This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/Y7BflHpDTlEOWh8-FjDosgwANDI.roa
File:                     Y7BflHpDTlEOWh8-FjDosgwANDI.roa (raw, json)
Hash identifier:          BNh1IcHDcawtVTnT8ZLo5aKLUrVIe97SR3mZxwBAYlo=
Subject key identifier:   63:B0:5F:94:7A:43:4E:51:0E:5A:1F:3E:16:30:E8:B2:0C:00:34:32
Certificate issuer:       /CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
Certificate serial:       019B7AC802ED8344880C771A33D4D72589C2
Authority key identifier: 49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/Y7BflHpDTlEOWh8-FjDosgwANDI.roa
Signing time:             Thu 01 Jan 2026 18:18:06 +0000
ROA not before:           Thu 01 Jan 2026 18:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197071
IP address blocks:        45.132.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:02:ed:83:44:88:0c:77:1a:33:d4:d7:25:89:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
        Validity
            Not Before: Jan  1 18:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63b05f947a434e510e5a1f3e1630e8b20c003432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fa:29:e0:9b:c7:6e:97:2e:05:51:56:90:a9:
                    2e:67:ba:9e:76:2c:f4:79:eb:2b:a6:00:9c:58:da:
                    7b:b4:56:f6:0e:51:b5:c4:54:c2:0d:3a:61:97:70:
                    91:5a:6b:99:5e:a8:76:de:d7:1c:ab:80:18:13:5f:
                    e7:5b:2d:b0:81:c8:23:a8:de:86:e2:c3:ec:c5:69:
                    4b:9c:05:a9:25:b7:b4:f0:56:d7:63:11:90:2b:da:
                    13:aa:42:7c:9c:4d:c3:e7:24:8e:94:31:f3:0c:39:
                    47:ae:47:80:ee:87:2b:82:a2:31:42:c7:1f:58:ae:
                    2a:f5:60:e9:4a:19:d4:a0:ab:18:84:88:3a:60:08:
                    82:bd:ff:98:3e:90:cd:90:43:7c:f2:d0:db:da:64:
                    00:88:cf:31:33:98:41:5d:6a:ef:8a:8f:1e:fb:1d:
                    3c:0f:f7:fd:c2:f9:e8:4f:6e:47:7b:1a:09:9f:1e:
                    d6:60:03:96:79:c9:89:b8:72:5e:89:99:39:f5:75:
                    2a:27:d9:35:e6:31:bf:e3:41:63:d7:6d:d5:16:49:
                    05:1a:18:10:27:41:b3:e5:5f:4b:01:20:c7:a0:df:
                    04:1a:f4:f9:4a:ea:c1:60:73:94:f1:2e:3b:5a:d0:
                    53:ee:a5:4a:0c:99:21:81:de:5b:f8:bd:cf:69:a7:
                    fd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B0:5F:94:7A:43:4E:51:0E:5A:1F:3E:16:30:E8:B2:0C:00:34:32
            X509v3 Authority Key Identifier:
                keyid:49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/Y7BflHpDTlEOWh8-FjDosgwANDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:57:11:54:05:f2:f9:ff:1e:6d:36:b9:51:4b:5b:b8:33:ad:
         59:9c:3e:73:24:c8:b0:30:e4:ed:d8:f2:ed:8d:d2:c0:cb:c1:
         fc:ac:18:3b:c7:85:62:82:f2:e9:42:f0:b6:81:c6:ba:f9:83:
         0e:1d:f2:5f:5c:4b:87:45:35:04:7c:28:fa:b4:54:e5:23:4e:
         80:df:13:6d:54:6c:cc:9a:00:a3:9f:b8:4c:db:15:94:19:1a:
         ba:dc:73:53:7b:29:c6:9b:46:8e:84:94:0b:ce:61:8f:91:47:
         df:18:51:94:ed:f9:c7:66:0f:60:3e:bf:42:e1:5b:24:40:99:
         fe:6e:24:22:5d:03:ee:ab:b4:fb:80:2d:5a:99:14:3c:94:8f:
         d7:ca:a9:2d:08:61:8b:70:f3:56:94:5b:2c:b2:22:47:de:11:
         77:01:0f:f6:87:e0:c5:00:ce:2b:62:b3:ec:03:12:5e:3f:0d:
         9e:48:a6:85:cb:37:85:5e:f0:1c:e2:03:7a:f6:3f:04:ac:ea:
         94:cc:1c:c0:fb:6f:12:d3:d5:f9:99:09:db:e2:c8:cf:bc:ae:
         61:53:94:e5:5a:ed:2f:26:04:75:93:69:8e:62:fd:f8:6b:65:
         af:9f:7e:2a:06:f1:6c:21:b4:75:5f:c3:50:92:18:7e:0b:de:
         8c:b1:89:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yALtg0SIDHcaM9TXJYnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzIyYTBjYThiYmM5NGQ0OGE1Y2I0OGNjYzkyZWZlZjg0
NWE3ZTMwHhcNMjYwMTAxMTgxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2IwNWY5NDdhNDM0ZTUxMGU1YTFmM2UxNjMwZThiMjBjMDAzNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vop4JvHbpcuBVFWkKkuZ7qediz0
eesrpgCcWNp7tFb2DlG1xFTCDTphl3CRWmuZXqh23tccq4AYE1/nWy2wgcgjqN6G
4sPsxWlLnAWpJbe08FbXYxGQK9oTqkJ8nE3D5ySOlDHzDDlHrkeA7ocrgqIxQscf
WK4q9WDpShnUoKsYhIg6YAiCvf+YPpDNkEN88tDb2mQAiM8xM5hBXWrvio8e+x08
D/f9wvnoT25HexoJnx7WYAOWecmJuHJeiZk59XUqJ9k15jG/40Fj123VFkkFGhgQ
J0Gz5V9LASDHoN8EGvT5SurBYHOU8S47WtBT7qVKDJkhgd5b+L3Paaf9GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOwX5R6Q05RDlofPhYw6LIMADQyMB8GA1UdIwQY
MBaAFElyKgyou8lNSKXLSMzJLv74RafjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjIt
ZTE4ZmE2NTgwNTVhLzEvWTdCZmxIcERUbEVPV2g4LUZqRG9zZ3dBTkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjItZTE4ZmE2NTgwNTVh
LzEvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYRbMA0G
CSqGSIb3DQEBCwUAA4IBAQDDVxFUBfL5/x5tNrlRS1u4M61ZnD5zJMiwMOTt2PLt
jdLAy8H8rBg7x4VigvLpQvC2gca6+YMOHfJfXEuHRTUEfCj6tFTlI06A3xNtVGzM
mgCjn7hM2xWUGRq63HNTeynGm0aOhJQLzmGPkUffGFGU7fnHZg9gPr9C4VskQJn+
biQiXQPuq7T7gC1amRQ8lI/XyqktCGGLcPNWlFsssiJH3hF3AQ/2h+DFAM4rYrPs
AxJePw2eSKaFyzeFXvAc4gN69j8ErOqUzBzA+28S09X5mQnb4sjPvK5hU5TlWu0v
JgR1k2mOYv34a2Wvn34qBvFsIbR1X8NQkhh+C96MsYn9
-----END CERTIFICATE-----