This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/0kFTRKOE3jWGCAoyPfo6VNl6gNY.roa
File:                     0kFTRKOE3jWGCAoyPfo6VNl6gNY.roa (raw, json)
Hash identifier:          il4KXb3o4UsVQZBTVvlrB+YuKW6gXafGwP3odHFQM4k=
Subject key identifier:   D2:41:53:44:A3:84:DE:35:86:08:0A:32:3D:FA:3A:54:D9:7A:80:D6
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019B7BA45CE7E150418272478404D57B560F
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/0kFTRKOE3jWGCAoyPfo6VNl6gNY.roa
Signing time:             Thu 01 Jan 2026 22:18:47 +0000
ROA not before:           Thu 01 Jan 2026 22:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212966
IP address blocks:        45.154.32.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:5c:e7:e1:50:41:82:72:47:84:04:d5:7b:56:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jan  1 22:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2415344a384de3586080a323dfa3a54d97a80d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b6:84:5c:fe:5e:85:78:24:ed:51:ee:a0:c4:
                    5b:f2:3c:25:34:f1:fb:36:23:bd:b6:0b:94:4e:09:
                    03:53:ea:09:07:bd:54:ff:95:ac:4e:e9:44:95:6e:
                    fc:e0:41:ee:bb:cd:41:c8:c2:fe:04:af:dd:ae:eb:
                    6b:fb:11:3a:19:5a:49:31:d3:71:ee:7f:28:f9:48:
                    b5:e5:67:97:02:8b:76:b2:47:0b:63:4d:88:b5:8b:
                    e0:d3:85:4f:29:3f:c9:7b:a5:99:f6:7c:15:70:bd:
                    fe:f9:65:77:92:1e:e2:b5:83:31:3f:a8:1e:b3:65:
                    c1:01:f6:cc:77:dd:6f:4f:e8:e4:39:2c:7d:f0:ef:
                    f9:9e:3b:52:4c:1e:a8:c6:be:23:26:22:d9:ed:4a:
                    d8:67:2a:7b:cf:e4:69:e0:6b:1a:5b:db:0f:33:71:
                    a3:c8:02:e3:b1:57:87:5b:4a:73:2e:5b:ee:05:23:
                    f8:52:d3:50:cf:58:5c:b3:fc:55:50:37:98:3b:0e:
                    1b:fc:3c:e5:a1:8b:57:ac:53:1c:59:c6:86:f8:02:
                    26:b4:e1:d4:8d:ce:17:d2:90:5e:eb:31:70:e4:a0:
                    6c:51:1b:77:1e:db:7e:3b:1f:36:1a:4a:99:69:e6:
                    77:a9:04:c6:fd:20:7b:22:93:ee:9e:c8:88:fb:a8:
                    d7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:41:53:44:A3:84:DE:35:86:08:0A:32:3D:FA:3A:54:D9:7A:80:D6
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/0kFTRKOE3jWGCAoyPfo6VNl6gNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:58:21:93:90:2a:e7:b9:2e:6f:36:90:69:ef:e6:0e:63:5b:
         a4:87:73:3b:aa:67:0b:ca:9e:eb:19:7d:a0:e3:db:55:a6:9a:
         b5:99:60:ba:2d:d1:f3:17:78:c3:cc:6c:9b:8d:b7:e1:44:f5:
         7a:08:08:6d:15:0c:38:c5:d2:10:10:2a:18:47:47:00:0a:62:
         01:8e:b9:e2:0a:cb:34:bc:e1:63:09:0f:3c:70:5e:40:27:b4:
         dc:fc:6a:e3:0c:ca:0e:33:a9:a1:46:6f:73:4e:c2:cb:04:e7:
         5d:59:92:55:7a:bf:0b:9d:13:bc:39:16:0d:5b:d4:90:a3:0a:
         29:f0:31:ec:ff:07:9b:94:64:0e:2f:20:15:42:31:18:30:1a:
         60:67:7f:fe:8c:d3:3a:a7:1a:5d:6a:46:8c:71:47:82:56:b8:
         a7:14:70:1a:40:59:29:90:5e:78:ff:09:fb:e4:ea:3b:0c:f0:
         7c:0d:34:46:93:68:6b:b5:22:77:26:1c:18:27:68:83:ba:b0:
         78:33:f3:ac:1a:70:a1:a7:f3:bf:4b:6d:c5:39:b9:5b:f4:09:
         80:aa:d8:11:89:bf:af:b2:88:ee:6f:0c:cd:27:fb:5b:1f:52:
         5b:dd:0e:f7:5e:a8:81:ae:6c:c2:aa:92:23:fa:1d:b2:07:47:
         43:69:a1:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pFzn4VBBgnJHhATVe1YPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMTAxMjIxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQxNTM0NGEzODRkZTM1ODYwODBhMzIzZGZhM2E1NGQ5N2E4MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1baEXP5ehXgk7VHuoMRb8jwlNPH7
NiO9tguUTgkDU+oJB71U/5WsTulElW784EHuu81ByML+BK/drutr+xE6GVpJMdNx
7n8o+Ui15WeXAot2skcLY02ItYvg04VPKT/Je6WZ9nwVcL3++WV3kh7itYMxP6ge
s2XBAfbMd91vT+jkOSx98O/5njtSTB6oxr4jJiLZ7UrYZyp7z+Rp4GsaW9sPM3Gj
yALjsVeHW0pzLlvuBSP4UtNQz1hcs/xVUDeYOw4b/DzloYtXrFMcWcaG+AImtOHU
jc4X0pBe6zFw5KBsURt3Htt+Ox82GkqZaeZ3qQTG/SB7IpPunsiI+6jXxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJBU0SjhN41hggKMj36OlTZeoDWMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvMGtGVFJLT0UzaldHQ0FveVBmbzZWTmw2Z05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZogMA0G
CSqGSIb3DQEBCwUAA4IBAQCmWCGTkCrnuS5vNpBp7+YOY1ukh3M7qmcLyp7rGX2g
49tVppq1mWC6LdHzF3jDzGybjbfhRPV6CAhtFQw4xdIQECoYR0cACmIBjrniCss0
vOFjCQ88cF5AJ7Tc/GrjDMoOM6mhRm9zTsLLBOddWZJVer8LnRO8ORYNW9SQowop
8DHs/weblGQOLyAVQjEYMBpgZ3/+jNM6pxpdakaMcUeCVrinFHAaQFkpkF54/wn7
5Oo7DPB8DTRGk2hrtSJ3JhwYJ2iDurB4M/OsGnChp/O/S23FOblb9AmAqtgRib+v
sojubwzNJ/tbH1Jb3Q73XqiBrmzCqpIj+h2yB0dDaaHv
-----END CERTIFICATE-----