This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/Y28x5IzUI42VFOBvke09KYzr7_U.roa
File:                     Y28x5IzUI42VFOBvke09KYzr7_U.roa (raw, json)
Hash identifier:          hhVaUfCtGXTnfymIDdR8UxHA+TnCtopLvOzuoWmW+28=
Subject key identifier:   63:6F:31:E4:8C:D4:23:8D:95:14:E0:6F:91:ED:3D:29:8C:EB:EF:F5
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       019B7D5C1E78651C9FBA612885784810A32A
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/Y28x5IzUI42VFOBvke09KYzr7_U.roa
Signing time:             Fri 02 Jan 2026 06:19:07 +0000
ROA not before:           Fri 02 Jan 2026 06:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20454
IP address blocks:        45.131.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:1e:78:65:1c:9f:ba:61:28:85:78:48:10:a3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Jan  2 06:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=636f31e48cd4238d9514e06f91ed3d298cebeff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:da:82:c5:e6:e1:64:d5:ec:0b:80:52:68:6b:
                    7f:9f:ec:c8:15:3a:90:04:31:78:b1:23:94:18:e6:
                    54:a9:f4:4b:98:ff:14:74:4d:25:c3:de:fc:3f:0f:
                    7f:65:bd:24:a0:91:94:90:29:0b:cd:65:ff:8e:1f:
                    fe:0c:25:52:5f:49:ed:44:02:6b:f3:8d:e3:4b:ab:
                    b1:37:8f:bb:0a:04:0d:04:5e:73:a2:3f:9a:ee:b6:
                    ea:20:7b:86:78:1e:82:5d:b0:9f:9f:27:fc:3a:c2:
                    ed:e5:d7:44:ae:1c:61:cb:98:7f:4b:8d:b7:c5:7c:
                    27:d0:95:50:8f:e4:8b:b1:91:1f:9e:59:9b:ef:65:
                    f5:57:99:b2:24:28:3a:c6:fd:44:6f:3f:ff:47:66:
                    46:ac:e3:47:4e:4a:ae:16:6e:6c:50:82:38:3a:52:
                    da:55:e0:31:b9:bd:2c:bc:b7:2a:df:a0:b7:03:88:
                    d4:64:ca:d9:ca:4c:36:32:a8:8b:24:d1:eb:78:74:
                    f1:73:08:d0:7a:db:50:75:60:43:51:98:e9:1c:a1:
                    e5:e6:fd:98:30:5e:18:94:7c:1f:ec:d2:2c:c9:2c:
                    5b:60:e5:89:85:cd:b2:5d:c6:3b:af:1b:44:40:ae:
                    db:58:ce:a7:b2:b3:65:72:de:9b:45:ec:f5:ed:aa:
                    c9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:6F:31:E4:8C:D4:23:8D:95:14:E0:6F:91:ED:3D:29:8C:EB:EF:F5
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/Y28x5IzUI42VFOBvke09KYzr7_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:62:ac:79:04:8f:42:c2:5a:fc:ef:01:a7:71:0c:b9:d3:bf:
         88:ac:cc:a5:e2:12:58:c1:25:40:92:ac:51:2f:5a:8a:c2:c3:
         7d:15:89:76:5d:32:e7:da:bf:2f:d6:d5:d4:87:73:68:0f:ec:
         b4:36:01:8f:7f:63:2d:1f:dc:33:b1:59:c3:e4:9e:73:4b:54:
         f5:d8:ea:8c:f6:b6:17:fc:13:a7:48:72:6a:c2:da:be:41:79:
         53:14:8e:65:29:3f:bc:90:a1:27:76:f0:1b:e0:f8:d2:21:6f:
         6a:6f:43:f9:14:e8:f0:a4:12:bd:39:4c:55:e0:84:03:e7:03:
         ff:1c:7f:29:99:4f:d8:84:ed:cf:9f:31:6f:55:06:53:fe:78:
         4a:ab:99:de:ae:ea:cd:6f:29:4c:87:d7:9f:76:cc:4b:3c:56:
         56:c4:6c:0f:e8:ca:50:fb:ce:a9:2f:04:cc:93:59:5d:0e:10:
         02:a6:a7:1b:a0:b3:8d:67:e9:1a:bd:79:52:66:f2:42:03:ba:
         c6:09:9c:bf:2a:79:dc:8a:f9:3c:3a:80:e1:ee:41:17:2e:40:
         18:41:5c:40:4f:34:32:b7:59:46:67:20:7f:c6:a1:37:96:2b:
         cc:be:c8:3e:b1:54:03:a3:03:9b:26:75:ba:07:d3:b1:82:20:
         45:31:6f:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XB54ZRyfumEohXhIEKMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjYwMTAyMDYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZmMzFlNDhjZDQyMzhkOTUxNGUwNmY5MWVkM2QyOThjZWJlZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9qCxebhZNXsC4BSaGt/n+zIFTqQ
BDF4sSOUGOZUqfRLmP8UdE0lw978Pw9/Zb0koJGUkCkLzWX/jh/+DCVSX0ntRAJr
843jS6uxN4+7CgQNBF5zoj+a7rbqIHuGeB6CXbCfnyf8OsLt5ddErhxhy5h/S423
xXwn0JVQj+SLsZEfnlmb72X1V5myJCg6xv1Ebz//R2ZGrONHTkquFm5sUII4OlLa
VeAxub0svLcq36C3A4jUZMrZykw2MqiLJNHreHTxcwjQettQdWBDUZjpHKHl5v2Y
MF4YlHwf7NIsySxbYOWJhc2yXcY7rxtEQK7bWM6nsrNlct6bRez17arJywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNvMeSM1CONlRTgb5HtPSmM6+/1MB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvWTI4eDVJelVJNDJWRk9CdmtlMDlLWXpyN19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYMMMA0G
CSqGSIb3DQEBCwUAA4IBAQBBYqx5BI9Cwlr87wGncQy507+IrMyl4hJYwSVAkqxR
L1qKwsN9FYl2XTLn2r8v1tXUh3NoD+y0NgGPf2MtH9wzsVnD5J5zS1T12OqM9rYX
/BOnSHJqwtq+QXlTFI5lKT+8kKEndvAb4PjSIW9qb0P5FOjwpBK9OUxV4IQD5wP/
HH8pmU/YhO3PnzFvVQZT/nhKq5nerurNbylMh9efdsxLPFZWxGwP6MpQ+86pLwTM
k1ldDhACpqcboLONZ+kavXlSZvJCA7rGCZy/Knncivk8OoDh7kEXLkAYQVxATzQy
t1lGZyB/xqE3livMvsg+sVQDowObJnW6B9OxgiBFMW9e
-----END CERTIFICATE-----