This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yGlfhsLsNNotpNbrhYN_-HPAkKI.roa
File:                     yGlfhsLsNNotpNbrhYN_-HPAkKI.roa (raw, json)
Hash identifier:          ssavj2szlEJTypFrHyEaYS8C9hToVYyffWx8pKdu504=
Subject key identifier:   C8:69:5F:86:C2:EC:34:DA:2D:A4:D6:EB:85:83:7F:F8:73:C0:90:A2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13923A0D09A14D2D7CB1B290441291
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yGlfhsLsNNotpNbrhYN_-HPAkKI.roa
Signing time:             Fri 02 Jan 2026 00:20:15 +0000
ROA not before:           Fri 02 Jan 2026 00:20:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211373
IP address blocks:        45.147.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:92:3a:0d:09:a1:4d:2d:7c:b1:b2:90:44:12:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8695f86c2ec34da2da4d6eb85837ff873c090a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:34:02:f5:36:67:c5:23:07:7f:e5:e2:3e:a6:
                    86:57:05:a1:ce:6f:05:b4:24:19:bb:9a:ea:ea:df:
                    f9:d5:7c:6e:c5:a3:9c:de:6c:57:81:29:13:03:08:
                    cf:14:48:8f:e4:b6:0b:ac:be:63:34:1f:3e:2f:5c:
                    47:26:0b:37:be:7e:cb:a6:a3:d0:61:eb:8d:fc:06:
                    ec:48:30:9c:5d:1a:e8:4b:00:d8:c8:a1:82:9b:38:
                    05:59:d0:3e:e2:54:fa:33:f8:72:0e:96:6f:91:64:
                    4b:84:eb:b5:b1:73:b9:1b:61:ed:ee:37:69:df:e8:
                    82:93:9d:81:0f:41:0e:ed:ab:f7:b7:7a:df:4b:2e:
                    db:dc:af:9b:f7:af:4b:4f:bc:ac:c3:2b:50:42:37:
                    f7:d6:1c:89:70:b1:61:c8:4c:ad:3c:47:19:20:78:
                    b0:d6:2d:8b:5f:1d:6e:d0:d4:ad:2d:32:4c:c4:72:
                    a8:1d:b6:02:fe:eb:d5:7a:41:c5:ff:dc:95:ef:d2:
                    f3:d2:0e:91:58:7e:91:f0:4e:1f:9e:bb:ba:37:57:
                    bf:1a:09:e5:9b:2f:d7:32:43:67:0e:99:fe:38:bf:
                    97:39:58:f7:4a:58:2c:f3:71:42:02:36:7d:b5:d3:
                    60:58:cc:1e:1c:e4:c1:b8:ac:e2:0a:06:63:d8:26:
                    a7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:69:5F:86:C2:EC:34:DA:2D:A4:D6:EB:85:83:7F:F8:73:C0:90:A2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/yGlfhsLsNNotpNbrhYN_-HPAkKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4d:ad:98:31:a8:3a:57:65:9f:b8:88:e0:04:f9:d5:f0:17:
         91:a9:8f:4f:a8:e8:38:cf:fa:25:3e:77:2d:bc:1e:25:a0:19:
         e1:a3:78:1b:af:29:d1:74:2c:cc:7b:43:62:31:d5:4c:ce:f9:
         f5:15:3e:e5:eb:67:80:ad:6e:2e:eb:ae:8f:ba:ce:d0:73:d2:
         2d:16:0d:a5:8f:0f:a5:64:c2:da:28:c7:84:47:c1:2d:06:d8:
         92:8d:b6:83:f2:02:51:63:3b:3d:6f:9f:a3:0e:c9:96:a8:37:
         90:21:ec:c3:6b:83:ff:85:09:ef:b4:42:a0:da:5e:77:e8:3b:
         0a:43:a1:79:46:89:72:5c:11:fd:bd:36:f1:54:85:d6:b4:f3:
         70:51:3b:dc:1d:67:59:13:0a:ac:0c:ad:bd:28:cb:b0:f9:3c:
         31:bd:10:22:c7:38:ae:f8:06:f8:36:c1:e0:c0:34:fd:b6:30:
         0c:f0:a3:a8:2a:01:32:99:8e:db:3f:b9:fb:1e:12:96:c6:ed:
         17:d0:03:f8:3a:65:fa:3b:6a:82:e7:f5:ed:7d:5a:2e:41:08:
         08:4b:84:c8:ab:c6:36:8a:fd:b6:8d:ef:c8:cd:cd:33:43:87:
         c7:cf:8d:2c:ca:a1:9a:e0:b5:2d:a3:d8:ac:a1:85:81:ba:9b:
         fa:d7:c1:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E5I6DQmhTS18sbKQRBKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODY5NWY4NmMyZWMzNGRhMmRhNGQ2ZWI4NTgzN2ZmODczYzA5MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzQC9TZnxSMHf+XiPqaGVwWhzm8F
tCQZu5rq6t/51XxuxaOc3mxXgSkTAwjPFEiP5LYLrL5jNB8+L1xHJgs3vn7LpqPQ
YeuN/AbsSDCcXRroSwDYyKGCmzgFWdA+4lT6M/hyDpZvkWRLhOu1sXO5G2Ht7jdp
3+iCk52BD0EO7av3t3rfSy7b3K+b969LT7yswytQQjf31hyJcLFhyEytPEcZIHiw
1i2LXx1u0NStLTJMxHKoHbYC/uvVekHF/9yV79Lz0g6RWH6R8E4fnru6N1e/Ggnl
my/XMkNnDpn+OL+XOVj3Slgs83FCAjZ9tdNgWMweHOTBuKziCgZj2CanPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhpX4bC7DTaLaTW64WDf/hzwJCiMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveUdsZmhzTHNOTm90cE5icmhZTl8tSFBBa0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZPgMA0G
CSqGSIb3DQEBCwUAA4IBAQBHTa2YMag6V2WfuIjgBPnV8BeRqY9PqOg4z/olPnct
vB4loBnho3gbrynRdCzMe0NiMdVMzvn1FT7l62eArW4u666Pus7Qc9ItFg2ljw+l
ZMLaKMeER8EtBtiSjbaD8gJRYzs9b5+jDsmWqDeQIezDa4P/hQnvtEKg2l536DsK
Q6F5RolyXBH9vTbxVIXWtPNwUTvcHWdZEwqsDK29KMuw+TwxvRAixziu+Ab4NsHg
wDT9tjAM8KOoKgEymY7bP7n7HhKWxu0X0AP4OmX6O2qC5/XtfVouQQgIS4TIq8Y2
iv22je/Izc0zQ4fHz40syqGa4LUto9isoYWBupv618Gg
-----END CERTIFICATE-----