This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/GyehNP3GNMAkeXlLJEWyWCcQtzU.roa
File:                     GyehNP3GNMAkeXlLJEWyWCcQtzU.roa (raw, json)
Hash identifier:          IpYqqZa4sTN+dmYx8FkURhFjGrU2UAuArFl+utDihPQ=
Subject key identifier:   1B:27:A1:34:FD:C6:34:C0:24:79:79:4B:24:45:B2:58:27:10:B7:35
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       019B79ED3F2EFB28A779CF6F0FB8ED72D52E
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/GyehNP3GNMAkeXlLJEWyWCcQtzU.roa
Signing time:             Thu 01 Jan 2026 14:19:09 +0000
ROA not before:           Thu 01 Jan 2026 14:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46261
IP address blocks:        45.143.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:3f:2e:fb:28:a7:79:cf:6f:0f:b8:ed:72:d5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  1 14:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b27a134fdc634c02479794b2445b2582710b735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e2:54:79:4b:3b:1c:b0:cb:de:83:c2:da:05:
                    f4:5f:55:d8:fa:b9:d1:54:a7:8a:fa:91:69:02:9e:
                    3b:7f:a1:c9:84:fe:59:87:d9:30:e1:34:f6:1b:9e:
                    90:3d:4a:4f:81:e7:cc:ce:b6:91:b3:dd:b0:96:99:
                    51:15:5b:76:c3:32:8a:88:39:89:00:64:27:28:cc:
                    a8:1c:20:f9:cd:80:43:91:ba:d4:6e:95:2e:13:1c:
                    01:14:fd:84:db:f0:eb:eb:eb:d7:4e:76:31:96:54:
                    67:92:29:6d:ad:38:01:3a:af:28:87:dc:4e:9a:7b:
                    40:dc:ae:f5:09:fd:7f:0b:f1:a9:6b:2c:a2:0a:3e:
                    6f:c8:a7:04:8e:ba:0e:46:ae:ee:fe:f9:4b:3a:52:
                    c1:b1:67:ca:c7:b2:0f:54:a0:45:8d:12:37:08:b8:
                    41:f6:eb:b0:d9:d9:6b:60:c1:af:6b:ca:47:fd:60:
                    c3:f7:a4:eb:6a:7d:c5:11:72:c6:4b:fc:98:b3:f7:
                    24:bc:72:d7:44:21:76:53:ed:4a:87:c4:7e:9d:4c:
                    0e:bd:75:8f:6a:41:4a:88:6b:24:d5:36:5c:78:94:
                    6a:64:2a:8d:d2:8c:d6:72:e2:14:7e:6e:47:c5:61:
                    23:42:85:04:4b:ff:b0:89:0c:42:0e:45:ed:5b:ea:
                    ad:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:27:A1:34:FD:C6:34:C0:24:79:79:4B:24:45:B2:58:27:10:B7:35
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/GyehNP3GNMAkeXlLJEWyWCcQtzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d1:8d:86:af:bf:c7:48:4b:34:27:49:39:f7:d0:64:5e:36:
         16:88:47:63:fa:e3:b2:eb:3a:ea:fd:12:5e:89:28:aa:5a:dc:
         5f:fc:1a:26:5c:0e:56:51:64:9a:13:ef:13:fc:30:cc:65:06:
         e6:68:96:32:43:c8:ca:3c:d0:2b:c9:25:b0:54:e2:f0:73:78:
         eb:bd:d2:76:f0:af:76:04:61:b7:71:07:d1:35:54:4b:0f:db:
         24:88:14:5d:af:fc:a1:b6:8e:72:48:eb:f8:32:d8:fa:1d:bc:
         94:94:1b:d4:9f:b0:21:a2:4d:fc:89:fd:38:48:53:d7:8a:99:
         64:f9:7e:06:ea:18:c0:a2:f7:52:ad:c9:c5:5f:43:30:46:26:
         3b:5c:56:fa:81:33:a3:9f:2f:cc:e4:bf:f2:81:34:37:79:7e:
         b1:7f:ae:9c:d3:11:09:bd:41:77:65:ca:c8:6f:dd:f8:20:0b:
         1d:90:77:72:e6:fe:23:82:8e:e6:7b:8f:27:bb:81:38:1c:e1:
         72:3a:6b:1f:da:ee:5b:5a:23:7e:dd:aa:95:dd:9d:7c:e0:a9:
         bb:56:4f:2d:71:6a:3d:1f:cb:37:dd:86:f5:13:ff:62:1e:22:
         c6:ce:2f:e3:26:f6:f2:3f:c0:7e:46:83:d2:c6:0a:71:93:e9:
         f8:5b:6a:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57T8u+yinec9vD7jtctUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjYwMTAxMTQxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjI3YTEzNGZkYzYzNGMwMjQ3OTc5NGIyNDQ1YjI1ODI3MTBiNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eJUeUs7HLDL3oPC2gX0X1XY+rnR
VKeK+pFpAp47f6HJhP5Zh9kw4TT2G56QPUpPgefMzraRs92wlplRFVt2wzKKiDmJ
AGQnKMyoHCD5zYBDkbrUbpUuExwBFP2E2/Dr6+vXTnYxllRnkiltrTgBOq8oh9xO
mntA3K71Cf1/C/GpayyiCj5vyKcEjroORq7u/vlLOlLBsWfKx7IPVKBFjRI3CLhB
9uuw2dlrYMGva8pH/WDD96Tran3FEXLGS/yYs/ckvHLXRCF2U+1Kh8R+nUwOvXWP
akFKiGsk1TZceJRqZCqN0ozWcuIUfm5HxWEjQoUES/+wiQxCDkXtW+qtbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsnoTT9xjTAJHl5SyRFslgnELc1MB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvR3llaE5QM0dOTUFrZVhsTEpFV3lXQ2NRdHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8LMA0G
CSqGSIb3DQEBCwUAA4IBAQAK0Y2Gr7/HSEs0J0k599BkXjYWiEdj+uOy6zrq/RJe
iSiqWtxf/BomXA5WUWSaE+8T/DDMZQbmaJYyQ8jKPNArySWwVOLwc3jrvdJ28K92
BGG3cQfRNVRLD9skiBRdr/yhto5ySOv4Mtj6HbyUlBvUn7Ahok38if04SFPXiplk
+X4G6hjAovdSrcnFX0MwRiY7XFb6gTOjny/M5L/ygTQ3eX6xf66c0xEJvUF3ZcrI
b934IAsdkHdy5v4jgo7me48nu4E4HOFyOmsf2u5bWiN+3aqV3Z184Km7Vk8tcWo9
H8s33Yb1E/9iHiLGzi/jJvbyP8B+RoPSxgpxk+n4W2o5
-----END CERTIFICATE-----