This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Y7Q43FMAY5uJAOHiGUr0M-LWvqU.roa
File:                     Y7Q43FMAY5uJAOHiGUr0M-LWvqU.roa (raw, json)
Hash identifier:          XF0YrDHrbdOG8kBS9STtbtt+ROogkPwcEyC5Q3X82c8=
Subject key identifier:   63:B4:38:DC:53:00:63:9B:89:00:E1:E2:19:4A:F4:33:E2:D6:BE:A5
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C801CB42BABDFE5813A84757071F6B9
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Y7Q43FMAY5uJAOHiGUr0M-LWvqU.roa
Signing time:             Fri 02 Jan 2026 02:18:49 +0000
ROA not before:           Fri 02 Jan 2026 02:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49697
IP address blocks:        45.11.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:1c:b4:2b:ab:df:e5:81:3a:84:75:70:71:f6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63b438dc5300639b8900e1e2194af433e2d6bea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:08:b2:a8:18:a2:92:00:87:44:26:50:df:
                    93:85:6b:b8:1a:95:f7:71:a4:97:d1:db:77:98:c7:
                    ee:c8:31:5f:e0:57:82:a0:ce:33:1d:80:90:30:a7:
                    7d:76:22:a9:82:7f:73:4a:5f:a4:96:df:cb:0f:7e:
                    3f:79:a1:45:3f:85:87:bf:13:74:7e:b6:4d:8c:95:
                    61:49:cc:2b:4b:58:dc:30:3e:86:70:4f:33:e2:ec:
                    b8:84:49:03:84:52:0a:94:ef:6f:e6:6b:81:48:c8:
                    60:93:73:97:86:fa:b6:5c:1b:b2:ed:4d:b3:9b:a8:
                    37:05:dc:82:6e:9f:2c:ce:0f:df:56:c4:7d:f7:fe:
                    c0:2e:f7:c8:b4:4d:e4:85:39:6c:77:59:a8:c6:e6:
                    19:2d:55:37:d4:d1:11:ef:e6:2f:45:44:ed:b1:be:
                    e4:fd:b6:7a:a9:4d:7a:9f:1a:13:44:b8:ce:c4:d3:
                    62:9d:76:ba:00:a4:c9:77:6e:3c:6b:13:57:94:1e:
                    16:c3:91:6e:17:43:76:00:61:ca:43:dd:4f:c4:de:
                    73:f7:e3:64:85:29:57:0a:61:90:f4:be:78:c2:0f:
                    19:cb:98:ab:78:53:c6:0b:09:03:46:be:aa:32:33:
                    03:a8:59:41:34:aa:c2:72:40:42:c6:2d:27:43:e9:
                    62:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B4:38:DC:53:00:63:9B:89:00:E1:E2:19:4A:F4:33:E2:D6:BE:A5
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Y7Q43FMAY5uJAOHiGUr0M-LWvqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:dd:ba:3e:8e:9a:7c:b3:30:1c:e9:36:19:bb:27:08:20:b0:
         6b:67:c7:88:d2:0a:ea:cd:0d:2e:1b:76:04:db:e9:65:4e:93:
         1e:ac:49:bb:aa:9e:86:81:c6:97:1b:f2:fa:9b:4e:82:2c:aa:
         b8:9f:28:f4:4c:b7:d1:68:5a:40:8f:be:4e:bc:c1:94:9e:23:
         53:54:75:2b:95:f4:a1:7b:90:c6:27:f3:47:f6:d5:29:61:b4:
         fe:47:49:97:de:de:39:ef:fc:99:01:dc:c1:a8:49:05:6e:f4:
         ca:e9:a4:52:f6:32:e3:7b:f6:58:e7:19:bd:6d:38:1d:52:75:
         45:8c:a8:25:86:8c:b3:51:b8:f5:94:9d:05:06:ee:7c:b0:e5:
         17:a7:21:f2:08:84:95:d6:15:e2:33:61:07:23:ab:4e:31:8b:
         31:33:86:49:61:33:e9:35:d7:76:d4:c2:87:50:c1:13:0e:b9:
         df:18:81:07:f8:46:4d:c0:68:cc:08:21:d7:94:1c:e8:90:83:
         ff:80:7c:75:67:73:b5:9d:b0:3c:a0:33:ed:e1:f6:18:00:8d:
         81:d6:e3:06:ac:da:20:e9:00:1b:d4:a1:cd:b3:68:b4:27:62:
         9b:e0:0a:c8:b6:7e:4b:82:52:b7:ff:02:51:05:73:25:1a:bd:
         97:c8:d2:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBy0K6vf5YE6hHVwcfa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2I0MzhkYzUzMDA2MzliODkwMGUxZTIxOTRhZjQzM2UyZDZiZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG0IsqgYopIAh0QmUN+ThWu4GpX3
caSX0dt3mMfuyDFf4FeCoM4zHYCQMKd9diKpgn9zSl+klt/LD34/eaFFP4WHvxN0
frZNjJVhScwrS1jcMD6GcE8z4uy4hEkDhFIKlO9v5muBSMhgk3OXhvq2XBuy7U2z
m6g3BdyCbp8szg/fVsR99/7ALvfItE3khTlsd1moxuYZLVU31NER7+YvRUTtsb7k
/bZ6qU16nxoTRLjOxNNinXa6AKTJd248axNXlB4Ww5FuF0N2AGHKQ91PxN5z9+Nk
hSlXCmGQ9L54wg8Zy5ireFPGCwkDRr6qMjMDqFlBNKrCckBCxi0nQ+liCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO0ONxTAGObiQDh4hlK9DPi1r6lMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvWTdRNDNGTUFZNXVKQU9IaUdVcjBNLUxXdnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQvnMA0G
CSqGSIb3DQEBCwUAA4IBAQCK3bo+jpp8szAc6TYZuycIILBrZ8eI0grqzQ0uG3YE
2+llTpMerEm7qp6GgcaXG/L6m06CLKq4nyj0TLfRaFpAj75OvMGUniNTVHUrlfSh
e5DGJ/NH9tUpYbT+R0mX3t457/yZAdzBqEkFbvTK6aRS9jLje/ZY5xm9bTgdUnVF
jKglhoyzUbj1lJ0FBu58sOUXpyHyCISV1hXiM2EHI6tOMYsxM4ZJYTPpNdd21MKH
UMETDrnfGIEH+EZNwGjMCCHXlBzokIP/gHx1Z3O1nbA8oDPt4fYYAI2B1uMGrNog
6QAb1KHNs2i0J2Kb4ArItn5LglK3/wJRBXMlGr2XyNIw
-----END CERTIFICATE-----