This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aRaQGF4OU7ov0kgWYfxHy_1p2I0.roa
File:                     aRaQGF4OU7ov0kgWYfxHy_1p2I0.roa (raw, json)
Hash identifier:          p5laNGVBz4z3W1UncklKsUanx36gjphgyPC4lveABk8=
Subject key identifier:   69:16:90:18:5E:0E:53:BA:2F:D2:48:16:61:FC:47:CB:FD:69:D8:8D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA4A20F25AE4CC9E4EE3A2FB2A16E37
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aRaQGF4OU7ov0kgWYfxHy_1p2I0.roa
Signing time:             Thu 01 Jan 2026 22:19:05 +0000
ROA not before:           Thu 01 Jan 2026 22:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        45.135.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:a2:0f:25:ae:4c:c9:e4:ee:3a:2f:b2:a1:6e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=691690185e0e53ba2fd2481661fc47cbfd69d88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d7:2d:5d:57:b6:f2:0e:b8:0c:f8:60:17:c9:
                    ca:2f:50:c4:a5:10:64:54:1e:a4:15:39:f0:ee:e1:
                    ef:45:b7:1d:c8:97:a1:e4:f6:d3:ba:e0:59:0d:e3:
                    c6:1a:cc:0b:c2:07:2d:db:05:fa:b7:3a:42:82:81:
                    11:99:a8:78:85:d0:2a:b2:f5:71:4a:01:cf:bf:f4:
                    3d:76:77:79:2f:0a:b6:38:3e:38:21:dc:83:bd:34:
                    41:5c:2c:b9:7b:39:e2:e0:ab:a5:ed:04:af:96:6a:
                    a1:db:6c:25:30:16:9c:c6:b8:6b:18:c4:da:c1:16:
                    ec:87:43:83:78:bb:f8:59:8b:26:b1:75:23:1f:37:
                    5d:3c:60:58:ea:c6:98:16:33:95:33:cc:b7:ae:65:
                    48:a4:6a:f8:20:d4:ce:92:70:b3:8c:1c:65:bd:76:
                    5f:07:67:77:be:9f:d3:5b:48:0d:77:fe:eb:61:61:
                    e5:14:08:1a:b3:79:05:54:f8:e0:fd:ff:cb:3f:7c:
                    b8:79:6d:c3:2e:41:93:78:8a:79:aa:73:db:a8:fa:
                    c0:56:e0:eb:f8:d0:3d:49:fb:b8:ed:39:bc:f0:69:
                    e8:9a:d1:15:5b:7e:bb:4c:b4:29:6c:ed:6f:09:a4:
                    96:80:80:a7:11:8e:85:13:56:1e:4e:96:82:88:ef:
                    e3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:16:90:18:5E:0E:53:BA:2F:D2:48:16:61:FC:47:CB:FD:69:D8:8D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/aRaQGF4OU7ov0kgWYfxHy_1p2I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:71:bc:d0:e1:74:5c:79:f9:9a:d9:6a:05:31:f7:1b:a6:96:
         f6:fa:66:23:35:19:34:8e:8c:f1:36:c6:67:99:13:ee:8d:81:
         3d:3c:1c:e6:c7:22:62:25:a6:f1:b5:31:c5:23:8c:7f:1b:93:
         41:57:13:1c:04:4f:24:da:ce:0a:b1:93:d7:42:ea:49:db:3d:
         33:27:53:3a:2a:4e:1a:56:42:41:79:e9:b7:b1:9b:4d:b9:49:
         39:d8:88:73:b9:40:5b:e3:f0:6f:06:2c:bb:94:b3:f4:a6:86:
         cc:bb:7b:ce:43:d9:bd:e4:67:3f:e7:b2:28:ad:de:33:78:8a:
         0f:6b:a3:76:71:15:5c:8a:10:14:93:68:4e:3c:71:45:cf:f6:
         b3:ed:3c:24:08:85:ee:b9:84:5c:86:9d:0e:c2:ee:4e:9b:a9:
         dd:1b:0e:ff:13:49:48:24:20:fb:37:95:e2:b0:79:fa:2a:ca:
         4e:42:df:b3:fd:60:e6:30:57:81:23:23:55:3f:33:d7:a0:31:
         68:61:4e:04:15:81:06:23:00:19:68:5f:65:2b:18:fc:e8:8b:
         66:98:2f:e2:d8:53:89:31:7f:6b:aa:2e:3a:83:e1:9f:03:48:
         43:51:64:e6:46:c7:40:31:8f:67:2d:f1:00:97:0e:98:55:89:
         92:52:92:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pKIPJa5MyeTuOi+yoW43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTE2OTAxODVlMGU1M2JhMmZkMjQ4MTY2MWZjNDdjYmZkNjlkODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNctXVe28g64DPhgF8nKL1DEpRBk
VB6kFTnw7uHvRbcdyJeh5PbTuuBZDePGGswLwgct2wX6tzpCgoERmah4hdAqsvVx
SgHPv/Q9dnd5Lwq2OD44IdyDvTRBXCy5ezni4Kul7QSvlmqh22wlMBacxrhrGMTa
wRbsh0ODeLv4WYsmsXUjHzddPGBY6saYFjOVM8y3rmVIpGr4INTOknCzjBxlvXZf
B2d3vp/TW0gNd/7rYWHlFAgas3kFVPjg/f/LP3y4eW3DLkGTeIp5qnPbqPrAVuDr
+NA9Sfu47Tm88GnomtEVW367TLQpbO1vCaSWgICnEY6FE1YeTpaCiO/jqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkWkBheDlO6L9JIFmH8R8v9adiNMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvYVJhUUdGNE9VN292MGtnV1lmeEh5XzFwMkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfrMA0G
CSqGSIb3DQEBCwUAA4IBAQAzcbzQ4XRcefma2WoFMfcbppb2+mYjNRk0jozxNsZn
mRPujYE9PBzmxyJiJabxtTHFI4x/G5NBVxMcBE8k2s4KsZPXQupJ2z0zJ1M6Kk4a
VkJBeem3sZtNuUk52IhzuUBb4/BvBiy7lLP0pobMu3vOQ9m95Gc/57Iord4zeIoP
a6N2cRVcihAUk2hOPHFFz/az7TwkCIXuuYRchp0Owu5Om6ndGw7/E0lIJCD7N5Xi
sHn6KspOQt+z/WDmMFeBIyNVPzPXoDFoYU4EFYEGIwAZaF9lKxj86ItmmC/i2FOJ
MX9rqi46g+GfA0hDUWTmRsdAMY9nLfEAlw6YVYmSUpLK
-----END CERTIFICATE-----