This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/kLlSZbzpmsYIvWwfO8jg_8rW4tQ.roa
File:                     kLlSZbzpmsYIvWwfO8jg_8rW4tQ.roa (raw, json)
Hash identifier:          12QL3G7J65T63O8QiRkOFH0drKrRxRKrU7LN/3R4Z+U=
Subject key identifier:   90:B9:52:65:BC:E9:9A:C6:08:BD:6C:1F:3B:C8:E0:FF:CA:D6:E2:D4
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019B7A5B0372274DE254B811C417405A9FF0
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/kLlSZbzpmsYIvWwfO8jg_8rW4tQ.roa
Signing time:             Thu 01 Jan 2026 16:19:03 +0000
ROA not before:           Thu 01 Jan 2026 16:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        45.11.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:03:72:27:4d:e2:54:b8:11:c4:17:40:5a:9f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 16:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90b95265bce99ac608bd6c1f3bc8e0ffcad6e2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:74:87:2d:c2:a7:92:b9:21:c0:22:0a:77:e0:
                    6d:b4:b9:f9:fc:7f:10:73:89:7d:d8:ec:93:cf:3a:
                    24:aa:25:f9:e0:06:23:07:ec:47:66:c7:45:79:65:
                    92:f6:af:9b:c6:02:ef:e2:c1:91:b8:57:65:e5:f7:
                    10:3c:cb:63:af:75:95:34:85:8b:d1:4d:83:ad:24:
                    e4:06:a0:c1:10:73:e5:2c:57:7f:76:56:af:14:c5:
                    83:7d:ea:43:c2:aa:94:e2:b5:d2:31:7d:fc:b0:5a:
                    d3:29:aa:4b:7a:cd:29:f4:ae:d6:9a:72:83:18:4c:
                    8c:61:45:8b:f3:a6:c6:c6:21:3f:52:54:61:4b:90:
                    2a:d0:75:fa:93:37:b5:a3:e0:1a:73:2e:56:16:56:
                    d8:37:7a:f2:14:ee:93:87:13:3c:b0:65:e1:f6:82:
                    1c:d7:dc:84:af:c5:2d:6a:c3:6e:75:03:92:1c:91:
                    9d:07:3b:a3:e3:b9:58:a6:cb:9f:d1:a9:3f:4a:c2:
                    3b:57:d0:08:0b:c1:44:05:c7:b5:5f:d2:be:cc:9b:
                    84:d6:11:b4:a4:8b:a0:a0:cc:80:0f:d6:5e:80:1f:
                    3a:d9:53:92:e8:3e:3b:18:69:6d:fb:6b:55:60:30:
                    54:61:be:ba:b6:57:fa:e2:ee:b6:70:3b:91:d5:72:
                    a1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B9:52:65:BC:E9:9A:C6:08:BD:6C:1F:3B:C8:E0:FF:CA:D6:E2:D4
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/kLlSZbzpmsYIvWwfO8jg_8rW4tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:5f:7c:a3:8e:5c:e2:80:ac:34:1a:69:68:11:5f:9a:6e:23:
         f1:bf:27:3e:30:05:39:22:e8:65:93:25:a7:fd:6e:e8:ed:7c:
         c3:e6:47:41:d2:40:2c:63:54:dd:4a:ff:e1:cd:31:5d:c9:72:
         ed:a2:eb:49:5e:4c:17:0d:73:df:52:7b:b3:1b:52:d5:d2:aa:
         1d:8e:c2:fb:27:6b:86:b8:a3:b2:63:d2:84:d3:89:b4:9f:cb:
         61:98:13:41:eb:b0:ca:c1:24:0a:8b:df:16:3e:51:6a:cf:0a:
         6f:60:12:ca:73:57:4e:6f:42:ef:a1:d1:b0:1c:6e:b4:ba:07:
         25:05:82:e1:e6:29:3c:c6:66:dc:39:d2:0f:e5:f4:9e:3d:5b:
         ac:4f:a3:d7:e2:3c:c9:42:da:5f:8d:d9:92:91:cf:4c:8c:3f:
         8a:4e:89:60:b0:db:16:ca:99:c9:6c:db:79:c1:ce:61:39:a4:
         46:3d:eb:ad:e9:1b:17:52:d6:24:e7:2e:84:44:c9:a0:49:75:
         ed:2e:00:0d:6e:6e:ea:0f:25:ca:4c:bf:de:ca:03:ed:ec:3c:
         f9:d8:0e:1d:1d:9c:e6:fc:62:e8:83:e7:29:54:4a:51:b6:7c:
         69:f0:1e:43:f5:65:4d:41:c5:47:35:d0:e0:5b:55:dc:37:9c:
         df:99:36:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwNyJ03iVLgRxBdAWp/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwMTAxMTYxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI5NTI2NWJjZTk5YWM2MDhiZDZjMWYzYmM4ZTBmZmNhZDZlMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnSHLcKnkrkhwCIKd+BttLn5/H8Q
c4l92OyTzzokqiX54AYjB+xHZsdFeWWS9q+bxgLv4sGRuFdl5fcQPMtjr3WVNIWL
0U2DrSTkBqDBEHPlLFd/dlavFMWDfepDwqqU4rXSMX38sFrTKapLes0p9K7WmnKD
GEyMYUWL86bGxiE/UlRhS5Aq0HX6kze1o+Aacy5WFlbYN3ryFO6ThxM8sGXh9oIc
19yEr8UtasNudQOSHJGdBzuj47lYpsuf0ak/SsI7V9AIC8FEBce1X9K+zJuE1hG0
pIugoMyAD9ZegB862VOS6D47GGlt+2tVYDBUYb66tlf64u62cDuR1XKhbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC5UmW86ZrGCL1sHzvI4P/K1uLUMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEva0xsU1pienBtc1lJdld3Zk84amdfOHJXNHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu7MA0G
CSqGSIb3DQEBCwUAA4IBAQCdX3yjjlzigKw0GmloEV+abiPxvyc+MAU5IuhlkyWn
/W7o7XzD5kdB0kAsY1TdSv/hzTFdyXLtoutJXkwXDXPfUnuzG1LV0qodjsL7J2uG
uKOyY9KE04m0n8thmBNB67DKwSQKi98WPlFqzwpvYBLKc1dOb0LvodGwHG60ugcl
BYLh5ik8xmbcOdIP5fSePVusT6PX4jzJQtpfjdmSkc9MjD+KTolgsNsWypnJbNt5
wc5hOaRGPeut6RsXUtYk5y6ERMmgSXXtLgANbm7qDyXKTL/eygPt7Dz52A4dHZzm
/GLog+cpVEpRtnxp8B5D9WVNQcVHNdDgW1XcN5zfmTaI
-----END CERTIFICATE-----