This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/Ky8jp1Zp3SE33IK4OJ5ro_Au50s.roa
File:                     Ky8jp1Zp3SE33IK4OJ5ro_Au50s.roa (raw, json)
Hash identifier:          3YeTlhlPLg4f3wbYqV7xvH/ZVjip5tcjie4ghX8ZC2U=
Subject key identifier:   2B:2F:23:A7:56:69:DD:21:37:DC:82:B8:38:9E:6B:A3:F0:2E:E7:4B
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       019B7B36EF25C44E06F927ED7FA7E48D0F62
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/Ky8jp1Zp3SE33IK4OJ5ro_Au50s.roa
Signing time:             Thu 01 Jan 2026 20:19:16 +0000
ROA not before:           Thu 01 Jan 2026 20:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48674
IP address blocks:        46.33.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ef:25:c4:4e:06:f9:27:ed:7f:a7:e4:8d:0f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Jan  1 20:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b2f23a75669dd2137dc82b8389e6ba3f02ee74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:2e:01:9c:b1:36:a1:3c:2e:51:2b:ce:76:
                    40:26:ff:d8:7c:83:54:07:26:86:59:b4:67:db:45:
                    52:88:28:69:19:80:dc:dd:0e:10:51:8c:da:41:ce:
                    27:d5:6f:ab:69:c4:fa:ca:80:93:7e:c9:00:cd:37:
                    69:e3:51:19:78:c2:f8:5f:55:6b:ff:80:16:06:ac:
                    7c:9f:6f:6d:ee:49:98:80:8a:7c:d8:7d:90:c1:82:
                    18:1c:3a:30:94:f0:c8:29:3b:ba:b0:6b:87:b0:88:
                    6f:ce:f5:e6:7c:17:83:c8:68:d6:c9:30:68:ef:1c:
                    7d:c1:c5:6a:5a:b8:c7:0c:e1:ed:fb:aa:59:ef:a5:
                    f5:1d:17:b6:08:64:cc:30:54:0d:ca:9f:f4:4a:12:
                    36:fc:e6:d5:1f:c8:f6:4e:a6:28:e1:4b:4c:e1:ef:
                    60:3b:ad:e4:14:84:44:8f:e3:3f:ee:ce:c6:88:64:
                    fa:7a:e6:ac:75:ee:2b:de:3a:10:c1:bb:99:f8:44:
                    2a:22:18:18:5d:85:43:86:5b:0d:29:8d:91:f9:f5:
                    8c:55:35:00:f0:be:70:91:51:f4:70:12:d2:b4:cd:
                    aa:4c:bb:89:9f:cc:0f:49:a0:ce:53:d9:d2:94:c4:
                    f2:46:ec:f8:ce:d8:80:4f:18:a4:0d:90:94:8f:e3:
                    bf:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:2F:23:A7:56:69:DD:21:37:DC:82:B8:38:9E:6B:A3:F0:2E:E7:4B
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/Ky8jp1Zp3SE33IK4OJ5ro_Au50s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:eb:c2:0b:a9:b4:17:49:a1:69:c0:bf:a8:de:51:15:d2:89:
         66:22:52:82:4a:66:26:5c:29:16:85:27:cf:da:47:31:50:5e:
         82:34:55:6e:d1:66:40:3d:84:ef:dd:e7:47:ca:9b:f9:5d:65:
         ed:dc:eb:7c:7d:70:05:e7:1f:de:6e:24:5d:a4:63:68:83:89:
         7c:54:46:b7:be:68:d4:15:39:4a:6e:18:df:fa:53:cb:e7:85:
         2f:af:67:db:fd:22:c3:9c:07:22:9e:d0:ed:22:90:0b:f2:fa:
         97:51:16:1e:16:0e:79:ee:25:e8:9b:3c:44:41:58:0f:ce:17:
         8d:de:bf:2b:69:0d:db:88:61:b7:50:63:b2:70:6d:32:7f:4f:
         73:41:df:83:d8:91:fc:94:90:04:56:7e:5b:ba:0b:58:0e:d2:
         84:bb:a5:26:b4:f1:24:ed:d9:ca:e6:da:a0:43:37:27:43:c8:
         bd:3f:66:98:7b:1e:af:34:dd:5d:a2:5e:c0:41:36:67:31:d2:
         fa:d6:fd:04:47:13:6e:9f:18:e1:22:52:d9:b1:1f:66:29:5f:
         cf:02:f9:33:40:39:bf:34:a4:79:a3:36:04:8d:d5:af:e0:a2:
         7f:d4:65:59:a1:38:d5:9e:55:d2:04:6b:74:56:59:2f:a1:a4:
         a4:3b:3c:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nu8lxE4G+Sftf6fkjQ9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjYwMTAxMjAxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJmMjNhNzU2NjlkZDIxMzdkYzgyYjgzODllNmJhM2YwMmVlNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXwuAZyxNqE8LlErznZAJv/YfINU
ByaGWbRn20VSiChpGYDc3Q4QUYzaQc4n1W+racT6yoCTfskAzTdp41EZeML4X1Vr
/4AWBqx8n29t7kmYgIp82H2QwYIYHDowlPDIKTu6sGuHsIhvzvXmfBeDyGjWyTBo
7xx9wcVqWrjHDOHt+6pZ76X1HRe2CGTMMFQNyp/0ShI2/ObVH8j2TqYo4UtM4e9g
O63kFIREj+M/7s7GiGT6euasde4r3joQwbuZ+EQqIhgYXYVDhlsNKY2R+fWMVTUA
8L5wkVH0cBLStM2qTLuJn8wPSaDOU9nSlMTyRuz4ztiATxikDZCUj+O/WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsvI6dWad0hN9yCuDiea6PwLudLMB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvS3k4anAxWnAzU0UzM0lLNE9KNXJvX0F1NTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiEXMA0G
CSqGSIb3DQEBCwUAA4IBAQCn68ILqbQXSaFpwL+o3lEV0olmIlKCSmYmXCkWhSfP
2kcxUF6CNFVu0WZAPYTv3edHypv5XWXt3Ot8fXAF5x/ebiRdpGNog4l8VEa3vmjU
FTlKbhjf+lPL54Uvr2fb/SLDnAcintDtIpAL8vqXURYeFg557iXomzxEQVgPzheN
3r8raQ3biGG3UGOycG0yf09zQd+D2JH8lJAEVn5bugtYDtKEu6UmtPEk7dnK5tqg
QzcnQ8i9P2aYex6vNN1dol7AQTZnMdL61v0ERxNunxjhIlLZsR9mKV/PAvkzQDm/
NKR5ozYEjdWv4KJ/1GVZoTjVnlXSBGt0VlkvoaSkOzyO
-----END CERTIFICATE-----