This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/semdbfvd3TfnGahfQ-_MnPsyXVY.roa
File:                     semdbfvd3TfnGahfQ-_MnPsyXVY.roa (raw, json)
Hash identifier:          K9glb2D2qochPPxOstvTUytekMPlr9ObTuDnHNr8nXk=
Subject key identifier:   B1:E9:9D:6D:FB:DD:DD:37:E7:19:A8:5F:43:EF:CC:9C:FB:32:5D:56
Certificate issuer:       /CN=143239651db6aab1bcb67325f785b5ee1f4025cb
Certificate serial:       019B7B356DA23C391D75C9A75D7656C3DC83
Authority key identifier: 14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/semdbfvd3TfnGahfQ-_MnPsyXVY.roa
Signing time:             Thu 01 Jan 2026 20:17:37 +0000
ROA not before:           Thu 01 Jan 2026 20:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210538
IP address blocks:        45.155.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:6d:a2:3c:39:1d:75:c9:a7:5d:76:56:c3:dc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143239651db6aab1bcb67325f785b5ee1f4025cb
        Validity
            Not Before: Jan  1 20:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1e99d6dfbdddd37e719a85f43efcc9cfb325d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:47:ca:5f:44:53:58:f0:d8:c1:d3:52:6b:
                    7b:a9:37:d8:e2:98:71:4c:83:41:ab:25:f1:ae:28:
                    1b:e1:17:f7:96:fd:ad:c0:5b:a6:29:97:66:3a:46:
                    b5:52:c8:6c:d2:6e:5d:a6:eb:85:5a:5f:16:54:36:
                    1d:72:23:d5:96:e6:81:ce:bf:fa:b5:95:75:e6:c1:
                    25:9f:31:62:1c:70:b7:27:03:ce:5f:0e:3d:1f:85:
                    56:af:5d:35:b3:5c:82:2d:d5:ac:23:bf:76:74:09:
                    05:f1:54:30:15:07:52:c1:56:b6:3d:a4:21:4d:17:
                    85:c6:fe:34:c1:34:d1:f8:97:67:7c:09:17:8b:67:
                    92:de:2c:9b:67:0f:d8:e5:b0:19:a7:bd:33:f3:76:
                    1c:b1:94:19:68:93:58:3f:97:20:2c:6c:59:98:71:
                    cb:c8:cc:25:e9:63:49:9a:cc:77:be:3f:6a:c1:cf:
                    75:55:0d:b1:57:c2:be:3a:f5:d5:d2:ca:ee:37:ef:
                    0d:33:51:c1:ae:aa:81:4b:c7:ad:86:de:ff:f8:1d:
                    e8:45:42:fd:5e:97:c0:4d:4e:fb:58:3f:89:e3:f6:
                    f2:cd:df:df:08:21:eb:75:39:1f:b3:c9:27:0b:21:
                    27:ee:7f:82:56:c3:8d:9d:2d:f5:67:85:a8:52:81:
                    6c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E9:9D:6D:FB:DD:DD:37:E7:19:A8:5F:43:EF:CC:9C:FB:32:5D:56
            X509v3 Authority Key Identifier:
                keyid:14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/semdbfvd3TfnGahfQ-_MnPsyXVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ff:29:b0:9a:ad:cd:a6:dc:96:20:2b:80:aa:32:ab:1d:55:
         ca:86:be:5f:bb:b6:85:6b:f1:e2:96:72:35:41:e3:bf:ae:da:
         ce:bc:19:e7:f5:e3:ea:8c:59:42:2c:22:c9:34:90:90:dc:32:
         90:62:4e:a5:6d:da:ba:77:d2:64:de:47:d5:1e:44:6f:a3:1b:
         97:6a:ec:30:0e:21:0e:98:d2:82:25:12:6f:cf:18:f3:26:01:
         8a:0b:e4:54:17:68:4f:bb:d3:9a:36:8e:f4:f3:e3:1b:68:3f:
         04:64:ec:8a:cd:2e:33:db:46:69:56:e8:df:60:d2:6b:71:0b:
         00:e3:36:a5:e0:e9:cd:0e:34:c1:7a:4d:25:43:c7:d0:65:ce:
         8e:4c:47:8c:cf:f9:50:83:c7:7d:60:b9:67:0c:8a:05:cd:4a:
         ea:58:34:62:6c:bc:32:b1:ed:26:fc:3d:39:6b:a1:ce:ef:d2:
         be:fc:7a:57:da:ed:a8:c3:42:ba:04:78:d1:25:72:44:34:50:
         5c:2e:78:94:6f:70:fe:ba:eb:26:6b:5e:0b:eb:a6:1c:09:ab:
         f2:ea:70:1d:d1:04:11:fc:06:e3:ca:2c:5e:60:dc:8a:2d:70:
         62:f4:aa:cf:dc:42:c1:08:7f:cc:6e:dd:9f:74:f5:30:dd:ce:
         6a:e7:dd:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NW2iPDkddcmnXXZWw9yDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzIzOTY1MWRiNmFhYjFiY2I2NzMyNWY3ODViNWVlMWY0
MDI1Y2IwHhcNMjYwMTAxMjAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU5OWQ2ZGZiZGRkZDM3ZTcxOWE4NWY0M2VmY2M5Y2ZiMzI1ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOBHyl9EU1jw2MHTUmt7qTfY4phx
TINBqyXxrigb4Rf3lv2twFumKZdmOka1Ushs0m5dpuuFWl8WVDYdciPVluaBzr/6
tZV15sElnzFiHHC3JwPOXw49H4VWr101s1yCLdWsI792dAkF8VQwFQdSwVa2PaQh
TReFxv40wTTR+JdnfAkXi2eS3iybZw/Y5bAZp70z83YcsZQZaJNYP5cgLGxZmHHL
yMwl6WNJmsx3vj9qwc91VQ2xV8K+OvXV0sruN+8NM1HBrqqBS8etht7/+B3oRUL9
XpfATU77WD+J4/byzd/fCCHrdTkfs8knCyEn7n+CVsONnS31Z4WoUoFsqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHpnW373d035xmoX0PvzJz7Ml1WMB8GA1UdIwQY
MBaAFBQyOWUdtqqxvLZzJfeFte4fQCXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQt
NmVlYzc3ZDliOTg1LzEvc2VtZGJmdmQzVGZuR2FoZlEtX01uUHN5WFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQtNmVlYzc3ZDliOTg1
LzEvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZt8MA0G
CSqGSIb3DQEBCwUAA4IBAQCc/ymwmq3NptyWICuAqjKrHVXKhr5fu7aFa/HilnI1
QeO/rtrOvBnn9ePqjFlCLCLJNJCQ3DKQYk6lbdq6d9Jk3kfVHkRvoxuXauwwDiEO
mNKCJRJvzxjzJgGKC+RUF2hPu9OaNo708+MbaD8EZOyKzS4z20ZpVujfYNJrcQsA
4zal4OnNDjTBek0lQ8fQZc6OTEeMz/lQg8d9YLlnDIoFzUrqWDRibLwyse0m/D05
a6HO79K+/HpX2u2ow0K6BHjRJXJENFBcLniUb3D+uusma14L66YcCavy6nAd0QQR
/AbjyixeYNyKLXBi9KrP3ELBCH/Mbt2fdPUw3c5q590Z
-----END CERTIFICATE-----