This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Y7woxibftbaXMfvNoeSqyxfgq9U.roa
File:                     Y7woxibftbaXMfvNoeSqyxfgq9U.roa (raw, json)
Hash identifier:          Ok1pkCgfhQsxkKkLjxhIrcFfWGlm0m1daEB+QUk1Tac=
Subject key identifier:   63:BC:28:C6:26:DF:B5:B6:97:31:FB:CD:A1:E4:AA:CB:17:E0:AB:D5
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019B7BA56071368E012356D3D0ADD00EB33A
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Y7woxibftbaXMfvNoeSqyxfgq9U.roa
Signing time:             Thu 01 Jan 2026 22:19:54 +0000
ROA not before:           Thu 01 Jan 2026 22:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210636
IP address blocks:        45.88.246.0/24 maxlen: 24
                          45.88.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:60:71:36:8e:01:23:56:d3:d0:ad:d0:0e:b3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  1 22:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63bc28c626dfb5b69731fbcda1e4aacb17e0abd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:f2:45:1c:27:17:4c:a9:52:9f:d2:ea:40:
                    85:cc:15:bc:86:9d:44:72:37:06:21:2b:07:73:9d:
                    35:3e:bb:5b:fc:c1:dc:0f:0a:8a:37:d7:0c:3a:27:
                    6b:10:7e:31:2b:fb:8b:9a:cd:54:68:c5:b6:fd:54:
                    e5:9b:b1:ad:69:a7:19:67:81:40:71:92:99:fe:dd:
                    a4:ba:08:e8:8f:8a:7e:51:49:7c:ae:4f:ac:24:38:
                    ff:19:9f:30:f8:e9:85:34:bf:a4:6a:61:c6:5f:1a:
                    b1:5f:d8:15:66:94:99:c7:cb:80:d6:56:56:a0:fe:
                    b1:09:a3:2b:89:78:e2:25:74:b0:e6:40:50:12:dd:
                    6a:e3:d5:43:21:93:c4:7d:c2:f2:fb:08:13:ad:38:
                    29:78:57:91:6e:31:b8:5f:26:97:d2:16:ac:26:08:
                    39:1c:54:c6:36:59:26:b8:e3:31:a0:53:99:e4:db:
                    97:00:66:22:e1:56:f2:61:c7:66:02:7c:fa:e7:29:
                    76:45:de:cd:13:8b:b9:bf:27:12:b1:0f:60:c8:26:
                    22:cc:72:37:6f:cb:1d:44:62:df:a0:90:3c:23:ed:
                    25:c1:b3:e3:f5:bc:36:ea:46:78:83:a6:07:c9:66:
                    e3:f7:f3:fb:0c:fb:b6:a8:de:4c:b9:45:2a:86:37:
                    8a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BC:28:C6:26:DF:B5:B6:97:31:FB:CD:A1:E4:AA:CB:17:E0:AB:D5
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/Y7woxibftbaXMfvNoeSqyxfgq9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:a6:60:d7:90:10:ce:29:6c:21:77:97:23:c4:c9:10:2c:3c:
         ce:02:d8:60:ff:a5:5e:19:c4:fb:96:94:24:79:c9:af:20:db:
         c5:4f:58:05:16:f1:d5:f6:ba:2c:ec:89:b5:57:e5:95:01:e2:
         cc:ea:11:b2:91:70:87:8e:ed:27:f8:6b:25:96:30:a0:88:c8:
         9d:29:e7:e4:67:0e:8a:54:5f:c3:9b:71:f1:c5:a5:3e:b1:de:
         c1:ec:0d:35:59:86:1d:cc:19:a2:29:9b:54:26:c8:00:01:8d:
         89:00:34:a6:52:a2:c2:60:fb:37:0f:e0:a7:a8:94:ad:e7:3b:
         97:ea:7d:42:ff:7f:36:9b:90:36:b2:92:5b:56:d7:8d:e4:65:
         e7:a7:dc:a9:8f:84:50:6e:bc:20:1f:24:a9:09:27:a6:a2:97:
         de:a5:c7:a1:99:86:9a:25:47:03:c9:e4:1d:4a:88:05:30:3b:
         9e:90:97:c0:bc:99:2b:5c:ed:af:29:55:38:00:00:e6:77:02:
         f6:85:3d:10:9d:02:ad:85:a1:82:a9:11:89:9f:29:33:18:fb:
         36:82:42:ec:09:34:bb:8a:d8:82:89:11:19:bb:7d:f8:b0:d5:
         aa:d4:fc:df:44:1e:06:4b:b7:36:58:32:09:3d:42:6e:f7:bb:
         01:0a:06:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pWBxNo4BI1bT0K3QDrM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjYwMTAxMjIxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JjMjhjNjI2ZGZiNWI2OTczMWZiY2RhMWU0YWFjYjE3ZTBhYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+HyRRwnF0ypUp/S6kCFzBW8hp1E
cjcGISsHc501Prtb/MHcDwqKN9cMOidrEH4xK/uLms1UaMW2/VTlm7GtaacZZ4FA
cZKZ/t2kugjoj4p+UUl8rk+sJDj/GZ8w+OmFNL+kamHGXxqxX9gVZpSZx8uA1lZW
oP6xCaMriXjiJXSw5kBQEt1q49VDIZPEfcLy+wgTrTgpeFeRbjG4XyaX0hasJgg5
HFTGNlkmuOMxoFOZ5NuXAGYi4VbyYcdmAnz65yl2Rd7NE4u5vycSsQ9gyCYizHI3
b8sdRGLfoJA8I+0lwbPj9bw26kZ4g6YHyWbj9/P7DPu2qN5MuUUqhjeKwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO8KMYm37W2lzH7zaHkqssX4KvVMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvWTd3b3hpYmZ0YmFYTWZ2Tm9lU3F5eGZncTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVj2MA0G
CSqGSIb3DQEBCwUAA4IBAQAnpmDXkBDOKWwhd5cjxMkQLDzOAthg/6VeGcT7lpQk
ecmvINvFT1gFFvHV9ros7Im1V+WVAeLM6hGykXCHju0n+GslljCgiMidKefkZw6K
VF/Dm3HxxaU+sd7B7A01WYYdzBmiKZtUJsgAAY2JADSmUqLCYPs3D+CnqJSt5zuX
6n1C/382m5A2spJbVteN5GXnp9ypj4RQbrwgHySpCSemopfepcehmYaaJUcDyeQd
SogFMDuekJfAvJkrXO2vKVU4AADmdwL2hT0QnQKthaGCqRGJnykzGPs2gkLsCTS7
itiCiREZu334sNWq1PzfRB4GS7c2WDIJPUJu97sBCgby
-----END CERTIFICATE-----