This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/1yTxuvJTgzp3vueVNPtMM4HSlnE.roa
File:                     1yTxuvJTgzp3vueVNPtMM4HSlnE.roa (raw, json)
Hash identifier:          C3mQ9ASRyTlSwgnHvOngoGQirohvWMvEni68YFNubqo=
Subject key identifier:   D7:24:F1:BA:F2:53:83:3A:77:BE:E7:95:34:FB:4C:33:81:D2:96:71
Certificate issuer:       /CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
Certificate serial:       019B77C68985ACCE7D0FC52DED5B4F76E1DB
Authority key identifier: 5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/1yTxuvJTgzp3vueVNPtMM4HSlnE.roa
Signing time:             Thu 01 Jan 2026 04:17:38 +0000
ROA not before:           Thu 01 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12337
IP address blocks:        45.91.196.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 21:21:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:89:85:ac:ce:7d:0f:c5:2d:ed:5b:4f:76:e1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
        Validity
            Not Before: Jan  1 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d724f1baf253833a77bee79534fb4c3381d29671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:11:05:c3:24:b6:15:9c:cd:bc:54:a3:6d:f2:
                    9f:bc:cc:49:dc:5c:6c:73:4b:df:52:59:f3:d3:9a:
                    ca:89:93:f4:f9:19:ae:85:ce:4e:b2:4c:ad:fa:66:
                    da:f9:6e:2e:ce:01:52:02:7b:71:4e:24:14:42:f3:
                    5c:b7:80:a5:ed:eb:bb:79:f1:c4:7c:4c:00:f6:ff:
                    20:6d:72:1c:df:db:12:1f:67:de:ff:39:a6:2b:00:
                    23:8f:aa:c2:a1:74:c3:0d:5c:28:19:64:da:89:44:
                    d8:67:31:48:9d:12:ca:9c:a1:8f:f2:ed:8d:9d:90:
                    74:6f:68:65:e9:47:de:df:b5:d4:d7:4a:85:dd:54:
                    5f:2d:17:9a:65:97:43:f7:cc:53:b5:c5:9a:76:45:
                    d5:19:da:49:cd:bb:ff:5f:78:48:e8:a5:32:23:d9:
                    e0:3a:f8:1b:8a:f8:bb:9d:5b:33:ef:97:7f:d6:e1:
                    44:a3:6d:a4:25:22:1d:a7:76:f6:0d:d0:e6:80:26:
                    21:2d:4a:61:09:cb:fd:21:66:b0:5a:33:bd:41:37:
                    5f:17:c2:15:c0:ff:45:3a:b6:87:63:d1:6b:02:9c:
                    44:79:c9:67:f1:01:b2:e9:77:f4:28:03:1d:54:a6:
                    7f:55:8f:92:17:69:7a:e5:61:b7:a6:e0:38:95:63:
                    b9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:24:F1:BA:F2:53:83:3A:77:BE:E7:95:34:FB:4C:33:81:D2:96:71
            X509v3 Authority Key Identifier:
                keyid:5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/1yTxuvJTgzp3vueVNPtMM4HSlnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:d1:cb:d1:29:38:fc:11:64:47:71:1d:0f:15:6d:72:7a:8f:
         d3:67:93:98:b0:ea:eb:6f:c9:2b:d8:74:30:c9:21:90:fb:c7:
         1b:26:97:03:62:a7:0d:78:ca:0a:79:a1:5f:10:41:df:1b:21:
         90:dc:36:33:c0:44:68:3f:ae:b0:88:e2:a6:12:6d:e4:a3:ca:
         5c:47:56:f5:2b:d7:53:6d:6b:b0:33:0c:de:45:6b:88:15:d9:
         f4:38:43:2c:a0:6b:be:c4:10:04:d0:92:77:2e:9e:07:c2:50:
         6a:42:b3:ed:56:d1:95:6a:c2:72:a9:3c:19:3c:c6:81:e0:5e:
         b9:ee:68:09:4d:26:b6:d0:29:3d:24:31:60:1a:b9:a2:2a:36:
         23:02:ab:5d:b7:7a:ec:da:9b:66:ba:09:64:66:88:6e:e3:52:
         db:c9:3b:09:ad:7a:11:23:1f:66:d8:27:f1:00:c0:b5:25:b4:
         d1:0f:51:53:2c:17:6e:fa:33:02:1c:2e:7e:44:32:e3:b6:1f:
         52:5e:e8:79:c7:3c:d0:0b:77:79:64:cc:e0:6b:9f:b3:31:e5:
         9b:43:44:25:57:24:39:84:b9:72:d5:e6:19:39:11:f2:37:1e:
         37:e0:ca:5c:f5:cc:c1:22:d7:35:15:c8:f6:ec:43:80:0b:63:
         0f:92:e8:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xomFrM59D8Ut7VtPduHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDEzOTg5NzZiMmY0ODc3MjViYzEzZDdmYWViZWQzZTE2
ZDgyYzkwHhcNMjYwMTAxMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzI0ZjFiYWYyNTM4MzNhNzdiZWU3OTUzNGZiNGMzMzgxZDI5NjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhEFwyS2FZzNvFSjbfKfvMxJ3Fxs
c0vfUlnz05rKiZP0+Rmuhc5Oskyt+mba+W4uzgFSAntxTiQUQvNct4Cl7eu7efHE
fEwA9v8gbXIc39sSH2fe/zmmKwAjj6rCoXTDDVwoGWTaiUTYZzFInRLKnKGP8u2N
nZB0b2hl6Ufe37XU10qF3VRfLReaZZdD98xTtcWadkXVGdpJzbv/X3hI6KUyI9ng
Ovgbivi7nVsz75d/1uFEo22kJSIdp3b2DdDmgCYhLUphCcv9IWawWjO9QTdfF8IV
wP9FOraHY9FrApxEecln8QGy6Xf0KAMdVKZ/VY+SF2l65WG3puA4lWO56QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNck8bryU4M6d77nlTT7TDOB0pZxMB8GA1UdIwQY
MBaAFF3ROYl2svSHclvBPX+uvtPhbYLJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYt
NjAwODEwNjM0ODc4LzEvMXlUeHV2SlRnenAzdnVlVk5QdE1NNEhTbG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYtNjAwODEwNjM0ODc4
LzEvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBT0cvRKTj8EWRHcR0PFW1yeo/TZ5OYsOrrb8kr2HQw
ySGQ+8cbJpcDYqcNeMoKeaFfEEHfGyGQ3DYzwERoP66wiOKmEm3ko8pcR1b1K9dT
bWuwMwzeRWuIFdn0OEMsoGu+xBAE0JJ3Lp4HwlBqQrPtVtGVasJyqTwZPMaB4F65
7mgJTSa20Ck9JDFgGrmiKjYjAqtdt3rs2ptmuglkZohu41LbyTsJrXoRIx9m2Cfx
AMC1JbTRD1FTLBdu+jMCHC5+RDLjth9SXuh5xzzQC3d5ZMzga5+zMeWbQ0QlVyQ5
hLly1eYZORHyNx434Mpc9czBItc1Fcj27EOAC2MPkujS
-----END CERTIFICATE-----