This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sa2hcoTzMHeI3RnIBEU34c_1I3U.roa
File:                     sa2hcoTzMHeI3RnIBEU34c_1I3U.roa (raw, json)
Hash identifier:          Mcu5ZbBB1vBeke9ywj2IP3qo2AeuIBucJBqu/1rd7QE=
Subject key identifier:   B1:AD:A1:72:84:F3:30:77:88:DD:19:C8:04:45:37:E1:CF:F5:23:75
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B25A0C2AD6175F54AFAA86E3D40EEBF10
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sa2hcoTzMHeI3RnIBEU34c_1I3U.roa
Signing time:             Tue 16 Dec 2025 05:27:31 +0000
ROA not before:           Tue 16 Dec 2025 05:27:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133153
IP address blocks:        151.245.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:25:a0:c2:ad:61:75:f5:4a:fa:a8:6e:3d:40:ee:bf:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Dec 16 05:27:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1ada17284f3307788dd19c8044537e1cff52375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:d4:90:03:bb:13:18:a8:c7:ed:82:91:09:
                    c0:67:5b:92:c3:29:81:6b:68:11:3c:23:79:ce:68:
                    9e:45:8f:5d:df:c1:e2:3a:52:91:a2:35:97:12:9a:
                    ca:8a:ca:3b:c9:0e:d2:e4:19:d4:28:94:a4:c0:30:
                    f3:d3:31:ad:92:8d:91:5c:36:8f:8c:3e:27:56:fe:
                    6e:25:d1:22:b2:ee:92:82:c6:eb:65:73:70:3e:b3:
                    e6:08:93:bf:9a:06:ef:bc:61:63:05:45:19:f7:b7:
                    ec:f3:be:52:45:4d:8b:a1:ef:44:43:45:fa:51:dd:
                    cf:9c:1a:58:03:00:e6:04:4b:bb:c0:3d:c5:ad:93:
                    5f:6c:90:d7:b4:ee:70:7d:ee:5b:41:73:b6:88:bd:
                    ae:d3:21:32:ef:4e:c0:21:db:18:cb:3e:19:a9:46:
                    13:16:ea:65:bb:a2:d9:77:ef:49:69:ce:87:94:e2:
                    e5:c4:dc:7f:5d:7e:2f:2d:02:e0:76:ef:4a:bc:53:
                    89:47:c8:6f:dc:c5:1f:fa:93:03:71:9b:c5:e6:df:
                    93:b2:20:49:b7:6d:ce:e6:7b:06:02:46:4b:a3:1a:
                    ff:60:6e:8f:58:8e:30:6b:e7:f9:d4:2e:fd:e1:e8:
                    76:4e:d9:02:e8:b6:37:17:dd:ef:4d:3d:c0:be:68:
                    a6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AD:A1:72:84:F3:30:77:88:DD:19:C8:04:45:37:E1:CF:F5:23:75
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/sa2hcoTzMHeI3RnIBEU34c_1I3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:64:c7:5e:7c:35:a3:f6:2c:24:a5:34:af:87:05:6f:46:4f:
         e4:e6:74:6e:f8:a2:f7:16:68:90:3e:fe:89:ae:02:f9:a4:09:
         5a:24:be:f5:56:ff:de:e6:3e:0e:63:77:98:0b:57:04:df:c0:
         c1:9e:61:a3:3d:37:1b:2f:b3:14:8a:17:92:90:80:2f:92:13:
         97:33:f0:c0:e5:82:48:ea:9c:12:a2:ff:3e:eb:e6:f8:ae:d5:
         5d:c7:dd:9d:bc:12:63:5c:a8:03:02:62:08:8f:72:ea:1f:dd:
         de:d0:31:a4:d5:ca:4e:72:1b:80:b3:19:c6:14:48:3d:28:c4:
         8f:36:45:97:56:6f:7e:a1:9d:27:40:0e:e7:08:cd:f4:99:33:
         2d:3b:74:fb:7a:2e:4c:a6:9e:29:44:1b:87:33:05:1d:c7:ef:
         1b:04:6c:38:e2:53:cc:69:4f:8b:b2:f1:ba:1c:9f:f3:b5:c7:
         09:e4:1b:f2:82:56:25:2b:41:d3:29:a4:77:ee:a2:6a:df:3e:
         2f:8b:82:9e:4a:8e:cb:c2:8b:48:64:e9:29:9f:39:04:fc:5b:
         7d:36:61:c4:4d:c9:d6:e1:6b:3f:4f:ad:3f:b3:2c:df:2b:43:
         39:af:80:45:ff:ca:a5:cc:20:2e:69:d5:f1:b8:49:9a:6c:8f:
         63:21:3b:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsloMKtYXX1Svqobj1A7r8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMjE2MDUyNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWFkYTE3Mjg0ZjMzMDc3ODhkZDE5YzgwNDQ1MzdlMWNmZjUyMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUTUkAO7Exiox+2CkQnAZ1uSwymB
a2gRPCN5zmieRY9d38HiOlKRojWXEprKiso7yQ7S5BnUKJSkwDDz0zGtko2RXDaP
jD4nVv5uJdEisu6SgsbrZXNwPrPmCJO/mgbvvGFjBUUZ97fs875SRU2Loe9EQ0X6
Ud3PnBpYAwDmBEu7wD3FrZNfbJDXtO5wfe5bQXO2iL2u0yEy707AIdsYyz4ZqUYT
Fuplu6LZd+9Jac6HlOLlxNx/XX4vLQLgdu9KvFOJR8hv3MUf+pMDcZvF5t+TsiBJ
t23O5nsGAkZLoxr/YG6PWI4wa+f51C794eh2TtkC6LY3F93vTT3AvmimjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGtoXKE8zB3iN0ZyARFN+HP9SN1MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvc2EyaGNvVHpNSGVJM1JuSUJFVTM0Y18xSTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/WyMA0G
CSqGSIb3DQEBCwUAA4IBAQCmZMdefDWj9iwkpTSvhwVvRk/k5nRu+KL3FmiQPv6J
rgL5pAlaJL71Vv/e5j4OY3eYC1cE38DBnmGjPTcbL7MUiheSkIAvkhOXM/DA5YJI
6pwSov8+6+b4rtVdx92dvBJjXKgDAmIIj3LqH93e0DGk1cpOchuAsxnGFEg9KMSP
NkWXVm9+oZ0nQA7nCM30mTMtO3T7ei5Mpp4pRBuHMwUdx+8bBGw44lPMaU+LsvG6
HJ/ztccJ5BvyglYlK0HTKaR37qJq3z4vi4KeSo7LwotIZOkpnzkE/Ft9NmHETcnW
4Ws/T60/syzfK0M5r4BF/8qlzCAuadXxuEmabI9jITt8
-----END CERTIFICATE-----