This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/jlOSteO5B4HlUDCHpcrOn1tZyw8.roa
File:                     jlOSteO5B4HlUDCHpcrOn1tZyw8.roa (raw, json)
Hash identifier:          PNBhGbv1owj//wNV6ueV101gABFDOCaZFzVqrXAhf8s=
Subject key identifier:   8E:53:92:B5:E3:B9:07:81:E5:50:30:87:A5:CA:CE:9F:5B:59:CB:0F
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019B78347AB18332B5DAE0F2A9A6A76A1A5E
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/jlOSteO5B4HlUDCHpcrOn1tZyw8.roa
Signing time:             Thu 01 Jan 2026 06:17:43 +0000
ROA not before:           Thu 01 Jan 2026 06:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        45.149.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:7a:b1:83:32:b5:da:e0:f2:a9:a6:a7:6a:1a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Jan  1 06:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e5392b5e3b90781e5503087a5cace9f5b59cb0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5d:b1:81:4d:ab:de:90:fc:22:a7:e4:31:37:
                    2b:d6:c7:cb:ca:a0:ea:ae:ec:4e:7f:ae:96:59:f0:
                    93:99:3b:ad:a1:ed:71:bc:f8:a1:76:28:93:b6:1f:
                    30:11:9f:80:9b:98:24:73:07:b4:b5:05:4b:81:44:
                    98:df:81:de:2d:51:dd:99:7f:26:f0:66:44:aa:c2:
                    57:d9:83:04:34:f2:35:e2:d4:ab:e6:cc:59:57:33:
                    39:a4:19:c3:12:78:a5:37:03:27:da:5a:a7:67:ca:
                    16:50:3e:ef:17:97:c0:32:d9:2d:54:7a:34:c9:c8:
                    5f:f5:ef:2f:26:54:67:d9:01:91:41:d5:67:6c:a6:
                    4b:33:de:a3:6f:40:59:00:40:55:40:cc:38:53:a5:
                    12:6a:f2:d7:a9:01:38:07:90:e5:f8:77:6a:2f:03:
                    61:f4:51:71:2b:84:80:7e:4f:5a:d3:d1:f3:f5:33:
                    62:03:36:b8:9c:51:17:41:1b:22:1e:d2:3e:8a:6a:
                    6e:f3:6f:b1:31:e0:d7:9f:24:f8:dc:93:63:32:01:
                    e1:4d:9a:74:dc:92:d9:6a:03:5d:0a:c4:14:a2:df:
                    b2:7f:54:d7:09:c0:a5:47:0d:3a:84:7e:ec:f0:af:
                    93:37:d4:bb:a6:e9:9b:98:6e:78:af:f5:ca:4e:e4:
                    0a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:53:92:B5:E3:B9:07:81:E5:50:30:87:A5:CA:CE:9F:5B:59:CB:0F
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/jlOSteO5B4HlUDCHpcrOn1tZyw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e7:24:86:3a:f8:32:19:45:db:0b:a6:22:c9:26:5a:eb:c0:
         c0:d0:17:5c:cb:49:aa:e0:a6:6b:d0:8e:29:52:02:1c:3e:94:
         86:10:ce:b8:59:12:7d:0d:2c:f9:6c:7d:36:0d:37:9f:bd:ae:
         2c:f7:70:cf:14:80:f7:7e:f0:e1:df:d8:32:4a:40:2e:58:19:
         12:b5:3b:1b:c0:be:9a:3d:98:4b:a6:57:43:4e:d8:f4:a9:cd:
         bf:35:76:9e:44:44:5a:f3:cd:0e:b2:ff:d9:e9:99:bb:09:35:
         96:41:07:08:55:59:23:0f:2b:fc:ba:1c:39:dc:0d:63:8d:3c:
         0f:e7:2a:cf:4d:36:85:17:d3:19:c8:5c:2b:68:56:91:c0:5f:
         2e:00:58:4b:33:23:75:ff:43:5d:9a:94:e5:11:4c:63:de:0e:
         29:30:fb:29:d0:35:23:79:1a:82:3e:c6:f1:82:17:43:48:53:
         b9:f0:f3:bb:5c:b9:ea:a1:14:8e:bc:0b:9d:23:48:98:de:cd:
         2e:23:1c:e1:51:f9:fe:cd:a8:42:70:56:2f:d5:41:ec:14:49:
         4f:9a:16:02:71:1c:f2:27:53:4f:4d:8d:ed:62:88:28:90:22:
         7d:a8:db:67:13:57:77:84:ff:0a:0d:e7:9e:04:95:32:8c:ff:
         a9:d7:3d:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NHqxgzK12uDyqaanahpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjYwMTAxMDYxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUzOTJiNWUzYjkwNzgxZTU1MDMwODdhNWNhY2U5ZjViNTljYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw12xgU2r3pD8IqfkMTcr1sfLyqDq
ruxOf66WWfCTmTutoe1xvPihdiiTth8wEZ+Am5gkcwe0tQVLgUSY34HeLVHdmX8m
8GZEqsJX2YMENPI14tSr5sxZVzM5pBnDEnilNwMn2lqnZ8oWUD7vF5fAMtktVHo0
ychf9e8vJlRn2QGRQdVnbKZLM96jb0BZAEBVQMw4U6USavLXqQE4B5Dl+HdqLwNh
9FFxK4SAfk9a09Hz9TNiAza4nFEXQRsiHtI+impu82+xMeDXnyT43JNjMgHhTZp0
3JLZagNdCsQUot+yf1TXCcClRw06hH7s8K+TN9S7pumbmG54r/XKTuQKIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5TkrXjuQeB5VAwh6XKzp9bWcsPMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvamxPU3RlTzVCNEhsVURDSHBjck9uMXRaeXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUHMA0G
CSqGSIb3DQEBCwUAA4IBAQBi5ySGOvgyGUXbC6YiySZa68DA0Bdcy0mq4KZr0I4p
UgIcPpSGEM64WRJ9DSz5bH02DTefva4s93DPFID3fvDh39gySkAuWBkStTsbwL6a
PZhLpldDTtj0qc2/NXaeRERa880Osv/Z6Zm7CTWWQQcIVVkjDyv8uhw53A1jjTwP
5yrPTTaFF9MZyFwraFaRwF8uAFhLMyN1/0NdmpTlEUxj3g4pMPsp0DUjeRqCPsbx
ghdDSFO58PO7XLnqoRSOvAudI0iY3s0uIxzhUfn+zahCcFYv1UHsFElPmhYCcRzy
J1NPTY3tYogokCJ9qNtnE1d3hP8KDeeeBJUyjP+p1z2z
-----END CERTIFICATE-----