This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/Kwvod_z55fwrRW_RYmo9DsA7VRc.roa
File:                     Kwvod_z55fwrRW_RYmo9DsA7VRc.roa (raw, json)
Hash identifier:          CHlhi2uEpeLokyavWdzV+621noAdgR6SEaHKnR6rYN8=
Subject key identifier:   2B:0B:E8:77:FC:F9:E5:FC:2B:45:6F:D1:62:6A:3D:0E:C0:3B:55:17
Certificate issuer:       /CN=da24c30b3c3fe94606283fe985e9a6ba8b8fdfcb
Certificate serial:       019B7C8058743EF988C829A11C16AFDF95F5
Authority key identifier: DA:24:C3:0B:3C:3F:E9:46:06:28:3F:E9:85:E9:A6:BA:8B:8F:DF:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/Kwvod_z55fwrRW_RYmo9DsA7VRc.roa
Signing time:             Fri 02 Jan 2026 02:19:04 +0000
ROA not before:           Fri 02 Jan 2026 02:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        45.150.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:58:74:3e:f9:88:c8:29:a1:1c:16:af:df:95:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da24c30b3c3fe94606283fe985e9a6ba8b8fdfcb
        Validity
            Not Before: Jan  2 02:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b0be877fcf9e5fc2b456fd1626a3d0ec03b5517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:29:c7:f2:ea:49:e4:a5:fd:7d:4d:b4:e2:fe:
                    0b:58:81:cc:45:a1:8c:ed:5f:a8:2a:a7:3d:b0:26:
                    84:b1:3c:57:11:e3:f1:b0:9d:17:78:cc:99:f6:9e:
                    f8:99:eb:bd:57:7f:28:bc:f4:a2:2c:da:9a:6c:58:
                    02:c2:7d:87:5d:41:0d:2b:52:7d:c1:30:b1:56:26:
                    a0:72:98:1e:bc:e6:a8:cf:23:81:96:60:a4:80:6d:
                    c5:7e:3b:81:13:5b:f3:97:67:9d:f1:f5:bb:8e:43:
                    19:fc:65:0d:7d:12:eb:15:fd:c2:06:4c:67:11:68:
                    90:f1:63:d5:9c:e6:16:ff:8b:93:e0:b6:eb:bc:dd:
                    7f:b1:38:cf:b6:ae:f0:18:b2:f9:da:b3:e4:f7:89:
                    06:e4:f4:d0:7e:d8:4b:d2:bf:04:e4:7c:3f:44:2d:
                    95:e6:eb:57:25:1e:be:dc:fc:7c:0b:78:46:ea:86:
                    fb:9f:6a:63:91:3c:df:fc:8f:a5:8c:b9:da:2a:64:
                    b5:ec:05:6f:8e:e6:b8:9e:c5:f7:c1:d4:41:f6:f1:
                    f2:9d:fb:8d:62:1a:3a:ba:87:24:66:1f:0d:ba:45:
                    71:88:2c:b1:bf:ed:55:15:57:97:30:0c:5f:8e:65:
                    50:be:9f:3b:45:f4:84:75:4f:e2:9f:67:dd:90:fc:
                    2d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0B:E8:77:FC:F9:E5:FC:2B:45:6F:D1:62:6A:3D:0E:C0:3B:55:17
            X509v3 Authority Key Identifier:
                keyid:DA:24:C3:0B:3C:3F:E9:46:06:28:3F:E9:85:E9:A6:BA:8B:8F:DF:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/Kwvod_z55fwrRW_RYmo9DsA7VRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:06:b8:b1:b3:d6:a5:ac:70:bc:fb:cd:e9:5e:bf:26:1f:04:
         43:4d:2b:28:74:1e:b4:f6:f5:78:be:b1:5e:f5:bc:fa:c6:93:
         97:5d:ab:88:2c:c7:b4:9d:f4:5c:a2:70:f7:39:24:4c:c3:0f:
         4b:ee:f9:9c:2b:fa:41:3c:90:49:88:94:92:1e:02:88:eb:6d:
         3d:cf:f5:19:49:a8:aa:1f:31:44:29:2b:0b:ff:80:bf:2d:77:
         87:fc:ce:36:3c:18:57:6b:85:6d:e9:12:4d:67:30:a3:e7:fb:
         06:77:f5:27:88:15:1a:ff:19:49:18:eb:69:d4:f5:f5:ee:89:
         f6:0a:29:42:56:49:19:bb:b9:ab:0a:75:cc:2a:d0:b0:38:d4:
         30:13:b7:c2:de:e5:1f:93:e4:3a:16:e1:06:d8:f9:ec:f7:f0:
         e1:df:ce:34:bc:d9:f5:7d:63:eb:86:95:aa:5a:10:3c:ff:32:
         ad:6a:93:d5:c6:e2:f0:4f:b2:82:88:d1:f7:66:ef:2b:27:0b:
         71:9c:f4:2d:f2:fe:ef:cb:d3:72:8d:3c:a7:1c:e3:77:8e:37:
         7b:41:7a:2f:8c:e3:c2:9e:a6:f9:bc:bb:c3:63:ac:c6:d8:39:
         d4:b2:9a:d0:6a:03:b9:26:7b:82:76:64:20:84:a2:a4:de:86:
         6f:fc:19:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gFh0PvmIyCmhHBav35X1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjRjMzBiM2MzZmU5NDYwNjI4M2ZlOTg1ZTlhNmJhOGI4
ZmRmY2IwHhcNMjYwMTAyMDIxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBiZTg3N2ZjZjllNWZjMmI0NTZmZDE2MjZhM2QwZWMwM2I1NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvinH8upJ5KX9fU204v4LWIHMRaGM
7V+oKqc9sCaEsTxXEePxsJ0XeMyZ9p74meu9V38ovPSiLNqabFgCwn2HXUENK1J9
wTCxViagcpgevOaozyOBlmCkgG3FfjuBE1vzl2ed8fW7jkMZ/GUNfRLrFf3CBkxn
EWiQ8WPVnOYW/4uT4LbrvN1/sTjPtq7wGLL52rPk94kG5PTQfthL0r8E5Hw/RC2V
5utXJR6+3Px8C3hG6ob7n2pjkTzf/I+ljLnaKmS17AVvjua4nsX3wdRB9vHynfuN
Yho6uockZh8NukVxiCyxv+1VFVeXMAxfjmVQvp87RfSEdU/in2fdkPwtQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsL6Hf8+eX8K0Vv0WJqPQ7AO1UXMB8GA1UdIwQY
MBaAFNokwws8P+lGBig/6YXpprqLj9/LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlUREN6d182VVlHS0RfcGhlbW11b3VQMzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS81ZWU2ZjktYjAyNS00OGEzLWFkODUt
ZjA2YmJmYjg0MDhmLzEvS3d2b2RfejU1ZndyUldfUlltbzlEc0E3VlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS81ZWU2ZjktYjAyNS00OGEzLWFkODUtZjA2YmJmYjg0MDhm
LzEvMmlUREN6d182VVlHS0RfcGhlbW11b3VQMzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZacMA0G
CSqGSIb3DQEBCwUAA4IBAQBnBrixs9alrHC8+83pXr8mHwRDTSsodB609vV4vrFe
9bz6xpOXXauILMe0nfRconD3OSRMww9L7vmcK/pBPJBJiJSSHgKI6209z/UZSaiq
HzFEKSsL/4C/LXeH/M42PBhXa4Vt6RJNZzCj5/sGd/UniBUa/xlJGOtp1PX17on2
CilCVkkZu7mrCnXMKtCwONQwE7fC3uUfk+Q6FuEG2Pns9/Dh3840vNn1fWPrhpWq
WhA8/zKtapPVxuLwT7KCiNH3Zu8rJwtxnPQt8v7vy9NyjTynHON3jjd7QXovjOPC
nqb5vLvDY6zG2DnUsprQagO5JnuCdmQghKKk3oZv/BnF
-----END CERTIFICATE-----