This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/YGiQOHiHl-pd7F57XeKeAbdwXMA.roa
File:                     YGiQOHiHl-pd7F57XeKeAbdwXMA.roa (raw, json)
Hash identifier:          29gNIpDqdxsT6H29JeWb27sw0GS7YeYMgsmOOWbEN/I=
Subject key identifier:   60:68:90:38:78:87:97:EA:5D:EC:5E:7B:5D:E2:9E:01:B7:70:5C:C0
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C80125D547C270A0B901252E69A346E
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/YGiQOHiHl-pd7F57XeKeAbdwXMA.roa
Signing time:             Fri 02 Jan 2026 02:18:46 +0000
ROA not before:           Fri 02 Jan 2026 02:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        45.140.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:20:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:12:5d:54:7c:27:0a:0b:90:12:52:e6:9a:34:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60689038788797ea5dec5e7b5de29e01b7705cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:68:b2:e5:41:ec:66:8a:96:09:89:62:56:66:
                    36:20:d3:52:a9:ea:98:c1:d2:aa:4f:3a:87:a8:ad:
                    8d:b5:6b:3d:61:97:90:4f:fd:b9:06:41:ae:1f:f9:
                    5e:79:a7:cc:a6:32:f2:cc:98:7f:83:9b:22:b0:9c:
                    c7:45:5d:32:ef:6b:d6:d2:7a:0b:1d:97:e6:38:2b:
                    3a:23:d5:b0:de:0f:f3:84:98:f5:91:6a:c0:4d:59:
                    8a:03:1e:d1:e5:b6:4d:2c:8e:c7:57:72:88:2f:b4:
                    5f:58:4e:4e:f3:14:f4:fb:88:cf:02:ca:2f:be:37:
                    30:5d:6c:34:24:8c:d7:e9:81:df:df:38:f4:1a:8e:
                    95:d7:50:0d:b4:96:9a:15:48:c4:4b:6d:d7:dd:ec:
                    d8:75:9b:a6:9e:a4:9d:14:60:1c:ae:f2:29:54:d2:
                    2b:72:4f:2f:c6:27:7c:30:aa:6a:35:2d:93:9a:c3:
                    92:00:76:5a:56:c6:7c:91:1d:c0:e2:04:de:73:61:
                    6d:9c:dc:90:53:03:4e:2e:be:69:02:d3:23:d4:6a:
                    06:37:38:32:08:dd:25:d3:c5:d3:2f:9c:38:60:bd:
                    4e:3f:5c:b0:e1:b0:44:f4:05:e7:14:e1:6b:0d:0a:
                    ef:c0:f0:88:65:f7:0f:81:43:c6:d1:5d:d6:64:ea:
                    92:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:68:90:38:78:87:97:EA:5D:EC:5E:7B:5D:E2:9E:01:B7:70:5C:C0
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/YGiQOHiHl-pd7F57XeKeAbdwXMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:54:6e:d3:5f:e7:2a:8a:6a:b9:8d:b7:12:97:cc:5a:e7:15:
         bd:40:5c:86:95:27:46:9c:79:ef:3a:31:0e:68:bc:cc:94:b0:
         55:86:2b:a7:ee:89:8b:e4:9a:5f:1a:01:85:20:dd:ec:7f:d6:
         5f:ee:5c:5c:fb:8d:1d:eb:cf:2f:27:b7:f4:9a:16:26:ac:06:
         1a:29:27:f5:3c:36:a4:39:c7:2d:50:7a:a4:0c:a7:0f:82:32:
         d2:5c:a0:d4:e7:4f:1c:43:45:5e:59:99:39:e2:c9:cb:e4:96:
         d9:57:d3:13:57:fd:4b:59:39:b6:9f:f9:9e:c2:82:1b:6a:f2:
         a8:e2:bb:ae:33:ff:3e:f7:5e:72:b4:f7:4e:5d:b6:cf:cc:b0:
         6e:93:c6:30:e3:34:e1:f1:89:6d:04:03:a1:e8:23:30:b5:d3:
         f2:6d:ef:c7:06:ed:68:6c:40:bf:7d:10:5c:72:93:7e:23:55:
         0a:46:31:c8:49:0f:ea:ea:1c:46:15:b0:d8:e1:9a:01:9d:8e:
         7c:91:03:7c:f5:9d:77:0f:ba:4d:00:64:d4:68:d6:7b:65:a3:
         57:05:2a:eb:ee:55:a6:84:dd:5c:e5:a9:97:df:b1:30:98:3e:
         48:dd:ba:df:fb:92:57:f3:3f:12:16:39:76:d2:ba:7c:ab:01:
         2a:e1:9c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gBJdVHwnCguQElLmmjRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDY4OTAzODc4ODc5N2VhNWRlYzVlN2I1ZGUyOWUwMWI3NzA1Y2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Wiy5UHsZoqWCYliVmY2INNSqeqY
wdKqTzqHqK2NtWs9YZeQT/25BkGuH/leeafMpjLyzJh/g5sisJzHRV0y72vW0noL
HZfmOCs6I9Ww3g/zhJj1kWrATVmKAx7R5bZNLI7HV3KIL7RfWE5O8xT0+4jPAsov
vjcwXWw0JIzX6YHf3zj0Go6V11ANtJaaFUjES23X3ezYdZumnqSdFGAcrvIpVNIr
ck8vxid8MKpqNS2TmsOSAHZaVsZ8kR3A4gTec2FtnNyQUwNOLr5pAtMj1GoGNzgy
CN0l08XTL5w4YL1OP1yw4bBE9AXnFOFrDQrvwPCIZfcPgUPG0V3WZOqSLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBokDh4h5fqXexee13ingG3cFzAMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvWUdpUU9IaUhsLXBkN0Y1N1hlS2VBYmR3WE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYyYMA0G
CSqGSIb3DQEBCwUAA4IBAQAIVG7TX+cqimq5jbcSl8xa5xW9QFyGlSdGnHnvOjEO
aLzMlLBVhiun7omL5JpfGgGFIN3sf9Zf7lxc+40d688vJ7f0mhYmrAYaKSf1PDak
OcctUHqkDKcPgjLSXKDU508cQ0VeWZk54snL5JbZV9MTV/1LWTm2n/mewoIbavKo
4ruuM/8+915ytPdOXbbPzLBuk8Yw4zTh8YltBAOh6CMwtdPybe/HBu1obEC/fRBc
cpN+I1UKRjHISQ/q6hxGFbDY4ZoBnY58kQN89Z13D7pNAGTUaNZ7ZaNXBSrr7lWm
hN1c5amX37EwmD5I3brf+5JX8z8SFjl20rp8qwEq4ZzU
-----END CERTIFICATE-----