This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8yJ0L7ZNZwsueIfddlLPe4aPNBc.roa
File:                     8yJ0L7ZNZwsueIfddlLPe4aPNBc.roa (raw, json)
Hash identifier:          wVN421+f34qNfEBqw+z6k5x3qM3iQzLdKptDiJvbg3g=
Subject key identifier:   F3:22:74:2F:B6:4D:67:0B:2E:78:87:DD:76:52:CF:7B:86:8F:34:17
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B791157E035C0C7EBAB1D0D7F0FA71164
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8yJ0L7ZNZwsueIfddlLPe4aPNBc.roa
Signing time:             Thu 01 Jan 2026 10:18:58 +0000
ROA not before:           Thu 01 Jan 2026 10:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215826
IP address blocks:        45.150.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:57:e0:35:c0:c7:eb:ab:1d:0d:7f:0f:a7:11:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f322742fb64d670b2e7887dd7652cf7b868f3417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:cc:92:32:66:4b:14:25:5d:ee:20:c4:db:3a:
                    f5:0a:fd:44:4b:3a:bc:d9:2d:d7:d1:34:6f:e5:fe:
                    6b:30:e6:e3:d0:37:bc:a3:d6:df:6f:e6:43:ca:61:
                    fc:2b:6f:ca:9b:5c:6f:8d:83:4f:58:9d:6f:52:ca:
                    2a:a3:9e:d9:90:18:f3:d5:5b:d7:50:aa:43:62:2e:
                    21:96:80:8d:5c:82:7b:62:53:95:c3:a8:37:6f:24:
                    90:b9:37:83:d9:a4:af:d3:3e:75:e7:dd:45:ac:a6:
                    f1:3b:e8:40:82:fc:df:a9:40:33:53:5b:7b:c6:f2:
                    21:dc:6d:71:db:82:66:1d:a9:79:08:ce:96:87:d4:
                    92:3a:c3:af:80:f9:fd:e1:ba:ab:62:da:37:32:ac:
                    bd:c8:6c:52:aa:30:22:55:ac:2e:2a:9e:83:81:5d:
                    6d:e2:97:10:27:db:73:97:6e:77:65:62:01:0e:82:
                    31:2e:58:a5:72:30:47:7e:f7:49:3f:cb:cc:a0:cd:
                    3b:0f:e2:b2:a1:18:02:bd:a7:55:53:f8:19:2a:48:
                    58:5c:08:90:7d:5f:e7:58:52:f7:49:42:b7:20:a3:
                    63:a2:1f:fa:4c:2e:55:5d:83:64:da:9c:82:59:e7:
                    49:0e:6d:b5:d2:86:a7:e4:aa:29:3c:4a:17:f9:0f:
                    31:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:22:74:2F:B6:4D:67:0B:2E:78:87:DD:76:52:CF:7B:86:8F:34:17
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8yJ0L7ZNZwsueIfddlLPe4aPNBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:9b:38:ae:15:d2:ec:c7:36:42:02:bb:1f:d7:49:14:28:bf:
         ff:06:89:d6:67:55:1b:77:01:e9:2e:cd:fe:32:3c:ad:a0:57:
         0a:6e:0a:81:3b:06:25:a5:34:8d:ee:f8:02:6b:b7:f4:04:ab:
         ec:81:a9:8d:48:30:92:3e:ca:50:82:7d:13:c7:23:73:6a:c8:
         b5:ef:9f:d5:be:28:da:87:3d:38:01:f8:f0:74:82:1d:05:05:
         80:9e:58:11:8c:8a:98:ed:f9:1d:23:be:8d:e9:3b:a6:c7:c4:
         25:52:17:a5:75:cb:5e:2a:8e:7d:c0:5d:aa:72:3d:bb:d0:9f:
         4e:8d:ff:02:93:22:73:1b:99:74:f6:c3:12:22:73:16:26:0e:
         59:57:00:0b:16:4e:3b:39:48:e0:7e:d1:83:fa:b3:62:c3:9f:
         d5:cd:0b:67:10:85:00:2d:45:19:21:6e:ff:5f:d9:23:87:fc:
         41:f4:39:61:80:e0:b3:29:74:0d:71:17:f8:d3:45:44:8f:84:
         71:b0:f8:85:fb:12:96:a2:da:2b:01:60:c6:c3:72:a2:b6:ca:
         66:f4:82:98:a0:47:2e:b1:d3:54:d0:3d:d5:0d:f2:d3:a0:a2:
         cf:3b:82:d5:e9:76:4b:b3:88:a6:11:cb:44:70:fd:2b:fb:f4:
         d5:b5:d9:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EVfgNcDH66sdDX8PpxFkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzIyNzQyZmI2NGQ2NzBiMmU3ODg3ZGQ3NjUyY2Y3Yjg2OGYzNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcySMmZLFCVd7iDE2zr1Cv1ESzq8
2S3X0TRv5f5rMObj0De8o9bfb+ZDymH8K2/Km1xvjYNPWJ1vUsoqo57ZkBjz1VvX
UKpDYi4hloCNXIJ7YlOVw6g3bySQuTeD2aSv0z51591FrKbxO+hAgvzfqUAzU1t7
xvIh3G1x24JmHal5CM6Wh9SSOsOvgPn94bqrYto3Mqy9yGxSqjAiVawuKp6DgV1t
4pcQJ9tzl253ZWIBDoIxLlilcjBHfvdJP8vMoM07D+KyoRgCvadVU/gZKkhYXAiQ
fV/nWFL3SUK3IKNjoh/6TC5VXYNk2pyCWedJDm210oan5KopPEoX+Q8xGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMidC+2TWcLLniH3XZSz3uGjzQXMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvOHlKMEw3Wk5ad3N1ZUlmZGRsTFBlNGFQTkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZYiMA0G
CSqGSIb3DQEBCwUAA4IBAQB7mziuFdLsxzZCArsf10kUKL//BonWZ1UbdwHpLs3+
MjytoFcKbgqBOwYlpTSN7vgCa7f0BKvsgamNSDCSPspQgn0TxyNzasi175/Vvija
hz04AfjwdIIdBQWAnlgRjIqY7fkdI76N6Tumx8QlUheldcteKo59wF2qcj270J9O
jf8CkyJzG5l09sMSInMWJg5ZVwALFk47OUjgftGD+rNiw5/VzQtnEIUALUUZIW7/
X9kjh/xB9DlhgOCzKXQNcRf400VEj4RxsPiF+xKWotorAWDGw3Kitspm9IKYoEcu
sdNU0D3VDfLToKLPO4LV6XZLs4imEctEcP0r+/TVtdlJ
-----END CERTIFICATE-----