This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/jYlsueQe6bTuxJo3Pao6U7_lbjM.roa
File:                     jYlsueQe6bTuxJo3Pao6U7_lbjM.roa (raw, json)
Hash identifier:          xljjWi7Hj8DkN9QHcryj+ylFV/KQmtfdUgA8aZcK8mQ=
Subject key identifier:   8D:89:6C:B9:E4:1E:E9:B4:EE:C4:9A:37:3D:AA:3A:53:BF:E5:6E:33
Certificate issuer:       /CN=1d0aceea17f53de708f9a73abc0c87164d207d08
Certificate serial:       019B7A5B0401EF64C82BBE689CEE870C8225
Authority key identifier: 1D:0A:CE:EA:17:F5:3D:E7:08:F9:A7:3A:BC:0C:87:16:4D:20:7D:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/jYlsueQe6bTuxJo3Pao6U7_lbjM.roa
Signing time:             Thu 01 Jan 2026 16:19:03 +0000
ROA not before:           Thu 01 Jan 2026 16:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201150
IP address blocks:        45.132.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:04:01:ef:64:c8:2b:be:68:9c:ee:87:0c:82:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0aceea17f53de708f9a73abc0c87164d207d08
        Validity
            Not Before: Jan  1 16:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d896cb9e41ee9b4eec49a373daa3a53bfe56e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9e:a2:60:ea:8c:ed:10:03:82:a3:1f:1e:e3:
                    f8:19:57:0c:85:d2:ef:b9:ec:40:bd:cf:95:de:47:
                    ec:2b:ee:59:7a:cd:2a:e6:a1:d3:a3:f6:7c:65:ed:
                    15:2e:e8:8e:f2:37:0a:06:65:ef:7e:70:ea:ff:7e:
                    fe:dd:59:e4:95:29:ca:54:1f:71:70:06:10:e4:59:
                    df:af:95:65:8e:74:d1:ec:29:25:3d:37:3b:df:9e:
                    08:64:9c:3e:25:3f:b3:54:ed:d4:9b:3e:6f:0a:cb:
                    88:9a:ea:4f:fd:79:9c:2b:d2:0e:08:92:e9:60:b8:
                    a7:6e:d1:93:e8:31:42:f4:2b:25:0e:33:f4:32:04:
                    d9:6a:9d:9e:5c:20:38:54:3b:1e:25:37:c1:e4:f2:
                    2e:09:96:d1:94:c4:52:86:0c:32:0d:b5:b4:55:50:
                    44:b9:4b:79:cc:ac:a7:df:8e:a7:c5:8c:98:d3:43:
                    bb:41:5d:fa:09:45:8a:50:d9:89:1c:d2:64:4f:a0:
                    48:df:3d:8f:3e:e9:08:c8:a2:8e:08:ac:9c:7d:eb:
                    eb:90:0c:eb:6f:2a:5f:3c:a7:c8:fd:dc:db:da:e6:
                    39:d3:96:7a:80:dc:66:5d:5e:7a:d1:77:1a:d9:46:
                    76:10:b1:91:2a:05:59:32:8f:04:29:75:75:9d:b8:
                    30:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:89:6C:B9:E4:1E:E9:B4:EE:C4:9A:37:3D:AA:3A:53:BF:E5:6E:33
            X509v3 Authority Key Identifier:
                keyid:1D:0A:CE:EA:17:F5:3D:E7:08:F9:A7:3A:BC:0C:87:16:4D:20:7D:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQrO6hf1PecI-ac6vAyHFk0gfQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/jYlsueQe6bTuxJo3Pao6U7_lbjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da56f6-1cf2-4388-96fa-c6bcca721471/1/HQrO6hf1PecI-ac6vAyHFk0gfQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:99:e9:45:cb:26:cd:3a:31:d2:23:32:db:46:cc:41:71:70:
         b5:07:c6:69:fe:f8:43:a1:92:f9:61:70:96:d9:75:46:44:71:
         01:b0:fb:c7:5e:c5:d2:ad:df:85:13:ff:7d:58:7b:aa:bb:bf:
         3e:c1:35:a1:d8:df:24:a1:7f:4c:c3:aa:29:de:5f:ba:ba:42:
         b7:13:1f:45:b8:e9:af:5b:f1:75:ad:c9:c2:c9:7e:5d:2f:37:
         e2:e8:de:4e:f0:ce:b4:2b:78:1c:81:6c:b6:78:1e:d4:81:59:
         87:f8:86:de:a2:d5:c9:7f:19:a9:df:41:c9:5c:33:06:64:80:
         3f:76:cd:f1:79:fc:2c:11:db:75:dd:9b:c3:21:0c:fb:fc:36:
         b6:8d:a6:4d:60:54:0f:00:5e:73:d0:ee:31:29:1e:9c:ee:ad:
         ea:0d:66:4a:3e:04:b8:da:9b:81:d5:8a:bb:7c:b2:bf:6d:09:
         64:2b:3a:e7:04:f2:aa:37:cf:02:b9:1a:4d:67:1f:38:2f:33:
         e8:6a:6d:19:ff:ae:ee:9f:f2:89:1e:9b:29:14:30:d5:47:32:
         7a:70:95:20:f7:4f:db:f1:db:c7:7b:62:2d:44:9a:42:d7:af:
         2b:b0:4b:ea:94:5a:08:ab:2b:f9:78:48:be:1d:57:7b:46:f3:
         2f:28:37:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwQB72TIK75onO6HDIIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGFjZWVhMTdmNTNkZTcwOGY5YTczYWJjMGM4NzE2NGQy
MDdkMDgwHhcNMjYwMTAxMTYxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg5NmNiOWU0MWVlOWI0ZWVjNDlhMzczZGFhM2E1M2JmZTU2ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56iYOqM7RADgqMfHuP4GVcMhdLv
uexAvc+V3kfsK+5Zes0q5qHTo/Z8Ze0VLuiO8jcKBmXvfnDq/37+3VnklSnKVB9x
cAYQ5Fnfr5VljnTR7CklPTc7354IZJw+JT+zVO3Umz5vCsuImupP/XmcK9IOCJLp
YLinbtGT6DFC9CslDjP0MgTZap2eXCA4VDseJTfB5PIuCZbRlMRShgwyDbW0VVBE
uUt5zKyn346nxYyY00O7QV36CUWKUNmJHNJkT6BI3z2PPukIyKKOCKycfevrkAzr
bypfPKfI/dzb2uY505Z6gNxmXV560Xca2UZ2ELGRKgVZMo8EKXV1nbgwbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2JbLnkHum07sSaNz2qOlO/5W4zMB8GA1UdIwQY
MBaAFB0KzuoX9T3nCPmnOrwMhxZNIH0IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFyTzZoZjFQZWNJLWFjNnZBeUhGazBnZlFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTU2ZjYtMWNmMi00Mzg4LTk2ZmEt
YzZiY2NhNzIxNDcxLzEvallsc3VlUWU2YlR1eEpvM1BhbzZVN19sYmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTU2ZjYtMWNmMi00Mzg4LTk2ZmEtYzZiY2NhNzIxNDcx
LzEvSFFyTzZoZjFQZWNJLWFjNnZBeUhGazBnZlFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQgMA0G
CSqGSIb3DQEBCwUAA4IBAQB5melFyybNOjHSIzLbRsxBcXC1B8Zp/vhDoZL5YXCW
2XVGRHEBsPvHXsXSrd+FE/99WHuqu78+wTWh2N8koX9Mw6op3l+6ukK3Ex9FuOmv
W/F1rcnCyX5dLzfi6N5O8M60K3gcgWy2eB7UgVmH+IbeotXJfxmp30HJXDMGZIA/
ds3xefwsEdt13ZvDIQz7/Da2jaZNYFQPAF5z0O4xKR6c7q3qDWZKPgS42puB1Yq7
fLK/bQlkKzrnBPKqN88CuRpNZx84LzPoam0Z/67un/KJHpspFDDVRzJ6cJUg90/b
8dvHe2ItRJpC168rsEvqlFoIqyv5eEi+HVd7RvMvKDdO
-----END CERTIFICATE-----