This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8Go9HdfslzEYYhsG162QyXxlPrg.roa
File:                     8Go9HdfslzEYYhsG162QyXxlPrg.roa (raw, json)
Hash identifier:          Z3SgqSpV46u7mlUHzliku+RypQp4wBZXxjHASyqRXL8=
Subject key identifier:   F0:6A:3D:1D:D7:EC:97:31:18:62:1B:06:D7:AD:90:C9:7C:65:3E:B8
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       019B7C7FDB5FDAA8C6FA2E484DFC9DB40815
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8Go9HdfslzEYYhsG162QyXxlPrg.roa
Signing time:             Fri 02 Jan 2026 02:18:32 +0000
ROA not before:           Fri 02 Jan 2026 02:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        45.129.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:db:5f:da:a8:c6:fa:2e:48:4d:fc:9d:b4:08:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  2 02:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f06a3d1dd7ec973118621b06d7ad90c97c653eb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c0:f9:9e:9c:d2:e5:83:0f:91:a2:9b:ae:3b:
                    73:ce:32:c4:8d:41:c5:4d:d4:b3:5a:77:be:6f:42:
                    a9:89:24:24:bf:28:e8:7c:28:16:d1:5c:25:b1:12:
                    07:02:82:4e:7a:56:7b:a5:70:5c:28:3f:fc:84:99:
                    c8:2b:37:79:2b:85:03:2d:26:91:f3:de:b6:66:b9:
                    d7:d7:77:9e:a1:f4:8d:b0:2d:0c:d5:c3:75:37:ff:
                    81:02:d8:12:e7:f1:23:41:ff:17:95:2c:3e:a8:8c:
                    d0:3c:52:3d:17:22:96:a8:1b:74:ef:72:7a:b4:1c:
                    f8:a9:3f:82:99:e9:18:f3:d0:ad:65:8c:52:e2:47:
                    fa:81:59:be:ff:da:ec:fc:e9:d2:76:02:2c:4f:e6:
                    2f:12:09:cf:03:54:ac:fe:a7:f8:d9:d4:b7:fe:56:
                    80:c2:fe:e4:e4:a8:4b:1d:eb:ee:da:b0:a1:d0:83:
                    c5:59:f5:19:4f:07:4b:aa:e4:38:2e:d8:1d:9d:32:
                    b3:6d:94:80:ac:e1:a9:ff:dc:e8:86:c2:22:c4:ef:
                    3f:ea:10:3b:5b:3b:37:65:88:47:c0:7d:0e:e1:e1:
                    f2:1a:e5:b8:46:2a:a8:aa:48:66:5b:d4:2a:36:66:
                    7c:e0:b8:ba:d7:fd:9b:0f:b7:34:63:5b:46:29:d9:
                    f3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6A:3D:1D:D7:EC:97:31:18:62:1B:06:D7:AD:90:C9:7C:65:3E:B8
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8Go9HdfslzEYYhsG162QyXxlPrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:70:48:b8:f2:7a:6b:61:b0:e0:5f:ce:9b:fe:28:46:08:c9:
         1b:66:92:f8:b4:d7:14:29:6f:4d:a2:42:85:3c:a1:cd:1b:ad:
         8b:7a:25:34:f1:8e:88:69:76:2d:6a:0d:23:0f:c9:b3:b4:c3:
         fa:25:3e:f2:c2:87:43:34:12:a1:ad:8c:78:0c:56:40:fb:88:
         07:ce:6d:b5:4e:17:11:5f:5e:36:57:91:3b:23:63:d3:61:9d:
         d8:6d:df:04:d5:81:d1:cb:ef:f6:b2:25:2a:47:28:c4:2a:b7:
         b6:92:fa:5e:79:42:12:ff:73:36:55:2a:e4:84:13:a3:94:f4:
         1d:b8:8f:6d:71:7a:d6:ec:65:f6:cc:8b:e5:9c:4e:db:34:7d:
         e8:6b:6a:08:c9:04:91:7e:22:f6:1f:89:de:08:95:57:1a:ec:
         29:b1:73:da:be:41:27:41:47:68:a5:b5:81:05:d2:5a:38:fa:
         d3:68:39:66:bf:42:67:77:7c:cf:b0:f8:88:6c:35:e1:5c:50:
         0b:87:e4:69:eb:05:e3:86:d7:e4:c9:e6:69:b3:df:dc:03:43:
         ff:22:32:76:6a:bd:f1:f7:3a:63:e7:c7:ef:3d:36:85:c5:9d:
         c9:cc:5a:07:ac:36:0c:60:24:6f:56:9d:df:2f:67:af:66:bf:
         ef:75:b8:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f9tf2qjG+i5ITfydtAgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjYwMTAyMDIxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZhM2QxZGQ3ZWM5NzMxMTg2MjFiMDZkN2FkOTBjOTdjNjUzZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusD5npzS5YMPkaKbrjtzzjLEjUHF
TdSzWne+b0KpiSQkvyjofCgW0VwlsRIHAoJOelZ7pXBcKD/8hJnIKzd5K4UDLSaR
8962ZrnX13eeofSNsC0M1cN1N/+BAtgS5/EjQf8XlSw+qIzQPFI9FyKWqBt073J6
tBz4qT+CmekY89CtZYxS4kf6gVm+/9rs/OnSdgIsT+YvEgnPA1Ss/qf42dS3/laA
wv7k5KhLHevu2rCh0IPFWfUZTwdLquQ4LtgdnTKzbZSArOGp/9zohsIixO8/6hA7
Wzs3ZYhHwH0O4eHyGuW4RiqoqkhmW9QqNmZ84Li61/2bD7c0Y1tGKdnzNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBqPR3X7JcxGGIbBtetkMl8ZT64MB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvOEdvOUhkZnNsekVZWWhzRzE2MlF5WHhsUHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFdMA0G
CSqGSIb3DQEBCwUAA4IBAQAMcEi48nprYbDgX86b/ihGCMkbZpL4tNcUKW9NokKF
PKHNG62LeiU08Y6IaXYtag0jD8mztMP6JT7ywodDNBKhrYx4DFZA+4gHzm21ThcR
X142V5E7I2PTYZ3Ybd8E1YHRy+/2siUqRyjEKre2kvpeeUIS/3M2VSrkhBOjlPQd
uI9tcXrW7GX2zIvlnE7bNH3oa2oIyQSRfiL2H4neCJVXGuwpsXPavkEnQUdopbWB
BdJaOPrTaDlmv0Jnd3zPsPiIbDXhXFALh+Rp6wXjhtfkyeZps9/cA0P/IjJ2ar3x
9zpj58fvPTaFxZ3JzFoHrDYMYCRvVp3fL2evZr/vdbgV
-----END CERTIFICATE-----