This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4izCy_qGHNsqMME3hhUM-KgZ_Rs.roa
File:                     4izCy_qGHNsqMME3hhUM-KgZ_Rs.roa (raw, json)
Hash identifier:          uRp1ipxbj2WpOJYAgCT/SwDua99qUlecPyflw9sSjIU=
Subject key identifier:   E2:2C:C2:CB:FA:86:1C:DB:2A:30:C1:37:86:15:0C:F8:A8:19:FD:1B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C136948D59166B9F4699EFC82E8035B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4izCy_qGHNsqMME3hhUM-KgZ_Rs.roa
Signing time:             Fri 02 Jan 2026 00:20:05 +0000
ROA not before:           Fri 02 Jan 2026 00:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        45.8.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:69:48:d5:91:66:b9:f4:69:9e:fc:82:e8:03:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e22cc2cbfa861cdb2a30c13786150cf8a819fd1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:58:a1:7b:50:9f:5c:1e:96:9a:d5:41:e8:
                    c5:18:28:13:06:00:56:65:84:a8:8e:23:0d:cd:d9:
                    f8:75:4f:01:ba:5e:81:4a:34:7c:3b:1e:a9:ee:52:
                    a5:3d:d5:c5:8d:0f:14:f7:80:9c:9e:d2:a7:c4:51:
                    15:8b:15:b4:44:3b:ce:27:95:0a:d3:03:09:fb:51:
                    cf:11:e6:78:a3:f9:9d:77:11:bf:6e:86:24:1a:73:
                    ff:21:f8:6e:80:5e:b4:6f:01:1a:84:4e:33:7d:1f:
                    b7:77:c3:0c:78:29:ab:32:de:4f:33:55:c4:01:61:
                    d4:34:54:df:73:36:4a:7a:e8:f5:70:87:12:87:52:
                    5c:96:72:f6:1b:59:0e:74:22:31:80:b2:cd:54:c4:
                    8c:7c:e1:e8:17:97:29:6f:81:1a:ad:ca:dc:a2:0c:
                    e2:a7:82:d2:a0:10:87:bc:c6:2a:78:55:4e:4d:e8:
                    ca:9a:c5:55:c8:e3:c6:f2:62:ed:66:a4:35:f0:e9:
                    68:24:e8:fc:e2:e4:6f:5a:9b:e8:05:81:95:f9:af:
                    c7:25:24:27:bc:2e:2a:ad:29:2b:f7:15:9e:52:5d:
                    e6:65:2e:fb:ab:67:dc:11:d6:ed:18:64:02:df:fc:
                    5c:e8:0b:54:d3:77:be:bf:27:67:96:4f:56:d3:42:
                    7c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2C:C2:CB:FA:86:1C:DB:2A:30:C1:37:86:15:0C:F8:A8:19:FD:1B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4izCy_qGHNsqMME3hhUM-KgZ_Rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:ae:60:b3:e3:8e:a0:2f:ba:e3:0e:d3:bd:68:db:ee:ae:3d:
         fd:61:3b:11:c0:17:6c:94:a9:0d:d0:77:0e:f6:7b:7e:a1:b8:
         42:4e:28:75:55:a9:b5:61:df:6d:c8:40:cf:3c:24:69:84:b6:
         35:11:fa:83:65:79:de:fc:e4:12:fd:ce:87:82:1b:0b:6b:e8:
         18:60:79:22:54:27:4a:e3:7d:4e:6b:42:94:82:a6:30:8b:6a:
         c6:a3:c1:ba:19:9c:67:b1:c0:75:0f:19:09:3e:b2:ee:96:71:
         8b:44:90:8e:12:82:1d:ac:52:45:8b:fa:3f:7b:a7:f1:3b:f0:
         7e:9f:66:4b:0b:a8:fe:63:d8:5b:cd:ed:66:6b:70:22:87:d5:
         7a:da:b8:43:b9:73:58:1b:33:75:b0:32:c3:cf:67:e3:ad:04:
         da:c5:e9:3a:53:41:69:1b:66:58:6b:dd:ad:02:a4:cd:64:61:
         67:d2:17:22:d5:16:8e:01:c5:88:fa:27:58:9e:32:eb:72:90:
         11:9d:48:95:d7:32:5e:f1:88:26:d5:a4:d0:fb:63:45:78:d1:
         42:cc:d6:a1:3b:1b:31:fe:38:bf:84:be:e5:df:48:35:dc:3a:
         8f:6e:bf:00:9f:7f:9a:3f:82:6f:71:ff:3b:a6:ae:63:1c:77:
         5b:3f:c7:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E2lI1ZFmufRpnvyC6ANbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJjYzJjYmZhODYxY2RiMmEzMGMxMzc4NjE1MGNmOGE4MTlmZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwpYoXtQn1welprVQejFGCgTBgBW
ZYSojiMNzdn4dU8Bul6BSjR8Ox6p7lKlPdXFjQ8U94CcntKnxFEVixW0RDvOJ5UK
0wMJ+1HPEeZ4o/mddxG/boYkGnP/IfhugF60bwEahE4zfR+3d8MMeCmrMt5PM1XE
AWHUNFTfczZKeuj1cIcSh1JclnL2G1kOdCIxgLLNVMSMfOHoF5cpb4Earcrcogzi
p4LSoBCHvMYqeFVOTejKmsVVyOPG8mLtZqQ18OloJOj84uRvWpvoBYGV+a/HJSQn
vC4qrSkr9xWeUl3mZS77q2fcEdbtGGQC3/xc6AtU03e+vydnlk9W00J8+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIswsv6hhzbKjDBN4YVDPioGf0bMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNGl6Q3lfcUdITnNxTU1FM2hoVU0tS2daX1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgXMA0G
CSqGSIb3DQEBCwUAA4IBAQDArmCz446gL7rjDtO9aNvurj39YTsRwBdslKkN0HcO
9nt+obhCTih1Vam1Yd9tyEDPPCRphLY1EfqDZXne/OQS/c6HghsLa+gYYHkiVCdK
431Oa0KUgqYwi2rGo8G6GZxnscB1DxkJPrLulnGLRJCOEoIdrFJFi/o/e6fxO/B+
n2ZLC6j+Y9hbze1ma3Aih9V62rhDuXNYGzN1sDLDz2fjrQTaxek6U0FpG2ZYa92t
AqTNZGFn0hci1RaOAcWI+idYnjLrcpARnUiV1zJe8Ygm1aTQ+2NFeNFCzNahOxsx
/ji/hL7l30g13DqPbr8An3+aP4Jvcf87pq5jHHdbP8cc
-----END CERTIFICATE-----