This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/D5QEjU_c-2K3zEmAOaQA7KVaPdU.roa
File:                     D5QEjU_c-2K3zEmAOaQA7KVaPdU.roa (raw, json)
Hash identifier:          53QlG3KSERej7aq6m/GMzpjSU92mmWpGloyrcVyUx7A=
Subject key identifier:   0F:94:04:8D:4F:DC:FB:62:B7:CC:49:80:39:A4:00:EC:A5:5A:3D:D5
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019B7C8059EA3359F66E5085A44324147319
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/D5QEjU_c-2K3zEmAOaQA7KVaPdU.roa
Signing time:             Fri 02 Jan 2026 02:19:04 +0000
ROA not before:           Fri 02 Jan 2026 02:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49661
IP address blocks:        45.135.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:59:ea:33:59:f6:6e:50:85:a4:43:24:14:73:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 02:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f94048d4fdcfb62b7cc498039a400eca55a3dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b6:7a:0c:79:96:46:57:9f:d1:f6:38:46:6c:
                    6d:6f:f9:29:c5:41:63:50:9c:30:1b:2a:a6:b5:17:
                    5d:06:0c:62:eb:dd:f3:3e:8d:54:68:7f:97:30:a7:
                    23:d5:09:83:76:c3:4b:c5:b9:d7:34:9a:77:1b:a6:
                    5e:d6:ec:95:b1:a5:36:32:ec:aa:6f:76:f7:aa:c3:
                    d5:90:c2:b7:fb:e4:33:cf:b5:d4:17:b8:07:e6:e2:
                    84:fd:df:32:3f:8e:70:96:f7:a5:e0:f1:5c:a9:7e:
                    48:5a:5e:61:56:a2:2c:13:21:1e:02:0b:5d:46:4a:
                    5b:a5:ea:95:0f:3e:e1:e9:4c:6a:ee:45:3b:13:0e:
                    f5:2d:61:75:35:7e:ee:da:c3:a7:19:fc:10:67:88:
                    ec:8c:1d:f5:3f:da:30:96:45:64:08:97:88:4c:56:
                    f6:fe:77:51:54:87:83:3c:4c:58:93:9b:53:df:45:
                    1a:a1:ae:e1:83:09:9e:fb:43:ef:50:a8:ff:0a:31:
                    47:65:66:0a:fd:7d:9a:f6:3a:6b:73:f5:f4:b9:95:
                    ec:fd:eb:07:48:c1:aa:b6:e8:00:b9:53:f0:2f:47:
                    c5:64:6f:5c:bb:34:5c:d0:21:70:83:d5:82:d3:18:
                    34:d7:cb:b9:44:d2:5a:27:19:9a:35:10:dc:8e:b0:
                    e8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:94:04:8D:4F:DC:FB:62:B7:CC:49:80:39:A4:00:EC:A5:5A:3D:D5
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/D5QEjU_c-2K3zEmAOaQA7KVaPdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:66:4f:4f:b0:e4:79:72:0b:7a:79:75:b1:27:d4:7e:66:29:
         44:48:84:51:6b:d8:82:e1:36:e3:46:4d:db:27:42:5a:49:ad:
         50:fc:df:c4:2a:3d:1b:b0:d0:ef:9f:c8:c6:94:22:97:b2:dc:
         e9:38:b1:ee:44:94:b6:cd:d3:47:14:3d:87:65:60:f5:9d:4b:
         94:bd:f5:2d:e6:f2:9e:e1:8f:b4:8c:67:05:01:22:70:5b:cc:
         7c:08:38:b6:29:89:ad:9c:73:6f:d5:ef:4c:aa:72:c1:4b:d7:
         c7:17:7f:4a:d9:6f:68:4d:cf:19:43:90:67:2e:60:77:a4:7c:
         32:70:39:88:cd:60:65:80:6c:3b:78:df:f4:79:a0:4f:af:40:
         4d:ed:c9:bc:fd:4b:59:41:51:2a:aa:d7:10:6d:c4:0f:14:d3:
         ae:09:06:bc:31:b1:5e:ff:10:47:61:70:4d:f2:a2:e8:7a:d0:
         b8:cf:b9:0b:5d:9b:bf:5b:93:ed:fb:0f:17:76:f7:23:6e:1d:
         de:4a:bb:78:8f:c7:85:fa:6f:75:bd:7a:b1:5a:60:d5:78:69:
         4c:82:00:c3:54:20:ff:f0:4c:65:87:8b:25:fc:99:0e:03:0f:
         c4:cc:9f:be:83:7f:f0:4e:4f:b5:cf:db:71:10:59:21:6a:73:
         02:f9:56:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gFnqM1n2blCFpEMkFHMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMTAyMDIxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjk0MDQ4ZDRmZGNmYjYyYjdjYzQ5ODAzOWE0MDBlY2E1NWEzZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbZ6DHmWRlef0fY4Rmxtb/kpxUFj
UJwwGyqmtRddBgxi693zPo1UaH+XMKcj1QmDdsNLxbnXNJp3G6Ze1uyVsaU2Muyq
b3b3qsPVkMK3++Qzz7XUF7gH5uKE/d8yP45wlvel4PFcqX5IWl5hVqIsEyEeAgtd
RkpbpeqVDz7h6Uxq7kU7Ew71LWF1NX7u2sOnGfwQZ4jsjB31P9owlkVkCJeITFb2
/ndRVIeDPExYk5tT30Uaoa7hgwme+0PvUKj/CjFHZWYK/X2a9jprc/X0uZXs/esH
SMGqtugAuVPwL0fFZG9cuzRc0CFwg9WC0xg018u5RNJaJxmaNRDcjrDofQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+UBI1P3Ptit8xJgDmkAOylWj3VMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvRDVRRWpVX2MtMkszekVtQU9hUUE3S1ZhUGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeBMA0G
CSqGSIb3DQEBCwUAA4IBAQAGZk9PsOR5cgt6eXWxJ9R+ZilESIRRa9iC4TbjRk3b
J0JaSa1Q/N/EKj0bsNDvn8jGlCKXstzpOLHuRJS2zdNHFD2HZWD1nUuUvfUt5vKe
4Y+0jGcFASJwW8x8CDi2KYmtnHNv1e9MqnLBS9fHF39K2W9oTc8ZQ5BnLmB3pHwy
cDmIzWBlgGw7eN/0eaBPr0BN7cm8/UtZQVEqqtcQbcQPFNOuCQa8MbFe/xBHYXBN
8qLoetC4z7kLXZu/W5Pt+w8Xdvcjbh3eSrt4j8eF+m91vXqxWmDVeGlMggDDVCD/
8Exlh4sl/JkOAw/EzJ++g3/wTk+1z9txEFkhanMC+VbC
-----END CERTIFICATE-----