This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kUDpvsHoadLhVdKr6h-b0SNO4tY.roa
File:                     kUDpvsHoadLhVdKr6h-b0SNO4tY.roa (raw, json)
Hash identifier:          ghiF39f0Y89egjtxUNkROwPhxKuZIFRg98pk031tjoA=
Subject key identifier:   91:40:E9:BE:C1:E8:69:D2:E1:55:D2:AB:EA:1F:9B:D1:23:4E:E2:D6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019B7D5D89B9295559E2F99B3599DA25C149
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kUDpvsHoadLhVdKr6h-b0SNO4tY.roa
Signing time:             Fri 02 Jan 2026 06:20:40 +0000
ROA not before:           Fri 02 Jan 2026 06:20:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216139
IP address blocks:        45.12.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:89:b9:29:55:59:e2:f9:9b:35:99:da:25:c1:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 06:20:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9140e9bec1e869d2e155d2abea1f9bd1234ee2d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1f:63:3e:cb:8c:75:b4:18:8b:1c:14:82:01:
                    3e:e1:4a:28:59:b6:96:5d:89:1c:e8:e2:30:70:21:
                    e9:78:8f:0a:25:19:1b:d5:71:15:7d:1a:5c:c4:de:
                    30:64:ea:e2:d2:91:67:be:50:22:87:69:19:94:5c:
                    37:4e:29:8b:b5:48:82:80:1d:60:6f:a7:ab:ae:a0:
                    2c:d2:cb:83:f4:53:95:b2:d1:96:91:c0:61:9f:19:
                    01:44:76:01:45:dc:c7:e7:45:fa:d9:fc:d2:9b:30:
                    3c:5f:8d:33:be:99:6a:1f:ca:d1:c3:e9:ed:e8:1e:
                    8d:1d:a7:a5:df:af:7c:d1:dd:75:57:1b:c4:33:5c:
                    d6:31:02:5d:8c:0b:76:72:f1:33:46:4c:93:bc:3f:
                    f0:49:07:cb:6c:54:df:3f:c4:04:72:fc:a2:a6:11:
                    1f:03:6f:04:9b:46:8a:a5:bd:46:59:ae:8a:b1:0d:
                    ea:ec:f6:d3:b2:4e:1b:63:94:bc:c3:6f:2d:77:47:
                    02:e1:17:f3:34:8e:5d:c4:1f:a5:17:d5:ec:70:10:
                    58:d6:c4:a2:ce:84:41:79:bb:94:e7:4c:1a:3f:b4:
                    13:c2:e4:fe:d7:fe:c5:2c:26:c9:c3:9e:26:82:f1:
                    39:a9:94:5d:86:ee:c8:61:26:ce:a1:73:24:51:04:
                    61:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:40:E9:BE:C1:E8:69:D2:E1:55:D2:AB:EA:1F:9B:D1:23:4E:E2:D6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kUDpvsHoadLhVdKr6h-b0SNO4tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:22:2b:ec:28:d1:f5:c2:44:ab:69:9e:46:e3:4c:27:31:17:
         5c:17:5f:d6:2d:80:a8:37:c6:ee:8e:0f:fb:ca:12:63:42:1a:
         9b:3b:9d:6e:72:8a:d9:4d:28:b3:63:07:95:87:d9:b8:63:28:
         5c:6a:09:5c:aa:2b:d1:d4:f9:03:49:52:f7:f3:c7:23:b4:b7:
         50:92:4f:01:72:83:60:54:7a:33:fe:2f:16:93:53:9b:85:07:
         4f:cf:23:0d:c0:75:93:ae:00:2b:d3:5f:de:36:41:ba:7b:13:
         94:f6:d9:1c:70:34:02:a4:64:d5:fd:dd:e7:94:f4:8a:0e:2e:
         9e:9c:7a:68:ca:82:43:b3:cf:ec:75:73:b2:5d:72:59:04:62:
         1a:01:7b:27:a5:89:ec:cb:ff:1c:bf:49:4c:cb:86:bb:7f:91:
         46:c1:51:43:56:61:cf:96:dc:83:e8:96:c8:dd:12:ad:0b:8d:
         0e:e3:8c:71:cb:d7:ff:84:db:0c:9a:8d:0e:19:cf:b0:1b:e7:
         82:51:5a:b9:4d:8e:50:25:e6:59:62:e0:f9:1b:f6:f4:c3:a8:
         9d:bc:b1:aa:2b:cc:80:fc:86:2b:35:8b:f9:cf:d5:8c:23:8e:
         fa:ad:1f:f9:4a:3b:78:5a:6e:8e:0d:ad:73:57:37:09:71:fc:
         5c:96:fb:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XYm5KVVZ4vmbNZnaJcFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMTAyMDYyMDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTQwZTliZWMxZTg2OWQyZTE1NWQyYWJlYTFmOWJkMTIzNGVlMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB9jPsuMdbQYixwUggE+4UooWbaW
XYkc6OIwcCHpeI8KJRkb1XEVfRpcxN4wZOri0pFnvlAih2kZlFw3TimLtUiCgB1g
b6errqAs0suD9FOVstGWkcBhnxkBRHYBRdzH50X62fzSmzA8X40zvplqH8rRw+nt
6B6NHael36980d11VxvEM1zWMQJdjAt2cvEzRkyTvD/wSQfLbFTfP8QEcvyiphEf
A28Em0aKpb1GWa6KsQ3q7PbTsk4bY5S8w28td0cC4RfzNI5dxB+lF9XscBBY1sSi
zoRBebuU50waP7QTwuT+1/7FLCbJw54mgvE5qZRdhu7IYSbOoXMkUQRh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFA6b7B6GnS4VXSq+ofm9EjTuLWMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva1VEcHZzSG9hZExoVmRLcjZoLWIwU05PNHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxFMA0G
CSqGSIb3DQEBCwUAA4IBAQAVIivsKNH1wkSraZ5G40wnMRdcF1/WLYCoN8bujg/7
yhJjQhqbO51ucorZTSizYweVh9m4YyhcaglcqivR1PkDSVL388cjtLdQkk8BcoNg
VHoz/i8Wk1ObhQdPzyMNwHWTrgAr01/eNkG6exOU9tkccDQCpGTV/d3nlPSKDi6e
nHpoyoJDs8/sdXOyXXJZBGIaAXsnpYnsy/8cv0lMy4a7f5FGwVFDVmHPltyD6JbI
3RKtC40O44xxy9f/hNsMmo0OGc+wG+eCUVq5TY5QJeZZYuD5G/b0w6idvLGqK8yA
/IYrNYv5z9WMI476rR/5Sjt4Wm6ODa1zVzcJcfxclvvH
-----END CERTIFICATE-----