This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CyJJ7TOo3tWEj8rpaqhXzoxAj-A.roa
File:                     CyJJ7TOo3tWEj8rpaqhXzoxAj-A.roa (raw, json)
Hash identifier:          XQO6Xy1VJugPEsLXnRUaJ54XQtY3WUQ04ODTQoUDFss=
Subject key identifier:   0B:22:49:ED:33:A8:DE:D5:84:8F:CA:E9:6A:A8:57:CE:8C:40:8F:E0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D245A108D447108947E6DE0D10442
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CyJJ7TOo3tWEj8rpaqhXzoxAj-A.roa
Signing time:             Fri 02 Jan 2026 06:20:14 +0000
ROA not before:           Fri 02 Jan 2026 06:20:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3170
IP address blocks:        45.141.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:24:5a:10:8d:44:71:08:94:7e:6d:e0:d1:04:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b2249ed33a8ded5848fcae96aa857ce8c408fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e0:a7:17:68:d4:0f:d1:ee:3e:f6:0d:99:3e:
                    9b:93:68:b4:e8:ae:ee:a1:d5:7a:3c:84:8b:d2:d4:
                    17:b2:0c:d2:65:73:df:48:21:ce:65:a8:66:42:e3:
                    85:f3:95:fc:bf:9e:01:2e:07:fb:44:8b:f6:89:8a:
                    72:b4:de:6f:ef:b1:b5:5a:49:51:df:68:31:65:05:
                    85:f7:b1:41:2f:ad:ff:b3:65:a1:40:ae:72:7b:53:
                    62:bf:de:ba:d8:a2:dd:58:13:66:08:29:90:c6:01:
                    e2:d4:96:fa:ef:dd:99:c9:a0:56:3b:ef:3d:2a:88:
                    54:86:fe:07:66:4a:ed:b4:07:e4:76:bb:67:c5:28:
                    be:67:a7:f2:61:3d:33:7f:c3:84:10:04:75:d9:bc:
                    26:78:06:a4:9d:61:46:80:f9:5c:76:37:5a:99:1e:
                    a1:ef:f0:78:e7:1d:3a:de:2e:8c:be:19:a3:3a:f1:
                    de:49:5b:90:aa:72:86:d4:a2:95:a8:de:7a:cf:26:
                    08:3b:39:66:82:a4:03:4c:e7:d0:0a:8e:6f:55:b1:
                    6e:9f:c0:3b:87:0b:c1:f2:14:62:d2:dc:e4:29:d1:
                    7c:b1:ef:84:05:77:ba:cc:01:bb:41:16:9f:d5:eb:
                    4e:39:9f:b1:b0:67:29:c6:14:cb:3e:a8:c3:80:5b:
                    7f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:22:49:ED:33:A8:DE:D5:84:8F:CA:E9:6A:A8:57:CE:8C:40:8F:E0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CyJJ7TOo3tWEj8rpaqhXzoxAj-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:37:3a:1a:b0:8f:51:40:1d:b7:5c:5a:c2:b1:85:db:d3:ac:
         8d:b4:ae:18:95:fb:b3:06:63:2c:29:b9:ea:c9:2f:9f:1d:70:
         b3:00:a4:03:7a:d8:dc:94:cc:87:96:52:82:90:e7:c6:2f:27:
         cc:7f:5a:65:af:84:eb:50:bb:b0:ea:ca:fd:f3:74:b4:6d:54:
         73:b5:93:ee:bc:f9:2e:56:43:e0:c2:53:47:c0:24:bc:0c:d0:
         1f:9a:1d:71:76:60:93:d8:c6:1d:38:f8:b9:ff:06:40:92:78:
         d4:1a:e6:16:e2:11:e0:94:e9:b9:19:b6:73:85:90:27:ca:df:
         b5:b0:e3:fb:09:f0:1c:36:01:ca:0f:a6:7a:d8:90:43:09:b4:
         6c:6a:bc:1e:13:21:cd:a5:a5:5e:31:f3:55:8c:a8:37:b0:51:
         7e:b2:fd:95:3b:ab:49:67:b9:14:ff:56:55:f0:d3:99:f9:94:
         c4:de:51:bc:2e:8e:95:3a:68:ef:8a:89:53:19:75:d0:7a:5b:
         1e:06:d7:fa:38:84:ea:c6:3b:c1:0c:76:46:10:85:c2:34:bc:
         03:9f:1e:65:61:b8:ca:26:39:ce:20:5c:57:25:15:a1:18:61:
         06:34:34:7b:0a:f3:af:32:c2:74:df:e7:91:77:81:18:a9:01:
         a9:85:82:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XSRaEI1EcQiUfm3g0QRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjIyNDllZDMzYThkZWQ1ODQ4ZmNhZTk2YWE4NTdjZThjNDA4ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreCnF2jUD9HuPvYNmT6bk2i06K7u
odV6PISL0tQXsgzSZXPfSCHOZahmQuOF85X8v54BLgf7RIv2iYpytN5v77G1WklR
32gxZQWF97FBL63/s2WhQK5ye1Niv9662KLdWBNmCCmQxgHi1Jb6792ZyaBWO+89
KohUhv4HZkrttAfkdrtnxSi+Z6fyYT0zf8OEEAR12bwmeAaknWFGgPlcdjdamR6h
7/B45x063i6MvhmjOvHeSVuQqnKG1KKVqN56zyYIOzlmgqQDTOfQCo5vVbFun8A7
hwvB8hRi0tzkKdF8se+EBXe6zAG7QRaf1etOOZ+xsGcpxhTLPqjDgFt/EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsiSe0zqN7VhI/K6WqoV86MQI/gMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ3lKSjdUT28zdFdFajhycGFxaFh6b3hBai1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCLNzoasI9RQB23XFrCsYXb06yNtK4YlfuzBmMsKbnq
yS+fHXCzAKQDetjclMyHllKCkOfGLyfMf1plr4TrULuw6sr983S0bVRztZPuvPku
VkPgwlNHwCS8DNAfmh1xdmCT2MYdOPi5/wZAknjUGuYW4hHglOm5GbZzhZAnyt+1
sOP7CfAcNgHKD6Z62JBDCbRsarweEyHNpaVeMfNVjKg3sFF+sv2VO6tJZ7kU/1ZV
8NOZ+ZTE3lG8Lo6VOmjviolTGXXQelseBtf6OITqxjvBDHZGEIXCNLwDnx5lYbjK
JjnOIFxXJRWhGGEGNDR7CvOvMsJ03+eRd4EYqQGphYIi
-----END CERTIFICATE-----