This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YB5-PVFC4-1M_27aTkD19hw9m_E.roa
File:                     YB5-PVFC4-1M_27aTkD19hw9m_E.roa (raw, json)
Hash identifier:          GP+RmSVrQepJPKNkXbeY0l/FXQ7OQNxujEOGXoYX2Ug=
Subject key identifier:   60:1E:7E:3D:51:42:E3:ED:4C:FF:6E:DA:4E:40:F5:F6:1C:3D:9B:F1
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019B9E3A81D8F1C9D50D7DC4B75B56A152F1
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YB5-PVFC4-1M_27aTkD19hw9m_E.roa
Signing time:             Thu 08 Jan 2026 15:29:53 +0000
ROA not before:           Thu 08 Jan 2026 15:29:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        45.11.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 19:27:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9e:3a:81:d8:f1:c9:d5:0d:7d:c4:b7:5b:56:a1:52:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jan  8 15:29:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=601e7e3d5142e3ed4cff6eda4e40f5f61c3d9bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:66:e8:05:80:f9:da:36:cc:7d:7c:e8:fe:
                    a9:4d:09:61:e4:1e:15:e0:6b:30:50:50:47:36:ad:
                    99:60:4f:ea:b3:99:e6:2d:21:9f:4a:0a:36:05:79:
                    60:02:a9:fb:ec:f6:e8:c2:e7:17:12:ad:3b:c2:7e:
                    fc:19:c1:be:37:fa:c3:a4:f6:fb:50:8c:db:c4:16:
                    4a:0c:ca:90:1d:b6:ba:fa:69:df:ea:50:4c:63:3b:
                    f5:d2:e2:d3:ca:8a:18:d8:1a:35:bc:a9:38:ed:8c:
                    f2:7b:af:d2:1d:4f:4b:f5:f6:1b:21:45:ea:35:22:
                    92:b8:d6:f3:10:8c:ce:21:74:3a:15:15:ec:1d:cc:
                    41:51:3c:6f:e6:84:6e:cf:0b:a8:cf:69:fc:d3:b0:
                    cd:39:d5:fa:e2:98:37:30:9e:72:64:54:91:bd:36:
                    4f:a5:f1:c7:28:dd:67:d3:88:20:f1:95:f3:70:f2:
                    66:44:a1:b0:b6:fe:a1:69:ac:4d:fd:39:7f:be:f2:
                    ea:ea:f6:2f:63:2e:12:a1:d3:e0:2a:11:7d:a9:ad:
                    49:e5:36:c4:0d:f5:6a:13:43:76:43:e1:0c:e6:ce:
                    2a:c2:8f:e9:09:3f:f3:98:72:17:26:87:1b:8f:66:
                    c8:c1:db:4d:02:55:67:50:76:7b:64:4e:cb:0b:12:
                    c1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1E:7E:3D:51:42:E3:ED:4C:FF:6E:DA:4E:40:F5:F6:1C:3D:9B:F1
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YB5-PVFC4-1M_27aTkD19hw9m_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:74:a6:24:d2:1b:34:f0:cd:20:3c:24:2b:74:6f:35:04:95:
         2a:a7:3b:eb:e1:95:1b:0b:cf:49:20:a8:58:8f:71:97:70:87:
         d6:72:bd:11:5d:61:3a:ba:35:53:01:58:2d:d6:37:01:7c:25:
         1a:e6:3e:9d:3d:fb:73:9c:ca:eb:77:de:72:56:88:f3:4e:25:
         ef:a4:77:28:11:4d:70:33:e6:62:85:f3:0a:ec:0f:73:0c:aa:
         e3:22:61:f1:73:7e:10:83:da:37:cf:90:f2:8f:26:51:de:d9:
         79:05:29:8d:f1:9f:ef:51:0b:5f:dc:69:53:90:36:96:4b:b0:
         48:90:5b:cf:df:53:c0:e7:14:3f:4f:04:bc:15:f4:aa:4b:45:
         56:0e:95:a7:96:eb:a9:d1:3a:af:03:d8:05:c3:a5:ad:7a:5a:
         14:4c:02:66:8a:69:5b:1a:c1:5c:bc:0b:f6:37:9b:c1:27:42:
         71:c1:61:1b:4a:22:09:27:d8:6b:67:9b:75:54:89:61:4a:11:
         ab:a6:36:f4:c0:2a:30:9d:7d:70:3f:91:6f:64:8c:10:f9:57:
         6c:92:f5:a6:c9:a9:f0:61:85:bb:91:e9:5a:6b:2a:32:9f:ce:
         54:45:90:e2:8e:a0:88:76:90:1b:a4:2e:0c:ff:cb:86:6e:2c:
         c3:c2:ec:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZueOoHY8cnVDX3Et1tWoVLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjYwMTA4MTUyOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDFlN2UzZDUxNDJlM2VkNGNmZjZlZGE0ZTQwZjVmNjFjM2Q5YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2pm6AWA+do2zH186P6pTQlh5B4V
4GswUFBHNq2ZYE/qs5nmLSGfSgo2BXlgAqn77PbowucXEq07wn78GcG+N/rDpPb7
UIzbxBZKDMqQHba6+mnf6lBMYzv10uLTyooY2Bo1vKk47Yzye6/SHU9L9fYbIUXq
NSKSuNbzEIzOIXQ6FRXsHcxBUTxv5oRuzwuoz2n807DNOdX64pg3MJ5yZFSRvTZP
pfHHKN1n04gg8ZXzcPJmRKGwtv6haaxN/Tl/vvLq6vYvYy4SodPgKhF9qa1J5TbE
DfVqE0N2Q+EM5s4qwo/pCT/zmHIXJocbj2bIwdtNAlVnUHZ7ZE7LCxLBLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAefj1RQuPtTP9u2k5A9fYcPZvxMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvWUI1LVBWRkM0LTFNXzI3YVRrRDE5aHc5bV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu/MA0G
CSqGSIb3DQEBCwUAA4IBAQALdKYk0hs08M0gPCQrdG81BJUqpzvr4ZUbC89JIKhY
j3GXcIfWcr0RXWE6ujVTAVgt1jcBfCUa5j6dPftznMrrd95yVojzTiXvpHcoEU1w
M+ZihfMK7A9zDKrjImHxc34Qg9o3z5DyjyZR3tl5BSmN8Z/vUQtf3GlTkDaWS7BI
kFvP31PA5xQ/TwS8FfSqS0VWDpWnluup0TqvA9gFw6WteloUTAJmimlbGsFcvAv2
N5vBJ0JxwWEbSiIJJ9hrZ5t1VIlhShGrpjb0wCownX1wP5FvZIwQ+VdskvWmyanw
YYW7kelaayoyn85URZDijqCIdpAbpC4M/8uGbizDwuxz
-----END CERTIFICATE-----