This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/buyY8Ac2KpmpHFfgVONVdAfwNbA.roa
File:                     buyY8Ac2KpmpHFfgVONVdAfwNbA.roa (raw, json)
Hash identifier:          BGQ1r8F2zGT+tMqc/Ky+y50SA0bVIp41VORitmqGR/I=
Subject key identifier:   6E:EC:98:F0:07:36:2A:99:A9:1C:57:E0:54:E3:55:74:07:F0:35:B0
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B7910891EB2279D4D8CCC20A010445ABB
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/buyY8Ac2KpmpHFfgVONVdAfwNbA.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215128
IP address blocks:        213.198.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:89:1e:b2:27:9d:4d:8c:cc:20:a0:10:44:5a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eec98f007362a99a91c57e054e3557407f035b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e6:6d:14:32:21:45:74:68:1d:bf:42:72:87:
                    9f:c4:18:de:92:5c:25:21:d3:4d:73:8b:ad:2d:e2:
                    ea:a8:c4:33:2f:f7:b4:b5:b6:45:45:61:05:39:d4:
                    fc:b6:0d:bd:a3:38:f2:81:43:d3:1f:c0:e8:66:18:
                    c0:12:24:43:90:42:3b:b1:37:78:16:f1:e3:9a:d2:
                    1d:01:d3:31:c5:26:35:f4:90:e0:ca:c7:97:30:78:
                    4a:80:f5:d2:3d:43:b7:7f:cf:be:30:0b:be:de:8d:
                    1b:d1:7e:4a:77:10:a9:36:a2:4f:9a:ec:d6:9b:05:
                    bf:63:db:b4:a1:75:b0:e9:45:76:31:89:1f:3e:8b:
                    65:8f:8d:cf:29:aa:fa:d5:29:1a:50:21:ad:b9:ca:
                    a7:68:94:fb:c7:10:23:91:6e:46:2a:71:71:4c:51:
                    21:5f:d6:a8:62:61:f4:2f:37:66:ca:12:39:bc:17:
                    66:99:30:19:71:3e:34:4d:56:a9:99:11:62:a1:dd:
                    e0:f8:46:a3:7a:58:44:6b:d5:e6:79:0d:c3:62:f9:
                    a2:5b:22:6c:d6:8e:9d:d4:e3:ff:b7:3d:0e:de:a5:
                    51:e7:5b:5a:2d:3f:c2:cd:e3:8b:56:ab:12:a8:54:
                    24:a9:f8:d6:36:8f:9f:ab:88:bb:2e:a3:8f:42:7a:
                    a9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:EC:98:F0:07:36:2A:99:A9:1C:57:E0:54:E3:55:74:07:F0:35:B0
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/buyY8Ac2KpmpHFfgVONVdAfwNbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:cb:2c:2e:db:c2:df:68:fa:44:8c:f6:73:44:46:03:24:7a:
         c5:04:8c:1a:64:3e:b4:38:79:e6:44:77:46:32:38:a2:75:7b:
         ef:94:0d:06:2a:1b:d7:51:a2:9c:a9:3b:ab:38:20:df:54:77:
         67:3b:88:8f:3c:53:f4:78:e4:9a:89:02:ae:98:54:e0:6f:97:
         c8:36:c1:da:f3:e4:26:1f:98:f4:2d:7d:9c:de:2b:b6:7e:e1:
         c7:bb:35:b6:69:7e:41:4e:8f:00:8d:22:99:46:b7:85:5a:5c:
         fe:34:f2:ae:2f:b6:95:2f:50:fc:11:c4:d1:cd:ad:40:cd:a7:
         45:b9:83:de:70:72:c2:c4:b3:b3:16:2a:91:da:8e:35:de:ab:
         d5:e7:8f:12:71:cc:f0:fa:5c:4b:38:1a:61:c8:1b:98:f1:44:
         11:5a:ca:22:34:0a:a9:7c:af:c3:88:c7:77:9b:d3:54:5b:14:
         6a:44:c5:ce:af:d8:24:bf:27:a8:f5:39:2a:5a:c9:3c:e6:21:
         6c:9c:14:1a:5b:a0:3f:6c:91:9d:8e:5a:86:a2:59:12:a8:e3:
         eb:e3:fd:10:74:74:54:fc:89:68:82:56:f4:b0:03:43:74:4e:
         e2:84:64:e5:2e:3c:df:28:c6:20:3e:0e:12:9a:4c:c8:83:df:
         72:67:cd:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIkesiedTYzMIKAQRFq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWVjOThmMDA3MzYyYTk5YTkxYzU3ZTA1NGUzNTU3NDA3ZjAzNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eZtFDIhRXRoHb9CcoefxBjeklwl
IdNNc4utLeLqqMQzL/e0tbZFRWEFOdT8tg29ozjygUPTH8DoZhjAEiRDkEI7sTd4
FvHjmtIdAdMxxSY19JDgyseXMHhKgPXSPUO3f8++MAu+3o0b0X5KdxCpNqJPmuzW
mwW/Y9u0oXWw6UV2MYkfPotlj43PKar61SkaUCGtucqnaJT7xxAjkW5GKnFxTFEh
X9aoYmH0LzdmyhI5vBdmmTAZcT40TVapmRFiod3g+EajelhEa9XmeQ3DYvmiWyJs
1o6d1OP/tz0O3qVR51taLT/CzeOLVqsSqFQkqfjWNo+fq4i7LqOPQnqpdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7smPAHNiqZqRxX4FTjVXQH8DWwMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvYnV5WThBYzJLcG1wSEZmZ1ZPTlZkQWZ3TmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1cYGMA0G
CSqGSIb3DQEBCwUAA4IBAQCZyywu28LfaPpEjPZzREYDJHrFBIwaZD60OHnmRHdG
MjiidXvvlA0GKhvXUaKcqTurOCDfVHdnO4iPPFP0eOSaiQKumFTgb5fINsHa8+Qm
H5j0LX2c3iu2fuHHuzW2aX5BTo8AjSKZRreFWlz+NPKuL7aVL1D8EcTRza1AzadF
uYPecHLCxLOzFiqR2o413qvV548Scczw+lxLOBphyBuY8UQRWsoiNAqpfK/DiMd3
m9NUWxRqRMXOr9gkvyeo9TkqWsk85iFsnBQaW6A/bJGdjlqGolkSqOPr4/0QdHRU
/Iloglb0sANDdE7ihGTlLjzfKMYgPg4SmkzIg99yZ83p
-----END CERTIFICATE-----