw
84AANQLrLvz7DJEAmizsYUcSG4lGwjpp3p/G3BvMlmIrwBeA+Laqxh+KukHWbcQQ
aYuTXgEWevCf62iuXjdqCYtJ0+O0X4Q0wxCdw1tyCVmKoyXwJXeMvdf8lUFAO6MU
CtZt1gz/Xl146RtsPTLKZB4ZxxHDPNMiYefhdvZSlYQppTYhVLcTZnUOjRwxNmzS
6VW6yXGblNA04A8in0J9HQTJrUprHKOMczxgj5uOF2Dl
-----END CERTIFICATE-----