This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1Al-MKzvpmsPB1o_VLAZisgRN5A.roa
File:                     1Al-MKzvpmsPB1o_VLAZisgRN5A.roa (raw, json)
Hash identifier:          Uvb3gRxfokU3biBAV5cP8dXJM0nFw/vuK8XbFLNPQaQ=
Subject key identifier:   D4:09:7E:30:AC:EF:A6:6B:0F:07:5A:3F:54:B0:19:8A:C8:11:37:90
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019B7C808A0D391DD2B29E7D4322D4328047
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1Al-MKzvpmsPB1o_VLAZisgRN5A.roa
Signing time:             Fri 02 Jan 2026 02:19:17 +0000
ROA not before:           Fri 02 Jan 2026 02:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213457
IP address blocks:        46.243.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:8a:0d:39:1d:d2:b2:9e:7d:43:22:d4:32:80:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  2 02:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4097e30acefa66b0f075a3f54b0198ac8113790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:1f:ec:3a:8e:77:5a:6a:82:b7:1b:fe:dc:fd:
                    d3:49:0e:d0:82:2f:28:a1:10:89:32:e0:b8:8a:1e:
                    79:89:80:25:43:7a:5a:79:e7:48:bc:bd:97:1f:f3:
                    46:13:bb:e4:73:93:6e:95:b6:4f:0e:25:a7:4e:59:
                    50:79:39:8d:90:7d:51:e4:7a:7f:2f:9a:31:10:43:
                    68:e9:d9:52:3d:05:94:03:02:a4:0b:d3:34:39:a3:
                    a5:60:0a:4b:eb:a7:29:ef:a9:a4:77:e7:19:16:71:
                    63:f1:96:12:af:7f:e1:ae:74:3a:23:e2:9a:87:30:
                    89:0c:ed:70:18:4e:5d:5d:0c:ec:8b:48:72:25:f6:
                    2a:f4:63:cb:db:27:f7:7e:b3:db:0b:a3:40:e3:db:
                    36:80:d8:95:d5:69:ee:bd:37:eb:54:ce:cc:96:55:
                    e3:e8:d6:05:d7:58:73:4c:a6:c9:09:a3:77:69:dc:
                    3b:a1:83:b4:8b:38:1f:2f:51:31:a5:97:38:32:c3:
                    7f:d1:6d:a6:f9:82:cb:eb:9c:de:85:e9:ff:6b:fc:
                    0a:11:71:57:d2:a0:78:2a:f1:4d:16:2a:1c:e2:a4:
                    21:13:ff:4e:7a:6e:32:6f:81:63:fe:5c:3c:c5:cc:
                    d3:d3:53:e0:02:ba:68:63:18:8b:93:8b:cd:a3:f2:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:09:7E:30:AC:EF:A6:6B:0F:07:5A:3F:54:B0:19:8A:C8:11:37:90
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1Al-MKzvpmsPB1o_VLAZisgRN5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:d1:aa:ef:4a:46:bc:c1:29:52:d3:d2:93:be:fc:a5:1a:1f:
         21:bd:1e:b6:85:d1:d2:3c:94:84:a3:3d:f1:e7:20:0c:3f:6f:
         e6:71:60:18:66:46:97:9a:44:54:60:ef:43:af:6c:fe:bb:74:
         bc:fc:16:87:af:bb:8f:48:9a:8a:cd:8b:ec:c6:be:ee:ad:f4:
         77:21:cd:16:ba:70:e7:51:db:e8:0e:fc:b9:55:5a:20:fc:9f:
         77:cd:7b:51:8b:7a:03:af:0f:4b:f8:80:5b:d0:b9:73:50:cd:
         22:f8:a3:84:32:fb:05:9c:55:dd:f9:8b:54:e2:43:a4:89:a0:
         c2:28:7a:39:d7:d6:f3:a0:0d:95:dd:d0:c9:ca:1a:30:f3:80:
         22:31:3c:79:90:cc:6a:07:f9:7e:17:30:6a:c1:d6:94:8e:27:
         34:46:29:c1:4e:04:7f:c4:97:31:b5:b2:b3:15:21:9d:0a:73:
         10:54:2e:d6:5b:57:94:2a:06:e0:f6:06:dd:f5:01:60:7f:a1:
         42:6f:ea:3d:d4:0f:8e:b1:a9:60:37:9e:83:74:54:a6:9c:a0:
         91:f4:28:bf:2d:6c:43:46:f4:68:1c:b2:ba:82:de:32:bd:46:
         8e:b5:49:2f:16:72:89:fc:4b:ef:d2:4e:c1:59:c3:45:0f:9f:
         ba:83:25:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gIoNOR3Ssp59QyLUMoBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMTAyMDIxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDA5N2UzMGFjZWZhNjZiMGYwNzVhM2Y1NGIwMTk4YWM4MTEzNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6R/sOo53WmqCtxv+3P3TSQ7Qgi8o
oRCJMuC4ih55iYAlQ3paeedIvL2XH/NGE7vkc5NulbZPDiWnTllQeTmNkH1R5Hp/
L5oxEENo6dlSPQWUAwKkC9M0OaOlYApL66cp76mkd+cZFnFj8ZYSr3/hrnQ6I+Ka
hzCJDO1wGE5dXQzsi0hyJfYq9GPL2yf3frPbC6NA49s2gNiV1WnuvTfrVM7MllXj
6NYF11hzTKbJCaN3adw7oYO0izgfL1ExpZc4MsN/0W2m+YLL65zehen/a/wKEXFX
0qB4KvFNFioc4qQhE/9Oem4yb4Fj/lw8xczT01PgArpoYxiLk4vNo/KPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQJfjCs76ZrDwdaP1SwGYrIETeQMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMUFsLU1LenZwbXNQQjFvX1ZMQVppc2dSTjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvMFMA0G
CSqGSIb3DQEBCwUAA4IBAQBs0arvSka8wSlS09KTvvylGh8hvR62hdHSPJSEoz3x
5yAMP2/mcWAYZkaXmkRUYO9Dr2z+u3S8/BaHr7uPSJqKzYvsxr7urfR3Ic0WunDn
UdvoDvy5VVog/J93zXtRi3oDrw9L+IBb0LlzUM0i+KOEMvsFnFXd+YtU4kOkiaDC
KHo519bzoA2V3dDJyhow84AiMTx5kMxqB/l+FzBqwdaUjic0RinBTgR/xJcxtbKz
FSGdCnMQVC7WW1eUKgbg9gbd9QFgf6FCb+o91A+OsalgN56DdFSmnKCR9Ci/LWxD
RvRoHLK6gt4yvUaOtUkvFnKJ/Evv0k7BWcNFD5+6gyV/
-----END CERTIFICATE-----