This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/YXyKSQA62yKkb7oIprfQWpNYq5k.roa
File:                     YXyKSQA62yKkb7oIprfQWpNYq5k.roa (raw, json)
Hash identifier:          2S/w+1qpceETf27eC9DVFe1O3Yuo2aVT1QqWaFNm3nw=
Subject key identifier:   61:7C:8A:49:00:3A:DB:22:A4:6F:BA:08:A6:B7:D0:5A:93:58:AB:99
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       019B7EA5360CA0FE68C2E75D025CC07DE50C
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/YXyKSQA62yKkb7oIprfQWpNYq5k.roa
Signing time:             Fri 02 Jan 2026 12:18:35 +0000
ROA not before:           Fri 02 Jan 2026 12:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        45.134.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:36:0c:a0:fe:68:c2:e7:5d:02:5c:c0:7d:e5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Jan  2 12:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=617c8a49003adb22a46fba08a6b7d05a9358ab99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2f:68:c3:73:ec:cb:b1:1c:bb:87:a4:bf:64:
                    d0:68:03:92:90:d1:5a:28:ad:8a:d9:2d:2a:53:32:
                    8f:90:d5:92:14:7d:b7:13:8d:0a:fb:72:06:e6:10:
                    19:3f:f4:d5:43:f5:b9:29:a8:ab:a0:4e:5e:83:32:
                    c5:75:06:c7:37:9a:9d:1c:2a:d1:a2:b2:7d:64:12:
                    2e:7d:02:94:0f:4b:20:95:57:83:d4:d0:38:3c:e3:
                    af:b5:26:b6:ea:d0:c8:19:66:29:2d:14:86:d2:c4:
                    15:21:21:77:33:4a:f9:09:26:cd:32:ba:87:e6:a9:
                    05:5d:db:a1:df:30:d5:76:dd:8b:7f:a1:5a:78:46:
                    0b:21:d2:50:08:5b:79:47:f8:5c:b4:47:33:93:d4:
                    f2:2e:df:1a:dc:28:ca:f3:11:ae:8d:cc:e7:7e:e6:
                    dc:7d:8e:4c:f1:a8:a8:70:c3:74:2f:8b:65:de:34:
                    87:c3:a0:90:ee:7e:5f:c3:49:09:e6:0d:6f:fb:da:
                    a4:91:52:d9:43:4a:75:ba:ea:52:f9:84:54:ea:60:
                    f5:ba:72:66:47:ce:e0:b3:db:6b:cb:be:77:ff:ec:
                    27:7c:1a:aa:a3:8f:34:83:1c:aa:81:ae:41:d6:78:
                    84:d7:71:7e:18:0f:1e:8f:db:0b:35:23:52:9d:c7:
                    83:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:7C:8A:49:00:3A:DB:22:A4:6F:BA:08:A6:B7:D0:5A:93:58:AB:99
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/YXyKSQA62yKkb7oIprfQWpNYq5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:31:5e:8a:2f:57:62:af:a4:7e:c0:e1:25:e7:d8:d0:e9:d7:
         20:8f:ce:09:9e:cd:2f:5b:ab:61:e9:93:d3:f5:eb:bf:3b:2d:
         9c:42:cb:02:b0:7d:e3:ad:4b:69:9a:b8:19:9f:4d:19:a3:27:
         df:5c:d6:46:d7:58:4c:ca:a7:4d:db:b5:aa:09:13:c7:df:37:
         0e:22:2a:d4:a9:81:a5:68:74:c6:24:54:75:69:d7:79:8a:b1:
         80:c2:ba:bb:3c:b4:a4:88:b0:2e:3d:15:6c:8a:e0:4c:fa:df:
         81:f7:60:26:bf:a4:32:9e:74:51:a3:6a:61:b6:ba:d0:df:33:
         df:f2:6f:40:d2:13:ef:20:dc:b6:a0:29:d6:5d:29:3c:c9:99:
         b2:22:68:57:7a:0f:43:89:f2:6d:9b:09:b2:37:4a:16:e9:d2:
         38:40:37:13:80:1d:f0:7d:46:35:14:ae:83:55:d4:ce:60:25:
         c9:1b:68:cd:60:b7:e3:0f:73:63:47:10:7d:7d:11:e8:1a:e7:
         d6:9d:70:0f:05:5b:49:69:c1:16:0b:80:93:2d:dc:07:59:85:
         33:f3:f3:33:84:f0:2d:c9:82:3f:e3:5e:b4:95:90:87:98:9b:
         b8:41:16:46:e9:18:3f:1c:59:b6:c5:24:5b:e7:d3:86:1d:4c:
         17:42:7e:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pTYMoP5owuddAlzAfeUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjYwMTAyMTIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTdjOGE0OTAwM2FkYjIyYTQ2ZmJhMDhhNmI3ZDA1YTkzNThhYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS9ow3Psy7Ecu4ekv2TQaAOSkNFa
KK2K2S0qUzKPkNWSFH23E40K+3IG5hAZP/TVQ/W5KairoE5egzLFdQbHN5qdHCrR
orJ9ZBIufQKUD0sglVeD1NA4POOvtSa26tDIGWYpLRSG0sQVISF3M0r5CSbNMrqH
5qkFXduh3zDVdt2Lf6FaeEYLIdJQCFt5R/hctEczk9TyLt8a3CjK8xGujcznfubc
fY5M8aiocMN0L4tl3jSHw6CQ7n5fw0kJ5g1v+9qkkVLZQ0p1uupS+YRU6mD1unJm
R87gs9try753/+wnfBqqo480gxyqga5B1niE13F+GA8ej9sLNSNSnceDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF8ikkAOtsipG+6CKa30FqTWKuZMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvWVh5S1NRQTYyeUtrYjdvSXByZlFXcE5ZcTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYJMA0G
CSqGSIb3DQEBCwUAA4IBAQB2MV6KL1dir6R+wOEl59jQ6dcgj84Jns0vW6th6ZPT
9eu/Oy2cQssCsH3jrUtpmrgZn00ZoyffXNZG11hMyqdN27WqCRPH3zcOIirUqYGl
aHTGJFR1add5irGAwrq7PLSkiLAuPRVsiuBM+t+B92Amv6QynnRRo2phtrrQ3zPf
8m9A0hPvINy2oCnWXSk8yZmyImhXeg9DifJtmwmyN0oW6dI4QDcTgB3wfUY1FK6D
VdTOYCXJG2jNYLfjD3NjRxB9fRHoGufWnXAPBVtJacEWC4CTLdwHWYUz8/MzhPAt
yYI/4160lZCHmJu4QRZG6Rg/HFm2xSRb59OGHUwXQn6u
-----END CERTIFICATE-----