This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/IzcYqEKfKuwNhHLJur3EDi9lWaw.roa
File:                     IzcYqEKfKuwNhHLJur3EDi9lWaw.roa (raw, json)
Hash identifier:          sjPuefHqm4cFePa12ziRIiRgNdagNnui52rpNQ+dDiU=
Subject key identifier:   23:37:18:A8:42:9F:2A:EC:0D:84:72:C9:BA:BD:C4:0E:2F:65:59:AC
Certificate issuer:       /CN=d1f51964ede12b4c03673d23cd44c8375315f45a
Certificate serial:       019B7CED76940E2820E4E1641BB1A219B30A
Authority key identifier: D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/IzcYqEKfKuwNhHLJur3EDi9lWaw.roa
Signing time:             Fri 02 Jan 2026 04:18:15 +0000
ROA not before:           Fri 02 Jan 2026 04:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208126
IP address blocks:        45.128.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:76:94:0e:28:20:e4:e1:64:1b:b1:a2:19:b3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1f51964ede12b4c03673d23cd44c8375315f45a
        Validity
            Not Before: Jan  2 04:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=233718a8429f2aec0d8472c9babdc40e2f6559ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f4:f2:8d:2d:4e:97:8c:18:8f:1b:ed:ca:44:
                    c1:4f:09:12:92:b6:17:c0:bc:6b:6e:57:3e:e4:1e:
                    1e:25:e7:b9:87:71:aa:0e:c0:f1:f7:0b:ee:2d:ef:
                    b9:1b:4f:d1:84:20:98:85:6d:3e:ef:d5:59:f4:0e:
                    9f:02:92:14:2a:3c:14:72:48:30:e9:d3:cb:15:70:
                    5a:bc:ff:54:a7:c8:51:2b:33:3e:2b:95:e4:b0:39:
                    68:15:08:eb:f0:c1:af:3a:8a:aa:34:4a:22:96:a9:
                    74:82:bd:53:f2:0f:3c:af:24:12:30:cf:1e:6f:e6:
                    a1:c8:72:03:b7:96:38:a7:5a:b2:be:22:7b:0f:ef:
                    6c:a6:38:82:c9:2c:01:46:5c:7c:93:c4:99:53:fb:
                    26:cc:1b:9a:8e:8a:10:a1:c5:77:b1:e4:e2:d7:2d:
                    35:ec:d9:3c:ef:f4:17:75:f4:dd:51:de:a0:e7:3c:
                    18:99:39:c1:7a:19:0d:3a:11:2b:1a:1e:c9:8c:69:
                    6a:8d:f5:28:cb:12:82:d4:05:2d:85:2e:17:df:5a:
                    2a:3a:29:df:8e:e0:b6:73:7d:72:0e:b5:48:14:fc:
                    a1:00:39:b5:7f:43:a1:61:63:7e:96:ff:72:67:4e:
                    8f:e7:60:9f:14:c0:fc:0c:b0:d6:fb:63:ac:15:8c:
                    c7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:37:18:A8:42:9F:2A:EC:0D:84:72:C9:BA:BD:C4:0E:2F:65:59:AC
            X509v3 Authority Key Identifier:
                keyid:D1:F5:19:64:ED:E1:2B:4C:03:67:3D:23:CD:44:C8:37:53:15:F4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/IzcYqEKfKuwNhHLJur3EDi9lWaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ebbdda-9571-4ff5-b56e-75220d53a55c/1/0fUZZO3hK0wDZz0jzUTIN1MV9Fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:60:fc:d9:f3:a4:bd:38:be:a3:3e:f1:7b:3d:08:0e:21:92:
         b9:6f:dd:f4:3a:54:70:76:d8:79:b0:0a:66:0c:da:87:79:8d:
         5b:ed:aa:fe:9e:a8:2f:40:84:65:0d:42:3b:63:ca:07:98:1d:
         0a:5c:4c:0d:08:7b:7c:60:c7:f9:38:c9:90:31:0d:24:5c:ad:
         2b:c4:89:1e:45:1b:33:de:98:c8:31:b2:bf:c8:d4:81:47:48:
         60:61:cd:ae:50:fa:ff:81:94:ef:ad:eb:00:cf:c8:4e:a7:77:
         48:42:f2:5c:54:28:bd:80:0e:89:13:12:23:68:a4:d9:09:34:
         83:95:39:65:9e:6f:7d:da:34:38:7e:95:bb:86:b1:c0:de:39:
         f4:58:78:4a:91:4a:e1:f7:4e:9f:88:d6:5a:a8:02:c2:c3:e5:
         37:fd:78:04:cd:d7:b8:dc:5e:7d:fc:1e:07:11:1f:d2:d7:e6:
         0f:ae:07:be:41:f4:45:3c:9f:65:77:1b:09:a7:0a:6d:0c:40:
         63:27:bc:fc:27:da:6c:26:0d:97:e6:28:d9:75:d6:a3:1c:1a:
         34:65:12:fe:f9:7c:fd:4a:3d:a1:73:e7:63:0e:cf:33:39:f9:
         c2:27:f5:ae:2b:8e:b2:dc:4c:45:2b:e0:4a:b7:12:30:12:37:
         ce:a0:d6:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87XaUDigg5OFkG7GiGbMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjUxOTY0ZWRlMTJiNGMwMzY3M2QyM2NkNDRjODM3NTMx
NWY0NWEwHhcNMjYwMTAyMDQxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzM3MThhODQyOWYyYWVjMGQ4NDcyYzliYWJkYzQwZTJmNjU1OWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fTyjS1Ol4wYjxvtykTBTwkSkrYX
wLxrblc+5B4eJee5h3GqDsDx9wvuLe+5G0/RhCCYhW0+79VZ9A6fApIUKjwUckgw
6dPLFXBavP9Up8hRKzM+K5XksDloFQjr8MGvOoqqNEoilql0gr1T8g88ryQSMM8e
b+ahyHIDt5Y4p1qyviJ7D+9spjiCySwBRlx8k8SZU/smzBuajooQocV3seTi1y01
7Nk87/QXdfTdUd6g5zwYmTnBehkNOhErGh7JjGlqjfUoyxKC1AUthS4X31oqOinf
juC2c31yDrVIFPyhADm1f0OhYWN+lv9yZ06P52CfFMD8DLDW+2OsFYzHvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCM3GKhCnyrsDYRyybq9xA4vZVmsMB8GA1UdIwQY
MBaAFNH1GWTt4StMA2c9I81EyDdTFfRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUt
NzUyMjBkNTNhNTVjLzEvSXpjWXFFS2ZLdXdOaEhMSnVyM0VEaTlsV2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9lYmJkZGEtOTU3MS00ZmY1LWI1NmUtNzUyMjBkNTNhNTVj
LzEvMGZVWlpPM2hLMHdEWnowanpVVElOMU1WOUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBEMA0G
CSqGSIb3DQEBCwUAA4IBAQCPYPzZ86S9OL6jPvF7PQgOIZK5b930OlRwdth5sApm
DNqHeY1b7ar+nqgvQIRlDUI7Y8oHmB0KXEwNCHt8YMf5OMmQMQ0kXK0rxIkeRRsz
3pjIMbK/yNSBR0hgYc2uUPr/gZTvresAz8hOp3dIQvJcVCi9gA6JExIjaKTZCTSD
lTllnm992jQ4fpW7hrHA3jn0WHhKkUrh906fiNZaqALCw+U3/XgEzde43F59/B4H
ER/S1+YPrge+QfRFPJ9ldxsJpwptDEBjJ7z8J9psJg2X5ijZddajHBo0ZRL++Xz9
Sj2hc+djDs8zOfnCJ/WuK46y3ExFK+BKtxIwEjfOoNal
-----END CERTIFICATE-----