This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/Nf3EsHLwWqodxJ1QM1KI7OGVqOk.roa
File:                     Nf3EsHLwWqodxJ1QM1KI7OGVqOk.roa (raw, json)
Hash identifier:          S6vfOvH5sVJE28SQyXolc/taEC8cUDhQ4fTQO3bdy+0=
Subject key identifier:   35:FD:C4:B0:72:F0:5A:AA:1D:C4:9D:50:33:52:88:EC:E1:95:A8:E9
Certificate issuer:       /CN=ded7239db81d61f98d586383ccc125d66106cb30
Certificate serial:       019B7DCAE66E1EFAC4542CC0E6213003C920
Authority key identifier: DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/Nf3EsHLwWqodxJ1QM1KI7OGVqOk.roa
Signing time:             Fri 02 Jan 2026 08:20:07 +0000
ROA not before:           Fri 02 Jan 2026 08:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50629
IP address blocks:        45.151.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:e6:6e:1e:fa:c4:54:2c:c0:e6:21:30:03:c9:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded7239db81d61f98d586383ccc125d66106cb30
        Validity
            Not Before: Jan  2 08:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35fdc4b072f05aaa1dc49d50335288ece195a8e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:d0:c9:74:e5:1c:f6:01:40:c0:7c:72:2b:
                    4f:43:84:57:d6:36:58:2f:c3:26:b5:de:b4:0a:84:
                    ee:08:71:ff:51:70:c1:7b:0a:cd:be:b1:35:db:17:
                    ef:74:54:d1:0d:1a:88:fb:1a:b4:86:11:1f:64:db:
                    13:b7:8f:11:ad:07:6f:d4:2a:27:b7:0b:80:f1:62:
                    9a:28:17:c0:3d:aa:dd:8b:dd:c5:7f:08:99:4a:f7:
                    ea:17:68:7f:87:10:7b:46:74:2c:cc:59:6b:cf:f7:
                    0e:0c:1c:3b:cd:c4:a4:52:7f:df:ea:5d:14:7a:f0:
                    d3:98:c6:94:1d:d8:e5:bb:41:7d:58:47:dc:96:fe:
                    aa:b3:cb:07:f4:72:94:b1:ba:79:31:cd:20:22:c5:
                    0f:1b:64:bd:44:ee:c5:6b:78:09:d1:1f:1e:6a:7b:
                    52:7c:7f:f7:e3:71:57:ac:6f:84:0a:8e:6f:c8:2c:
                    9a:50:a0:13:25:d0:8d:77:d3:14:57:c8:53:47:73:
                    45:17:24:85:32:9d:b5:f8:74:96:67:fc:17:50:18:
                    c9:4c:da:c3:13:8e:14:41:0a:44:09:86:2a:60:cd:
                    5b:fb:87:39:55:5f:7a:da:cb:b3:59:5c:85:e7:cc:
                    5a:8a:31:98:cd:ca:c7:fe:76:e3:b2:b6:38:1a:e8:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FD:C4:B0:72:F0:5A:AA:1D:C4:9D:50:33:52:88:EC:E1:95:A8:E9
            X509v3 Authority Key Identifier:
                keyid:DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/Nf3EsHLwWqodxJ1QM1KI7OGVqOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:a6:73:57:dc:f7:01:11:96:46:3c:b2:7a:17:5c:51:2a:4a:
         af:90:49:f5:af:74:cc:cf:04:95:0e:ad:8d:53:f6:b2:d8:d9:
         67:db:29:fa:5e:bd:f2:c6:38:5c:72:82:b3:47:2d:da:af:70:
         c4:56:ec:30:3a:90:68:7c:d3:64:b3:c9:0f:17:a8:f1:11:ea:
         f5:3f:6b:ad:c9:97:39:48:c4:e4:17:7b:72:76:76:fe:fe:b1:
         35:02:22:79:f0:d0:aa:1e:02:39:f0:63:ae:22:e9:bc:6e:e6:
         46:94:ce:20:ae:7d:1a:23:5f:04:33:50:9b:e2:fa:bd:b0:0a:
         48:e8:08:c3:9d:e5:9d:e4:77:38:b6:58:e2:24:2f:f7:07:44:
         99:e7:e0:b3:0e:53:ff:e4:ea:98:11:79:7f:22:13:81:76:bf:
         7d:0a:22:bb:1b:ae:d8:24:09:15:e5:af:f9:2c:b3:67:a2:b1:
         3c:82:93:31:38:fc:23:a6:0d:b3:4c:f4:d5:09:3e:70:9a:6a:
         45:86:54:2a:68:25:e9:e5:28:7b:97:06:fc:86:f1:fb:ee:2a:
         64:80:a5:92:54:c0:7d:9e:94:91:77:09:5d:f6:7e:62:f5:b9:
         c4:44:d8:ed:f6:bd:73:28:4e:cb:a7:2e:c8:5d:e9:15:70:d6:
         9d:c2:53:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yuZuHvrEVCzA5iEwA8kgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDcyMzlkYjgxZDYxZjk4ZDU4NjM4M2NjYzEyNWQ2NjEw
NmNiMzAwHhcNMjYwMTAyMDgyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZkYzRiMDcyZjA1YWFhMWRjNDlkNTAzMzUyODhlY2UxOTVhOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtATQyXTlHPYBQMB8citPQ4RX1jZY
L8Mmtd60CoTuCHH/UXDBewrNvrE12xfvdFTRDRqI+xq0hhEfZNsTt48RrQdv1Con
twuA8WKaKBfAPardi93FfwiZSvfqF2h/hxB7RnQszFlrz/cODBw7zcSkUn/f6l0U
evDTmMaUHdjlu0F9WEfclv6qs8sH9HKUsbp5Mc0gIsUPG2S9RO7Fa3gJ0R8eantS
fH/343FXrG+ECo5vyCyaUKATJdCNd9MUV8hTR3NFFySFMp21+HSWZ/wXUBjJTNrD
E44UQQpECYYqYM1b+4c5VV962suzWVyF58xaijGYzcrH/nbjsrY4GuiO5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX9xLBy8FqqHcSdUDNSiOzhlajpMB8GA1UdIwQY
MBaAFN7XI524HWH5jVhjg8zBJdZhBsswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYt
ODU2YjY1Yzc1YzI2LzEvTmYzRXNITHdXcW9keEoxUU0xS0k3T0dWcU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYtODU2YjY1Yzc1YzI2
LzEvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZfwMA0G
CSqGSIb3DQEBCwUAA4IBAQBDpnNX3PcBEZZGPLJ6F1xRKkqvkEn1r3TMzwSVDq2N
U/ay2Nln2yn6Xr3yxjhccoKzRy3ar3DEVuwwOpBofNNks8kPF6jxEer1P2utyZc5
SMTkF3tydnb+/rE1AiJ58NCqHgI58GOuIum8buZGlM4grn0aI18EM1Cb4vq9sApI
6AjDneWd5Hc4tljiJC/3B0SZ5+CzDlP/5OqYEXl/IhOBdr99CiK7G67YJAkV5a/5
LLNnorE8gpMxOPwjpg2zTPTVCT5wmmpFhlQqaCXp5Sh7lwb8hvH77ipkgKWSVMB9
npSRdwld9n5i9bnERNjt9r1zKE7Lpy7IXekVcNadwlMS
-----END CERTIFICATE-----