This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Yr8FfJafDqnuDpmzd-Z_EiVUiWQ.roa
File:                     Yr8FfJafDqnuDpmzd-Z_EiVUiWQ.roa (raw, json)
Hash identifier:          0n01Z+J/bCMj5sgThACi7J936IZ/48LogokhygrFb9Q=
Subject key identifier:   62:BF:05:7C:96:9F:0E:A9:EE:0E:99:B3:77:E6:7F:12:25:54:89:64
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E383233606F6461DBAE72153AB4990E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Yr8FfJafDqnuDpmzd-Z_EiVUiWQ.roa
Signing time:             Fri 02 Jan 2026 10:19:30 +0000
ROA not before:           Fri 02 Jan 2026 10:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205701
IP address blocks:        5.8.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:32:33:60:6f:64:61:db:ae:72:15:3a:b4:99:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62bf057c969f0ea9ee0e99b377e67f1225548964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:34:d7:87:df:0b:7c:9d:a6:0c:d3:d4:35:82:
                    8b:b5:6e:ec:13:d4:50:e9:0f:39:a4:74:2a:f0:e4:
                    85:af:09:da:90:62:81:f3:d7:ac:9e:ab:9e:42:04:
                    32:5b:1f:98:7b:b8:c2:f3:55:45:52:10:b5:3b:73:
                    36:ca:48:ab:a5:5a:c6:47:e5:ef:ca:04:68:d9:f5:
                    25:31:9d:4a:4e:ed:1f:a4:23:c5:c9:3d:38:61:5c:
                    cd:d7:2e:14:0f:a5:6e:81:59:4f:55:33:f4:df:de:
                    41:89:01:9a:d7:18:65:10:c9:8a:2e:b3:b3:74:b3:
                    b9:c2:df:fc:9a:82:2a:cf:8a:fc:a7:ec:25:4b:02:
                    db:22:f6:ab:d6:77:81:1b:33:ca:7a:45:3b:16:13:
                    7d:26:2e:17:60:b9:ca:4e:c0:1d:b9:61:b0:50:d8:
                    4c:b7:f0:4b:40:de:6c:84:e1:14:1c:48:fc:7b:1c:
                    6d:e7:13:e3:ee:61:7d:38:b5:fb:1a:69:b6:10:8d:
                    69:9b:0e:35:27:f1:06:58:49:f7:64:1a:49:49:1a:
                    a8:2a:94:0a:e1:30:ab:ce:7b:9e:71:6f:88:22:a8:
                    5f:fc:04:76:7b:40:0d:b3:15:41:9f:92:01:a7:6b:
                    1f:b4:f4:8d:d4:ec:cb:f5:2c:d3:eb:03:05:b7:92:
                    e2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:BF:05:7C:96:9F:0E:A9:EE:0E:99:B3:77:E6:7F:12:25:54:89:64
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Yr8FfJafDqnuDpmzd-Z_EiVUiWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:1e:6b:a3:d8:9a:92:2c:10:ea:5a:3f:23:48:1a:5a:1b:90:
         38:8a:a7:95:68:ed:28:29:5a:f0:52:b5:57:8b:0f:fe:43:3a:
         05:53:27:94:2c:ae:81:ce:ea:1c:21:99:95:60:a8:10:09:f5:
         de:7e:93:d7:42:3a:17:3c:95:83:53:7f:12:e2:dc:22:85:81:
         5b:7e:ad:76:aa:98:42:7f:ff:4c:0d:d0:b4:f1:4f:b7:86:69:
         e1:4b:61:0e:cc:16:ca:e6:b9:0c:0a:26:cf:ed:18:d2:5b:5a:
         2f:6c:c8:17:63:7b:c1:fd:60:1c:9d:d9:73:4e:7d:a0:4b:53:
         2e:0a:08:24:14:62:69:e1:93:70:d3:8e:0c:0b:ba:47:8e:4d:
         64:88:f5:bc:08:b1:99:46:99:a7:77:b3:c5:df:47:89:ca:40:
         e0:a3:24:e4:c6:d3:6c:e4:e4:74:f9:e5:42:51:85:5a:d2:68:
         5e:d8:e4:23:d6:eb:e3:11:77:94:ee:3c:9f:94:6c:bb:7b:8a:
         e6:6f:b0:e2:fe:1f:4e:8a:68:b9:ad:5c:a7:b5:f2:22:95:a1:
         5e:66:40:89:63:ff:13:85:c8:c1:4f:be:6d:e6:24:27:66:30:
         71:b6:c0:94:2e:3e:54:b8:44:c9:d7:c8:15:7f:4c:19:04:4f:
         ce:86:e3:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ODIzYG9kYduuchU6tJkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmJmMDU3Yzk2OWYwZWE5ZWUwZTk5YjM3N2U2N2YxMjI1NTQ4OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzTXh98LfJ2mDNPUNYKLtW7sE9RQ
6Q85pHQq8OSFrwnakGKB89esnqueQgQyWx+Ye7jC81VFUhC1O3M2ykirpVrGR+Xv
ygRo2fUlMZ1KTu0fpCPFyT04YVzN1y4UD6VugVlPVTP0395BiQGa1xhlEMmKLrOz
dLO5wt/8moIqz4r8p+wlSwLbIvar1neBGzPKekU7FhN9Ji4XYLnKTsAduWGwUNhM
t/BLQN5shOEUHEj8exxt5xPj7mF9OLX7Gmm2EI1pmw41J/EGWEn3ZBpJSRqoKpQK
4TCrznuecW+IIqhf/AR2e0ANsxVBn5IBp2sftPSN1OzL9SzT6wMFt5LiqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGK/BXyWnw6p7g6Zs3fmfxIlVIlkMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvWXI4RmZKYWZEcW51RHBtemQtWl9FaVZVaVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQg6MA0G
CSqGSIb3DQEBCwUAA4IBAQC+Hmuj2JqSLBDqWj8jSBpaG5A4iqeVaO0oKVrwUrVX
iw/+QzoFUyeULK6BzuocIZmVYKgQCfXefpPXQjoXPJWDU38S4twihYFbfq12qphC
f/9MDdC08U+3hmnhS2EOzBbK5rkMCibP7RjSW1ovbMgXY3vB/WAcndlzTn2gS1Mu
CggkFGJp4ZNw044MC7pHjk1kiPW8CLGZRpmnd7PF30eJykDgoyTkxtNs5OR0+eVC
UYVa0mhe2OQj1uvjEXeU7jyflGy7e4rmb7Di/h9Oimi5rVyntfIilaFeZkCJY/8T
hcjBT75t5iQnZjBxtsCULj5UuETJ18gVf0wZBE/OhuNq
-----END CERTIFICATE-----