This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/MxmtZpT39ziVe-pzqj79_Ed_jAo.roa
File:                     MxmtZpT39ziVe-pzqj79_Ed_jAo.roa (raw, json)
Hash identifier:          4OhUHwywmDOO3mmhT6ZwnGr79zua7TEwc4pRLTJjvFc=
Subject key identifier:   33:19:AD:66:94:F7:F7:38:95:7B:EA:73:AA:3E:FD:FC:47:7F:8C:0A
Certificate issuer:       /CN=542f094f0427b14f3499f7cdf61d883b0888628a
Certificate serial:       019B79109853DC7FEC5C32651722D0A901FA
Authority key identifier: 54:2F:09:4F:04:27:B1:4F:34:99:F7:CD:F6:1D:88:3B:08:88:62:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC8JTwQnsU80mffN9h2IOwiIYoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/MxmtZpT39ziVe-pzqj79_Ed_jAo.roa
Signing time:             Thu 01 Jan 2026 10:18:09 +0000
ROA not before:           Thu 01 Jan 2026 10:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208963
IP address blocks:        45.13.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/VC8JTwQnsU80mffN9h2IOwiIYoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/VC8JTwQnsU80mffN9h2IOwiIYoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC8JTwQnsU80mffN9h2IOwiIYoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:98:53:dc:7f:ec:5c:32:65:17:22:d0:a9:01:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f094f0427b14f3499f7cdf61d883b0888628a
        Validity
            Not Before: Jan  1 10:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3319ad6694f7f738957bea73aa3efdfc477f8c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:09:75:47:b5:27:c5:1d:c6:3d:17:96:58:18:
                    d3:c6:2d:6b:2a:88:c1:89:f6:41:44:3c:cf:89:89:
                    b4:85:7e:73:fd:41:ba:f3:3a:77:76:eb:62:64:38:
                    6a:f9:cd:a1:e2:92:d3:30:5b:a7:0a:20:59:43:83:
                    39:23:dc:b2:7c:3c:21:98:52:20:44:5a:63:dc:07:
                    85:2e:95:d2:09:dd:4e:3d:d7:2e:a6:e1:59:a0:b8:
                    1f:85:cc:97:bb:25:40:a4:3d:09:f6:21:63:47:34:
                    25:8d:7d:b8:18:0c:c4:b2:6a:84:e3:69:20:89:fb:
                    91:04:1f:e0:80:9f:57:44:09:17:b4:b3:af:f7:10:
                    62:a8:e0:5c:f0:e1:e1:26:16:d8:07:e3:ad:05:a3:
                    4b:28:6f:7a:d6:cb:fb:f1:75:5f:06:a0:e0:c3:1b:
                    3e:b4:b9:76:86:04:b9:7a:df:d3:5c:f6:55:46:c1:
                    b2:29:c6:79:c5:17:15:51:99:12:a1:72:c3:88:ec:
                    67:53:f9:db:c8:70:4a:29:56:12:ed:64:70:37:b4:
                    93:8d:5e:11:4c:68:96:83:3e:15:fd:e0:e2:95:7d:
                    d3:8b:97:c2:54:8a:6a:bf:ee:92:7b:45:0d:83:32:
                    49:1b:e4:1f:78:85:2a:a1:fa:71:ec:41:c9:a5:e6:
                    6f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:19:AD:66:94:F7:F7:38:95:7B:EA:73:AA:3E:FD:FC:47:7F:8C:0A
            X509v3 Authority Key Identifier:
                keyid:54:2F:09:4F:04:27:B1:4F:34:99:F7:CD:F6:1D:88:3B:08:88:62:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC8JTwQnsU80mffN9h2IOwiIYoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/MxmtZpT39ziVe-pzqj79_Ed_jAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/756aeb-022e-4c98-8ddb-0e068c4970ff/1/VC8JTwQnsU80mffN9h2IOwiIYoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:83:4c:fd:c8:25:2d:2d:c8:e1:2f:f8:6a:b7:4a:60:07:37:
         26:46:4e:22:7e:b3:c8:6e:0b:89:a9:b9:b3:77:b3:31:71:6c:
         f2:57:10:23:94:d6:ed:3b:a8:ff:d3:38:3c:73:39:5c:02:a1:
         62:61:85:98:84:d6:ec:2c:81:74:89:24:94:c0:cc:25:c4:09:
         25:b2:d5:53:85:aa:77:70:a8:a2:44:96:18:67:e0:3e:a3:5a:
         48:73:9c:81:ed:39:fd:3e:1f:c9:b8:46:2f:8b:c6:62:d8:12:
         8f:9c:7d:7c:ba:fd:60:ef:51:d9:eb:81:0e:a4:6c:31:b9:cb:
         2d:6e:17:66:8a:e4:92:24:52:95:ab:30:33:ef:a5:d6:e3:fa:
         f7:5d:f4:c4:c9:bb:4f:4b:35:3f:48:9c:bf:5c:aa:4e:79:7b:
         76:94:33:75:52:ae:1a:41:af:95:af:f2:f1:12:05:4c:18:41:
         77:71:49:f5:1a:c8:34:92:eb:38:50:3c:75:80:22:c6:94:7e:
         fb:26:a5:1c:34:cb:a5:fd:89:20:af:c5:f8:c8:36:bc:b7:94:
         49:6b:47:ef:a5:c6:d5:fe:76:f9:7b:31:e6:89:8a:2e:9a:7e:
         6c:78:f6:79:dc:3a:08:26:87:1f:a5:ee:77:35:f6:71:76:de:
         58:7a:73:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EJhT3H/sXDJlFyLQqQH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmYwOTRmMDQyN2IxNGYzNDk5ZjdjZGY2MWQ4ODNiMDg4
ODYyOGEwHhcNMjYwMTAxMTAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzE5YWQ2Njk0ZjdmNzM4OTU3YmVhNzNhYTNlZmRmYzQ3N2Y4YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAl1R7UnxR3GPReWWBjTxi1rKojB
ifZBRDzPiYm0hX5z/UG68zp3dutiZDhq+c2h4pLTMFunCiBZQ4M5I9yyfDwhmFIg
RFpj3AeFLpXSCd1OPdcupuFZoLgfhcyXuyVApD0J9iFjRzQljX24GAzEsmqE42kg
ifuRBB/ggJ9XRAkXtLOv9xBiqOBc8OHhJhbYB+OtBaNLKG961sv78XVfBqDgwxs+
tLl2hgS5et/TXPZVRsGyKcZ5xRcVUZkSoXLDiOxnU/nbyHBKKVYS7WRwN7STjV4R
TGiWgz4V/eDilX3Ti5fCVIpqv+6Se0UNgzJJG+QfeIUqofpx7EHJpeZvSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMZrWaU9/c4lXvqc6o+/fxHf4wKMB8GA1UdIwQY
MBaAFFQvCU8EJ7FPNJn3zfYdiDsIiGKKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM4SlR3UW5zVTgwbWZmTjloMklPd2lJWW9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS83NTZhZWItMDIyZS00Yzk4LThkZGIt
MGUwNjhjNDk3MGZmLzEvTXhtdFpwVDM5emlWZS1wenFqNzlfRWRfakFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS83NTZhZWItMDIyZS00Yzk4LThkZGItMGUwNjhjNDk3MGZm
LzEvVkM4SlR3UW5zVTgwbWZmTjloMklPd2lJWW9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ0wMA0G
CSqGSIb3DQEBCwUAA4IBAQDIg0z9yCUtLcjhL/hqt0pgBzcmRk4ifrPIbguJqbmz
d7MxcWzyVxAjlNbtO6j/0zg8czlcAqFiYYWYhNbsLIF0iSSUwMwlxAklstVThap3
cKiiRJYYZ+A+o1pIc5yB7Tn9Ph/JuEYvi8Zi2BKPnH18uv1g71HZ64EOpGwxucst
bhdmiuSSJFKVqzAz76XW4/r3XfTEybtPSzU/SJy/XKpOeXt2lDN1Uq4aQa+Vr/Lx
EgVMGEF3cUn1Gsg0kus4UDx1gCLGlH77JqUcNMul/Ykgr8X4yDa8t5RJa0fvpcbV
/nb5ezHmiYoumn5sePZ53DoIJocfpe53NfZxdt5YenMj
-----END CERTIFICATE-----