This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IMITPnZtk7ucBVUUN9aOLj4pgv8.roa
File:                     IMITPnZtk7ucBVUUN9aOLj4pgv8.roa (raw, json)
Hash identifier:          9/o5s7r5dv2d4binPuGwwzlOinZbIDh1P6ubommGXks=
Subject key identifier:   20:C2:13:3E:76:6D:93:BB:9C:05:55:14:37:D6:8E:2E:3E:29:82:FF
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019B7FF1CEBD6E65FEADDA420EB2F0BB3F07
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IMITPnZtk7ucBVUUN9aOLj4pgv8.roa
Signing time:             Fri 02 Jan 2026 18:21:52 +0000
ROA not before:           Fri 02 Jan 2026 18:21:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213999
IP address blocks:        45.147.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:ce:bd:6e:65:fe:ad:da:42:0e:b2:f0:bb:3f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 18:21:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20c2133e766d93bb9c05551437d68e2e3e2982ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8c:c2:4e:b8:21:39:d9:16:d0:d9:79:f6:87:
                    73:91:b3:07:7f:c6:0d:11:81:94:9d:23:04:74:25:
                    09:d5:32:df:b6:6e:e3:f3:72:04:60:bf:4f:34:c2:
                    29:77:ed:56:52:39:f4:b4:79:1e:b6:6b:d2:66:38:
                    a6:da:46:b8:79:82:01:81:16:64:45:0a:7e:10:56:
                    93:2f:79:20:a7:e6:a7:df:f7:0f:55:7a:d5:9e:df:
                    db:18:2c:e9:72:b0:c4:e8:19:c7:82:ef:c3:c3:c7:
                    c8:9e:0e:23:09:e8:a7:17:c0:7f:7c:be:f8:01:bf:
                    12:79:c1:a9:b0:75:b6:15:b8:b3:a8:0a:43:da:b9:
                    4e:df:6a:74:0e:5e:f6:0b:e5:2e:a1:18:41:b4:ab:
                    90:6b:00:b2:ae:0c:d5:5c:e0:d7:1e:cf:0d:a0:dc:
                    02:1d:a5:bd:d1:67:8d:75:97:cd:ec:51:a8:bf:98:
                    93:73:ac:2e:20:d1:01:d9:17:bb:e6:f7:61:7d:ab:
                    45:ed:45:f5:98:2a:ff:94:19:00:e4:d6:94:33:cb:
                    72:a1:60:4b:ea:2d:7f:fd:ee:57:cf:27:b5:0b:24:
                    93:b1:59:55:68:3d:3d:7c:10:45:83:23:98:0a:0c:
                    fd:ba:99:fc:3a:43:a8:6b:19:2a:d5:61:a9:3e:58:
                    47:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C2:13:3E:76:6D:93:BB:9C:05:55:14:37:D6:8E:2E:3E:29:82:FF
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IMITPnZtk7ucBVUUN9aOLj4pgv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f3:76:e9:cd:4f:81:a2:a1:d5:16:fa:0f:80:f9:41:95:f5:
         b5:0f:56:07:b4:fc:bd:71:ed:f2:2c:04:d7:8b:26:7f:aa:ff:
         e0:c8:c7:69:89:e0:c3:d1:15:56:60:eb:7d:d0:16:c6:8e:b0:
         38:ed:d3:88:76:af:d0:d0:0f:96:75:4c:e2:84:68:41:0d:89:
         28:bb:a5:d5:03:bb:97:70:6a:ac:f8:b2:b2:f8:ab:70:4f:71:
         11:90:98:f8:80:35:3f:7f:a4:2c:37:c0:20:17:06:f0:12:05:
         2d:97:c4:a9:db:4f:f2:be:f6:0f:4c:00:eb:47:af:d4:cc:d6:
         e8:07:84:e7:b4:c4:77:8e:9d:f3:5d:bc:8e:64:3b:b8:f2:d8:
         6d:28:08:07:d4:ba:4c:4b:3a:ae:5f:c9:38:ac:f8:d7:f7:6e:
         d4:12:17:04:c8:0c:95:72:87:cb:e0:ca:30:62:e5:cf:7d:3d:
         8b:9e:9c:11:2c:31:d2:3e:9f:f2:8f:5e:52:bb:72:a9:00:61:
         9e:da:24:f7:95:bc:f5:c1:29:5b:1f:dd:91:12:40:2b:04:76:
         71:1a:18:6a:79:e2:6e:9c:11:0e:f9:2d:94:a6:ee:59:4e:1c:
         78:83:ff:8b:33:fe:7a:99:d0:2e:65:fd:53:53:99:9b:95:a7:
         12:d7:f3:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8c69bmX+rdpCDrLwuz8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMTAyMTgyMTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGMyMTMzZTc2NmQ5M2JiOWMwNTU1MTQzN2Q2OGUyZTNlMjk4MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIzCTrghOdkW0Nl59odzkbMHf8YN
EYGUnSMEdCUJ1TLftm7j83IEYL9PNMIpd+1WUjn0tHketmvSZjim2ka4eYIBgRZk
RQp+EFaTL3kgp+an3/cPVXrVnt/bGCzpcrDE6BnHgu/Dw8fIng4jCeinF8B/fL74
Ab8SecGpsHW2FbizqApD2rlO32p0Dl72C+UuoRhBtKuQawCyrgzVXODXHs8NoNwC
HaW90WeNdZfN7FGov5iTc6wuINEB2Re75vdhfatF7UX1mCr/lBkA5NaUM8tyoWBL
6i1//e5Xzye1CySTsVlVaD09fBBFgyOYCgz9upn8OkOoaxkq1WGpPlhHAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDCEz52bZO7nAVVFDfWji4+KYL/MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSU1JVFBuWnRrN3VjQlZVVU45YU9MajRwZ3Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMfMA0G
CSqGSIb3DQEBCwUAA4IBAQB383bpzU+BoqHVFvoPgPlBlfW1D1YHtPy9ce3yLATX
iyZ/qv/gyMdpieDD0RVWYOt90BbGjrA47dOIdq/Q0A+WdUzihGhBDYkou6XVA7uX
cGqs+LKy+KtwT3ERkJj4gDU/f6QsN8AgFwbwEgUtl8Sp20/yvvYPTADrR6/UzNbo
B4TntMR3jp3zXbyOZDu48thtKAgH1LpMSzquX8k4rPjX927UEhcEyAyVcofL4Mow
YuXPfT2LnpwRLDHSPp/yj15Su3KpAGGe2iT3lbz1wSlbH92REkArBHZxGhhqeeJu
nBEO+S2Upu5ZThx4g/+LM/56mdAuZf1TU5mblacS1/MV
-----END CERTIFICATE-----