This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/A0lDnaheIdxgLgyqVtgdA3GG0lY.roa
File:                     A0lDnaheIdxgLgyqVtgdA3GG0lY.roa (raw, json)
Hash identifier:          PQvd/XVKCSiE9hRvjnqs3+R9hLMHGtpE+odVJvkIz0U=
Subject key identifier:   03:49:43:9D:A8:5E:21:DC:60:2E:0C:AA:56:D8:1D:03:71:86:D2:56
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019B7C8050C9ED80D2DF478F5C76B99DDC2B
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/A0lDnaheIdxgLgyqVtgdA3GG0lY.roa
Signing time:             Fri 02 Jan 2026 02:19:02 +0000
ROA not before:           Fri 02 Jan 2026 02:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35682
IP address blocks:        45.92.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:50:c9:ed:80:d2:df:47:8f:5c:76:b9:9d:dc:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 02:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0349439da85e21dc602e0caa56d81d037186d256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b0:8c:c0:4c:88:c5:19:b5:bc:2c:a6:f9:a9:
                    89:df:73:93:a5:58:9c:c2:bb:db:af:86:9e:75:18:
                    f8:2f:af:ae:6e:5e:ce:cd:4d:ab:c0:5c:06:34:df:
                    51:17:42:6d:4d:33:a1:c1:be:16:dd:00:43:a1:2f:
                    02:cc:45:aa:32:50:97:0e:e7:bd:c5:0f:03:8b:99:
                    0d:2b:9f:ae:b3:7b:25:7f:58:45:31:b5:b4:9c:1d:
                    06:c2:a9:eb:e7:ba:70:8a:64:49:59:1a:39:01:ab:
                    16:78:41:e0:a1:09:67:fc:18:8b:4b:f0:f7:bd:07:
                    bf:5d:2a:7e:a6:f0:b3:c5:43:c0:cd:b9:5f:c9:85:
                    49:81:60:66:64:51:e8:d0:31:96:75:14:19:c3:16:
                    48:4d:3e:ea:3e:0c:7c:f6:40:56:2a:de:d7:4e:83:
                    09:4c:86:eb:8f:ea:5b:a5:d2:f5:86:d3:77:10:5d:
                    82:21:81:8a:6c:d9:29:94:12:0d:48:f4:8c:b1:34:
                    26:52:07:2f:2a:72:ac:7d:9c:39:c8:56:a3:cf:9b:
                    d1:d2:64:77:57:5b:46:1d:7c:75:13:a0:ea:53:58:
                    cc:db:21:97:6a:8b:f3:ec:44:00:d7:68:33:5c:21:
                    14:d4:2a:8e:fa:2f:29:06:50:16:9f:3d:6b:25:81:
                    65:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:49:43:9D:A8:5E:21:DC:60:2E:0C:AA:56:D8:1D:03:71:86:D2:56
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/A0lDnaheIdxgLgyqVtgdA3GG0lY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a1:7b:03:41:23:00:e3:09:7c:53:66:f3:bb:ca:db:77:25:
         06:a0:87:93:06:81:8a:90:57:56:77:67:2a:d5:63:96:b6:ea:
         7a:56:24:91:de:45:7e:cc:46:2e:0f:d7:b2:24:8d:63:45:e6:
         f2:8f:63:6c:99:7f:de:66:2a:ec:7b:ad:d7:10:98:5b:a9:33:
         07:b8:0a:de:eb:06:ba:e6:41:ce:eb:8a:62:e6:91:c9:3f:72:
         07:6e:34:09:db:92:9d:d1:f1:4e:7d:af:52:20:46:51:02:34:
         29:db:53:85:d7:29:67:6b:a8:cc:86:4c:01:3c:57:06:47:79:
         3f:08:23:6e:7a:18:bb:c8:45:90:93:cc:b5:a3:ac:e3:d1:3b:
         a6:6b:51:48:a2:99:4b:ac:aa:f2:2a:f9:65:d4:e9:1f:36:a5:
         5a:76:e1:97:b3:62:c9:51:9a:35:53:1e:4f:ec:26:2b:8a:f0:
         ff:66:f6:e8:3d:55:92:77:54:cb:95:84:7a:e4:16:d0:64:c1:
         9c:9c:8c:4f:07:15:dc:ba:26:a2:2b:0c:60:d3:92:e6:5e:88:
         c9:21:dd:7b:6f:7a:ac:ba:41:6b:a0:75:a7:1d:33:f4:82:b5:
         bd:e9:fa:ff:c1:d2:09:5f:30:70:a8:95:4c:2c:e2:18:6a:43:
         3b:23:29:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gFDJ7YDS30ePXHa5ndwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMTAyMDIxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ5NDM5ZGE4NWUyMWRjNjAyZTBjYWE1NmQ4MWQwMzcxODZkMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7CMwEyIxRm1vCym+amJ33OTpVic
wrvbr4aedRj4L6+ubl7OzU2rwFwGNN9RF0JtTTOhwb4W3QBDoS8CzEWqMlCXDue9
xQ8Di5kNK5+us3slf1hFMbW0nB0Gwqnr57pwimRJWRo5AasWeEHgoQln/BiLS/D3
vQe/XSp+pvCzxUPAzblfyYVJgWBmZFHo0DGWdRQZwxZITT7qPgx89kBWKt7XToMJ
TIbrj+pbpdL1htN3EF2CIYGKbNkplBINSPSMsTQmUgcvKnKsfZw5yFajz5vR0mR3
V1tGHXx1E6DqU1jM2yGXaovz7EQA12gzXCEU1CqO+i8pBlAWnz1rJYFlnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANJQ52oXiHcYC4MqlbYHQNxhtJWMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQTBsRG5haGVJZHhnTGd5cVZ0Z2RBM0dHMGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVytMA0G
CSqGSIb3DQEBCwUAA4IBAQC0oXsDQSMA4wl8U2bzu8rbdyUGoIeTBoGKkFdWd2cq
1WOWtup6ViSR3kV+zEYuD9eyJI1jRebyj2NsmX/eZirse63XEJhbqTMHuAre6wa6
5kHO64pi5pHJP3IHbjQJ25Kd0fFOfa9SIEZRAjQp21OF1ylna6jMhkwBPFcGR3k/
CCNuehi7yEWQk8y1o6zj0Tuma1FIoplLrKryKvll1OkfNqVaduGXs2LJUZo1Ux5P
7CYrivD/ZvboPVWSd1TLlYR65BbQZMGcnIxPBxXcuiaiKwxg05LmXojJId17b3qs
ukFroHWnHTP0grW96fr/wdIJXzBwqJVMLOIYakM7IynQ
-----END CERTIFICATE-----