This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1h_ygPIXaNb4cGL5SV2z1xCVqGQ.roa
File:                     1h_ygPIXaNb4cGL5SV2z1xCVqGQ.roa (raw, json)
Hash identifier:          HcPcD14ZT7oTjHVrooIBv1j1ePWIMsrtBhEFYrGMrB0=
Subject key identifier:   D6:1F:F2:80:F2:17:68:D6:F8:70:62:F9:49:5D:B3:D7:10:95:A8:64
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D5A41DFD31A2F97E4DB528A28FB0B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1h_ygPIXaNb4cGL5SV2z1xCVqGQ.roa
Signing time:             Fri 02 Jan 2026 06:20:28 +0000
ROA not before:           Fri 02 Jan 2026 06:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209155
IP address blocks:        45.156.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:5a:41:df:d3:1a:2f:97:e4:db:52:8a:28:fb:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d61ff280f21768d6f87062f9495db3d71095a864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a0:60:d5:ce:06:08:f3:ca:0f:b8:5d:c2:66:
                    1e:59:ef:66:07:8f:ab:07:ff:b0:8a:db:81:a2:09:
                    9a:fd:16:86:d8:07:a8:97:d4:4a:2f:85:55:bb:e2:
                    17:47:23:11:b6:55:d2:42:76:4c:9b:56:1a:7f:81:
                    06:3a:d1:46:40:16:6c:5e:9f:c2:9d:dd:e8:8e:96:
                    cd:b4:ca:73:33:bd:80:1f:9b:c0:f9:bb:ed:ef:83:
                    56:a9:fe:2a:1a:77:c7:83:a1:c9:64:4c:f6:f7:2b:
                    b6:43:17:68:40:51:6d:10:4e:59:9b:9e:79:2c:44:
                    90:06:55:3b:ff:51:77:4e:7e:84:a2:8f:26:94:ad:
                    9c:e5:4f:a2:68:f7:46:a7:92:22:53:dc:e0:96:b4:
                    fc:ed:67:ca:7b:39:bc:8e:fa:e4:01:b2:3b:b8:8f:
                    70:03:57:58:03:eb:89:3d:e6:6f:19:48:c4:99:a9:
                    14:48:16:f7:0a:4f:fb:69:77:d9:02:b7:4e:79:bb:
                    9b:f8:55:c8:e7:b8:60:e9:de:97:8b:02:b0:e1:fe:
                    99:0a:5c:34:94:77:a6:32:a9:6b:e5:ae:b0:26:15:
                    48:07:be:74:b7:be:04:99:8b:a0:9e:b9:a7:fb:c3:
                    76:a1:77:d5:32:31:87:da:14:b0:6a:a7:31:ea:68:
                    5d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:1F:F2:80:F2:17:68:D6:F8:70:62:F9:49:5D:B3:D7:10:95:A8:64
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1h_ygPIXaNb4cGL5SV2z1xCVqGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:46:0b:71:5e:82:58:7b:f0:52:8b:4d:2f:aa:a1:dd:b0:5d:
         a8:13:69:ba:d3:65:a4:47:1a:1f:b6:cc:6a:3d:3c:1a:0c:f6:
         53:78:1c:80:a4:68:39:fd:93:10:ab:ab:3a:d5:61:e6:35:e1:
         3b:ea:ee:63:64:38:67:17:62:69:7b:8d:6c:f1:45:6a:99:b8:
         13:f2:0b:9f:13:9b:23:3a:80:8c:fe:98:ca:ec:a1:d8:f1:a1:
         50:d7:d4:7b:2e:2c:fb:7b:66:12:eb:68:35:20:18:a5:4b:a8:
         12:e4:e3:9b:2b:4a:21:d3:3e:33:71:ac:a5:81:ff:d7:48:82:
         a6:bc:21:78:5b:79:8c:e1:f7:b3:40:95:98:5a:be:be:50:c8:
         4d:e7:a7:96:dd:a9:a1:13:40:70:fa:f5:6e:2f:7d:9b:9b:09:
         40:aa:7e:ae:2c:81:2b:ea:d1:6a:32:9b:91:56:7b:5a:96:19:
         f1:3f:f1:21:be:79:bd:2d:9b:50:9d:cd:9a:7a:2f:52:94:e0:
         a5:93:65:a1:12:52:f4:90:5e:d5:9a:e9:e9:6e:23:c9:fc:11:
         eb:cd:c7:35:dc:d0:8c:51:6f:45:47:fe:54:b5:84:cb:29:4c:
         29:7f:40:1c:64:31:da:33:a1:f0:1d:81:0e:78:d2:60:07:d0:
         45:8a:25:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XVpB39MaL5fk21KKKPsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjFmZjI4MGYyMTc2OGQ2Zjg3MDYyZjk0OTVkYjNkNzEwOTVhODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKBg1c4GCPPKD7hdwmYeWe9mB4+r
B/+wituBogma/RaG2Aeol9RKL4VVu+IXRyMRtlXSQnZMm1Yaf4EGOtFGQBZsXp/C
nd3ojpbNtMpzM72AH5vA+bvt74NWqf4qGnfHg6HJZEz29yu2QxdoQFFtEE5Zm555
LESQBlU7/1F3Tn6Eoo8mlK2c5U+iaPdGp5IiU9zglrT87WfKezm8jvrkAbI7uI9w
A1dYA+uJPeZvGUjEmakUSBb3Ck/7aXfZArdOebub+FXI57hg6d6XiwKw4f6ZClw0
lHemMqlr5a6wJhVIB750t74EmYugnrmn+8N2oXfVMjGH2hSwaqcx6mhdLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYf8oDyF2jW+HBi+Ulds9cQlahkMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMWhfeWdQSVhhTmI0Y0dMNVNWMnoxeENWcUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyeMA0G
CSqGSIb3DQEBCwUAA4IBAQAeRgtxXoJYe/BSi00vqqHdsF2oE2m602WkRxoftsxq
PTwaDPZTeByApGg5/ZMQq6s61WHmNeE76u5jZDhnF2Jpe41s8UVqmbgT8gufE5sj
OoCM/pjK7KHY8aFQ19R7Liz7e2YS62g1IBilS6gS5OObK0oh0z4zcaylgf/XSIKm
vCF4W3mM4fezQJWYWr6+UMhN56eW3amhE0Bw+vVuL32bmwlAqn6uLIEr6tFqMpuR
VntalhnxP/Ehvnm9LZtQnc2aei9SlOClk2WhElL0kF7VmunpbiPJ/BHrzcc13NCM
UW9FR/5UtYTLKUwpf0AcZDHaM6HwHYEOeNJgB9BFiiX0
-----END CERTIFICATE-----