This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YXJuTkaR2hNWDD-AQJZEPPH5ZUM.roa
File:                     YXJuTkaR2hNWDD-AQJZEPPH5ZUM.roa (raw, json)
Hash identifier:          0tbVorz/zIP5tFqTzCgpmpkbjskH9+GPr5OhsxgbofA=
Subject key identifier:   61:72:6E:4E:46:91:DA:13:56:0C:3F:80:40:96:44:3C:F1:F9:65:43
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019B78A3155309B5A37D8C8CEE8F8C40C764
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YXJuTkaR2hNWDD-AQJZEPPH5ZUM.roa
Signing time:             Thu 01 Jan 2026 08:18:32 +0000
ROA not before:           Thu 01 Jan 2026 08:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47531
IP address blocks:        37.202.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:15:53:09:b5:a3:7d:8c:8c:ee:8f:8c:40:c7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 08:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61726e4e4691da13560c3f804096443cf1f96543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5b:9d:ae:fe:97:a7:20:29:2e:06:56:c9:8d:
                    fc:48:36:6f:45:d1:0a:ae:0f:ca:ac:1d:b0:cd:4f:
                    3c:7d:03:cc:d4:26:46:a1:86:7b:3e:1f:af:7c:30:
                    71:57:92:c2:53:91:d2:73:ee:3e:15:d5:0a:75:93:
                    9b:2c:c0:9a:f7:8b:ec:71:f7:c6:76:a1:7c:e3:66:
                    eb:7b:c7:94:f3:a3:95:ae:ed:5f:ff:d9:11:34:da:
                    31:0e:5c:9f:6d:b6:2e:4e:85:b2:fe:08:68:eb:47:
                    91:42:1c:a2:33:44:b9:17:f9:27:e6:5c:e2:27:f7:
                    c9:47:84:82:97:a2:d9:85:b2:b5:23:df:f8:98:db:
                    e0:41:33:71:7b:87:84:dc:d5:f7:17:14:c1:2d:d8:
                    13:76:f2:8a:72:9f:58:b1:3e:b1:ed:27:0f:6d:ba:
                    a0:03:86:bb:39:82:56:1e:3e:5c:ca:dd:ce:15:ce:
                    c3:f4:48:ea:c9:87:62:b5:66:f1:02:1a:79:8b:1b:
                    1e:09:1b:e6:a7:40:ab:a3:f5:9b:e0:19:ad:88:a3:
                    ec:bd:61:0f:c8:31:56:3b:ce:5c:ab:08:28:06:3e:
                    54:44:78:58:3b:6e:6b:90:92:a3:dc:d3:64:ef:51:
                    58:2b:df:aa:ae:39:02:23:97:97:08:dd:fb:1f:a4:
                    a8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:72:6E:4E:46:91:DA:13:56:0C:3F:80:40:96:44:3C:F1:F9:65:43
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/YXJuTkaR2hNWDD-AQJZEPPH5ZUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:04:53:2d:7a:90:d6:04:85:b2:97:45:f1:b4:de:51:f5:f4:
         19:1f:8c:a4:db:e9:13:39:f3:9c:41:a0:0e:0f:9e:74:30:85:
         a7:54:49:24:36:73:7f:5e:7a:e2:c9:b6:87:d2:97:9d:e7:18:
         43:ab:c0:ea:99:f5:74:36:59:04:83:0d:46:ee:57:47:4c:c3:
         53:81:54:64:21:df:da:53:1e:4b:90:24:1f:91:80:51:38:99:
         de:cb:81:02:ad:4a:1a:14:de:f6:eb:a6:84:1d:f3:51:9f:a7:
         eb:e2:5d:81:dd:53:c4:94:6e:fc:de:e7:13:7d:8f:b0:7f:d3:
         96:da:da:32:ca:88:30:3d:25:c4:91:4a:99:c1:1e:c5:aa:f3:
         57:60:b6:31:45:e9:d8:dc:1a:66:4a:22:f7:05:3c:1f:2c:59:
         3d:d6:ef:89:90:c6:d8:16:02:f5:59:0d:d2:d7:af:b0:82:2b:
         35:44:6a:44:53:58:fa:77:b0:22:3b:a7:ad:6a:2d:a7:b2:86:
         34:49:59:05:f3:6a:4b:45:ee:07:ad:2b:62:d3:9f:e2:fe:7d:
         52:c7:ea:d6:4c:35:b5:94:7e:fe:e7:7d:3d:2c:99:c9:c0:49:
         68:8a:50:8a:01:73:86:66:7d:e5:0b:4b:5f:fb:61:9b:5d:25:
         de:0f:72:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oxVTCbWjfYyM7o+MQMdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjYwMTAxMDgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTcyNmU0ZTQ2OTFkYTEzNTYwYzNmODA0MDk2NDQzY2YxZjk2NTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ludrv6XpyApLgZWyY38SDZvRdEK
rg/KrB2wzU88fQPM1CZGoYZ7Ph+vfDBxV5LCU5HSc+4+FdUKdZObLMCa94vscffG
dqF842bre8eU86OVru1f/9kRNNoxDlyfbbYuToWy/gho60eRQhyiM0S5F/kn5lzi
J/fJR4SCl6LZhbK1I9/4mNvgQTNxe4eE3NX3FxTBLdgTdvKKcp9YsT6x7ScPbbqg
A4a7OYJWHj5cyt3OFc7D9EjqyYditWbxAhp5ixseCRvmp0Cro/Wb4BmtiKPsvWEP
yDFWO85cqwgoBj5URHhYO25rkJKj3NNk71FYK9+qrjkCI5eXCN37H6SobwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFybk5GkdoTVgw/gECWRDzx+WVDMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvWVhKdVRrYVIyaE5XREQtQVFKWkVQUEg1WlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJcoIMA0G
CSqGSIb3DQEBCwUAA4IBAQAYBFMtepDWBIWyl0XxtN5R9fQZH4yk2+kTOfOcQaAO
D550MIWnVEkkNnN/XnriybaH0ped5xhDq8DqmfV0NlkEgw1G7ldHTMNTgVRkId/a
Ux5LkCQfkYBROJney4ECrUoaFN7266aEHfNRn6fr4l2B3VPElG783ucTfY+wf9OW
2toyyogwPSXEkUqZwR7FqvNXYLYxRenY3BpmSiL3BTwfLFk91u+JkMbYFgL1WQ3S
16+wgis1RGpEU1j6d7AiO6etai2nsoY0SVkF82pLRe4HrSti05/i/n1Sx+rWTDW1
lH7+5309LJnJwEloilCKAXOGZn3lC0tf+2GbXSXeD3JJ
-----END CERTIFICATE-----