This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/uYwmLI9IgXoeBYgIJ67lD4M9yaw.roa
File:                     uYwmLI9IgXoeBYgIJ67lD4M9yaw.roa (raw, json)
Hash identifier:          KF+AYbOaxFn3R/9fgqU1GbRgcGguP9S+XNTb3CR98gw=
Subject key identifier:   B9:8C:26:2C:8F:48:81:7A:1E:05:88:08:27:AE:E5:0F:83:3D:C9:AC
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       019B7759567ECB1704549918410DB7739071
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/uYwmLI9IgXoeBYgIJ67lD4M9yaw.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212669
IP address blocks:        45.9.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:56:7e:cb:17:04:54:99:18:41:0d:b7:73:90:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b98c262c8f48817a1e05880827aee50f833dc9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f0:bc:3e:6a:06:52:81:b4:30:52:6e:ae:44:
                    c5:f6:9b:3e:b3:3a:95:78:f0:be:cf:f1:d5:fc:b4:
                    ea:51:8a:b3:f7:63:68:ca:29:b2:3d:af:bf:5e:5d:
                    8b:b1:9c:5a:06:06:35:d2:43:a5:2c:5d:b0:65:a4:
                    b0:f5:a8:13:f5:39:e7:4a:e0:eb:ac:b7:2e:a4:29:
                    30:4b:56:ea:0e:63:70:f0:41:bd:14:27:3a:c1:c3:
                    83:ea:98:4b:85:55:2a:7a:41:11:f3:1d:cc:b3:18:
                    2d:14:10:d0:46:59:a8:9e:be:6e:3d:f2:ea:61:9d:
                    e8:10:3e:c9:8d:c2:23:51:dd:38:97:5f:ea:32:13:
                    90:b7:ec:3a:68:59:86:c5:92:48:32:e5:6b:6f:33:
                    21:d3:64:01:ff:f3:d7:55:b3:41:28:01:d1:cd:a6:
                    8c:13:fa:e1:9c:e4:6e:15:91:78:f3:51:81:52:ef:
                    81:ca:87:bf:9f:63:9e:4b:0a:7a:fa:e7:29:25:72:
                    c7:66:2c:4a:3c:1d:eb:fe:f2:aa:2b:6c:94:61:d2:
                    2f:9a:5e:b7:4c:a2:25:6e:93:90:ae:91:fb:b6:05:
                    93:ca:6c:f8:d3:b9:b0:17:fd:e7:c6:6b:f6:ae:11:
                    56:c6:05:42:23:c3:ad:80:d8:8f:2e:de:00:f3:a4:
                    90:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:8C:26:2C:8F:48:81:7A:1E:05:88:08:27:AE:E5:0F:83:3D:C9:AC
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/uYwmLI9IgXoeBYgIJ67lD4M9yaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:23:9f:e7:bc:19:cc:2a:f3:7b:7c:b8:d6:bf:79:0f:37:50:
         dd:c7:4a:c0:da:e1:96:00:b2:d9:5b:e6:85:dc:6c:7f:ed:cf:
         fc:09:5d:5f:75:48:0a:af:af:15:60:29:9c:26:c9:5b:fd:12:
         89:a4:38:88:12:11:74:1a:80:e9:bd:0a:5f:d0:c7:4d:8a:7f:
         53:5d:b9:3c:0c:ea:05:29:8d:6f:04:f9:7c:31:dc:bd:ac:51:
         b4:4d:1a:ef:63:8e:24:a4:71:47:34:5d:2e:2b:a2:88:cb:d7:
         ad:4b:ad:94:18:53:50:c0:68:65:71:95:4e:62:59:78:b8:51:
         1b:6c:36:7e:1d:ff:98:06:ba:3e:0c:d7:de:9e:08:33:f5:fb:
         be:45:84:90:13:ea:c4:0c:5c:d6:d0:36:29:f9:e6:35:0d:2d:
         95:98:04:3a:94:6a:3c:0c:83:05:1b:28:ad:b3:cb:c8:38:0a:
         98:42:92:d5:b6:38:0b:cc:b3:3d:49:a7:7d:d2:18:a1:0e:30:
         ec:f6:eb:bd:9f:8b:57:98:9a:a8:40:3e:9f:81:e2:9d:b4:7d:
         16:08:5a:54:98:fa:01:ea:47:89:11:2c:88:e8:58:a5:51:89:
         38:4f:74:e8:7e:76:2f:db:4a:dd:f5:ca:92:e7:d0:02:0c:62:
         ec:fb:ac:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WVZ+yxcEVJkYQQ23c5BxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOThjMjYyYzhmNDg4MTdhMWUwNTg4MDgyN2FlZTUwZjgzM2RjOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfC8PmoGUoG0MFJurkTF9ps+szqV
ePC+z/HV/LTqUYqz92NoyimyPa+/Xl2LsZxaBgY10kOlLF2wZaSw9agT9TnnSuDr
rLcupCkwS1bqDmNw8EG9FCc6wcOD6phLhVUqekER8x3MsxgtFBDQRlmonr5uPfLq
YZ3oED7JjcIjUd04l1/qMhOQt+w6aFmGxZJIMuVrbzMh02QB//PXVbNBKAHRzaaM
E/rhnORuFZF481GBUu+Byoe/n2OeSwp6+ucpJXLHZixKPB3r/vKqK2yUYdIvml63
TKIlbpOQrpH7tgWTymz407mwF/3nxmv2rhFWxgVCI8OtgNiPLt4A86SQRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmMJiyPSIF6HgWICCeu5Q+DPcmsMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvdVl3bUxJOUlnWG9lQllnSUo2N2xENE05eWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQl8MA0G
CSqGSIb3DQEBCwUAA4IBAQBLI5/nvBnMKvN7fLjWv3kPN1Ddx0rA2uGWALLZW+aF
3Gx/7c/8CV1fdUgKr68VYCmcJslb/RKJpDiIEhF0GoDpvQpf0MdNin9TXbk8DOoF
KY1vBPl8Mdy9rFG0TRrvY44kpHFHNF0uK6KIy9etS62UGFNQwGhlcZVOYll4uFEb
bDZ+Hf+YBro+DNfenggz9fu+RYSQE+rEDFzW0DYp+eY1DS2VmAQ6lGo8DIMFGyit
s8vIOAqYQpLVtjgLzLM9Sad90hihDjDs9uu9n4tXmJqoQD6fgeKdtH0WCFpUmPoB
6keJESyI6FilUYk4T3TofnYv20rd9cqS59ACDGLs+6zy
-----END CERTIFICATE-----