This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/Xb1Ypft5Y54bcYQ8b79qIwrScbE.roa
File:                     Xb1Ypft5Y54bcYQ8b79qIwrScbE.roa (raw, json)
Hash identifier:          Ptw9WulLvCzzd5LJ241CpZZU4h4IU0B2dm9/idnoGHM=
Subject key identifier:   5D:BD:58:A5:FB:79:63:9E:1B:71:84:3C:6F:BF:6A:23:0A:D2:71:B1
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B7F8386180B9CA7DB4BFE9345CD2EB0CA
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/Xb1Ypft5Y54bcYQ8b79qIwrScbE.roa
Signing time:             Fri 02 Jan 2026 16:21:24 +0000
ROA not before:           Fri 02 Jan 2026 16:21:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        45.11.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 07:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:86:18:0b:9c:a7:db:4b:fe:93:45:cd:2e:b0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  2 16:21:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dbd58a5fb79639e1b71843c6fbf6a230ad271b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ed:3b:be:2a:c0:20:6f:63:08:7e:39:f4:47:
                    ee:35:cf:15:89:f5:3a:fa:09:a8:1a:ee:60:c0:a1:
                    c1:2b:8b:fe:1a:5d:6e:6f:e5:4a:2e:da:6e:b6:40:
                    d7:81:0d:c9:e7:f9:a3:db:ec:9e:bf:50:54:0b:e7:
                    28:0a:b3:4d:9e:4a:d0:f1:05:e8:54:86:9b:66:8d:
                    51:b7:12:62:ad:8d:46:3e:88:4b:ba:3e:5d:f2:ec:
                    12:bb:fb:0f:59:11:87:56:e8:98:c2:23:91:41:9e:
                    dc:c4:ec:19:61:e9:3a:9f:ed:5d:28:34:63:03:41:
                    46:68:2e:8c:1a:17:b1:62:e6:6c:fc:af:f2:f8:7c:
                    a6:cb:bc:e3:d1:d4:73:4a:4f:b3:cd:42:09:12:14:
                    bb:f7:04:4e:a2:2a:69:f6:b8:6e:58:12:7b:71:25:
                    88:a0:6e:82:ec:13:a0:a9:db:b3:21:13:33:00:05:
                    db:16:11:60:28:05:88:a1:bc:73:e8:86:bc:d7:2b:
                    db:17:d3:ed:94:bd:81:d2:cc:bd:18:7b:cf:c1:0d:
                    37:e3:85:80:1b:d5:3d:d8:22:7f:1e:56:00:66:82:
                    4a:d3:20:c9:e7:37:b4:89:22:1f:02:be:4d:8a:b4:
                    8b:dc:83:a6:bc:d3:a2:60:a2:d1:fa:64:83:72:72:
                    a9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BD:58:A5:FB:79:63:9E:1B:71:84:3C:6F:BF:6A:23:0A:D2:71:B1
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/Xb1Ypft5Y54bcYQ8b79qIwrScbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:36:30:1a:2c:d6:7a:80:ba:f5:a9:79:ba:d6:bb:55:65:e4:
         24:cf:b3:e9:d8:72:51:62:1d:48:ae:3f:2f:f3:10:2c:d2:38:
         16:1d:73:b0:7f:2e:3a:c4:f7:8b:63:7f:b3:c5:9d:16:79:01:
         bf:2f:cc:fe:12:35:14:7a:37:45:03:6d:c9:28:6f:bc:17:84:
         80:e8:b7:c6:25:a0:34:ea:27:83:43:39:f4:77:09:66:4f:fb:
         75:30:a0:63:4b:12:3e:03:0e:80:b9:6f:aa:a5:17:c5:bf:20:
         cd:1a:a9:34:3e:7c:b4:7d:0e:29:fd:c2:14:c6:50:7f:08:14:
         d0:9c:50:ec:f4:53:dd:4c:bb:01:5e:86:cd:8d:ba:92:b0:ee:
         d8:e6:6a:43:d5:01:d3:44:99:d4:c8:c3:67:e6:a0:6f:43:18:
         76:93:41:f7:5c:e1:bd:27:99:3e:6c:1d:88:35:05:d3:4a:01:
         4d:0d:4c:f4:c5:e1:36:0c:97:b3:6b:c4:f9:fb:d8:bb:25:70:
         66:06:5f:39:10:3f:7f:ae:20:a3:13:3c:d0:dd:a6:bb:5c:41:
         49:e8:f3:dd:6b:cf:6d:d4:41:c8:7f:a1:18:b0:33:b4:b7:a5:
         f3:c8:83:fb:61:ea:6e:3f:f0:dc:21:2d:25:9b:fe:73:d1:17:
         04:32:1c:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g4YYC5yn20v+k0XNLrDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTAyMTYyMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJkNThhNWZiNzk2MzllMWI3MTg0M2M2ZmJmNmEyMzBhZDI3MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6O07virAIG9jCH459EfuNc8VifU6
+gmoGu5gwKHBK4v+Gl1ub+VKLtputkDXgQ3J5/mj2+yev1BUC+coCrNNnkrQ8QXo
VIabZo1RtxJirY1GPohLuj5d8uwSu/sPWRGHVuiYwiORQZ7cxOwZYek6n+1dKDRj
A0FGaC6MGhexYuZs/K/y+Hymy7zj0dRzSk+zzUIJEhS79wROoipp9rhuWBJ7cSWI
oG6C7BOgqduzIRMzAAXbFhFgKAWIobxz6Ia81yvbF9PtlL2B0sy9GHvPwQ0344WA
G9U92CJ/HlYAZoJK0yDJ5ze0iSIfAr5NirSL3IOmvNOiYKLR+mSDcnKp4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF29WKX7eWOeG3GEPG+/aiMK0nGxMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvWGIxWXBmdDVZNTRiY1lROGI3OXFJd3JTY2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu8MA0G
CSqGSIb3DQEBCwUAA4IBAQBcNjAaLNZ6gLr1qXm61rtVZeQkz7Pp2HJRYh1Irj8v
8xAs0jgWHXOwfy46xPeLY3+zxZ0WeQG/L8z+EjUUejdFA23JKG+8F4SA6LfGJaA0
6ieDQzn0dwlmT/t1MKBjSxI+Aw6AuW+qpRfFvyDNGqk0Pny0fQ4p/cIUxlB/CBTQ
nFDs9FPdTLsBXobNjbqSsO7Y5mpD1QHTRJnUyMNn5qBvQxh2k0H3XOG9J5k+bB2I
NQXTSgFNDUz0xeE2DJeza8T5+9i7JXBmBl85ED9/riCjEzzQ3aa7XEFJ6PPda89t
1EHIf6EYsDO0t6XzyIP7YepuP/DcIS0lm/5z0RcEMhy/
-----END CERTIFICATE-----