This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/iy1Tvz9vWB_OyKw6kX0SPKuwaMg.roa
File:                     iy1Tvz9vWB_OyKw6kX0SPKuwaMg.roa (raw, json)
Hash identifier:          f91SOkfNEhx8xn/tAVUdyzoJrhGRQTUbnnTsdxKuQ64=
Subject key identifier:   8B:2D:53:BF:3F:6F:58:1F:CE:C8:AC:3A:91:7D:12:3C:AB:B0:68:C8
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019B7F841702C6E4880876B98B7CDEC7683C
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/iy1Tvz9vWB_OyKw6kX0SPKuwaMg.roa
Signing time:             Fri 02 Jan 2026 16:22:01 +0000
ROA not before:           Fri 02 Jan 2026 16:22:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203622
IP address blocks:        37.32.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:17:02:c6:e4:88:08:76:b9:8b:7c:de:c7:68:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  2 16:22:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b2d53bf3f6f581fcec8ac3a917d123cabb068c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:24:39:80:ac:d2:0f:b8:54:72:4d:50:47:77:
                    c4:a0:04:72:f0:d7:31:59:cf:0d:1b:19:7c:38:28:
                    2b:aa:3e:67:f2:b5:02:d5:fa:76:4a:70:38:30:fc:
                    ba:da:40:81:17:e3:44:c2:b7:14:b2:2c:26:6b:ef:
                    4c:6a:50:c4:54:c1:5a:94:65:4b:93:c7:0e:cc:a3:
                    b3:a1:3d:6b:54:b8:ae:09:67:ae:d8:c3:6c:08:2e:
                    65:33:60:d7:89:ae:e9:61:f8:11:c0:28:60:73:df:
                    bb:ea:a9:9c:1c:ac:d9:75:7b:64:80:34:ec:f2:f9:
                    55:2f:d9:b9:d1:84:b6:4e:81:9e:52:36:64:97:77:
                    39:fa:b0:13:0b:83:ec:a2:3c:ff:3f:93:4a:0e:de:
                    40:ea:60:80:20:5b:0c:c8:26:39:72:58:1f:26:f9:
                    2d:af:38:00:b0:6d:5a:41:60:5c:9a:a0:09:fe:8f:
                    23:ae:bb:bd:37:df:30:33:35:e1:4b:93:03:d5:58:
                    c8:3f:a6:46:31:89:c4:fb:bf:96:0d:da:74:58:b0:
                    8b:bd:b3:66:0c:4a:27:b9:6a:ef:4c:99:3f:2f:bf:
                    a6:0e:b2:8e:e3:9d:52:be:fb:b6:bb:2d:e2:15:f6:
                    53:1b:6f:ea:e0:07:9b:d0:dc:d5:de:d4:1c:db:52:
                    15:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2D:53:BF:3F:6F:58:1F:CE:C8:AC:3A:91:7D:12:3C:AB:B0:68:C8
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/iy1Tvz9vWB_OyKw6kX0SPKuwaMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:11:8f:b7:d9:d0:23:0b:12:f8:78:53:51:c9:6e:f2:5b:5c:
         c8:e6:ff:f5:88:2d:b6:5f:c8:66:db:7c:00:9a:e0:6e:7f:a1:
         91:33:ac:bc:92:aa:52:6d:fe:5f:f6:a0:d9:80:a3:c5:36:50:
         d4:71:19:b4:1b:8e:3e:d4:13:24:7e:99:47:57:16:a0:e3:87:
         d4:25:93:e5:4f:5b:45:5f:d9:df:9f:18:48:bc:8f:55:6e:e4:
         8a:75:83:1b:2d:43:d4:7f:e8:1a:9a:70:01:a7:22:c2:75:03:
         3d:ba:5e:b9:a1:4a:89:e7:38:fe:39:3f:33:cc:99:d6:a5:26:
         f3:a7:c7:a6:55:41:a5:c3:27:88:f8:12:8d:4b:18:e1:7d:87:
         ed:ef:d8:98:57:33:aa:08:53:c9:40:34:21:23:d5:b8:c4:fe:
         cc:37:61:5c:02:d4:29:c0:19:b5:c4:a2:e7:66:df:17:57:1f:
         ca:4b:75:70:5b:e7:c5:c1:23:73:0c:d0:61:d6:b0:31:d2:df:
         16:75:ca:28:7f:c4:e4:ec:36:6c:1b:e5:da:ac:a7:f0:78:1f:
         bb:03:4c:f7:bc:d8:13:82:72:4c:92:79:f6:50:d1:95:97:6d:
         c9:ff:f9:82:e2:aa:d3:1c:10:32:84:70:25:01:32:73:08:0a:
         75:c6:95:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hBcCxuSICHa5i3zex2g8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjYwMTAyMTYyMjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjJkNTNiZjNmNmY1ODFmY2VjOGFjM2E5MTdkMTIzY2FiYjA2OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iQ5gKzSD7hUck1QR3fEoARy8Ncx
Wc8NGxl8OCgrqj5n8rUC1fp2SnA4MPy62kCBF+NEwrcUsiwma+9MalDEVMFalGVL
k8cOzKOzoT1rVLiuCWeu2MNsCC5lM2DXia7pYfgRwChgc9+76qmcHKzZdXtkgDTs
8vlVL9m50YS2ToGeUjZkl3c5+rATC4Psojz/P5NKDt5A6mCAIFsMyCY5clgfJvkt
rzgAsG1aQWBcmqAJ/o8jrru9N98wMzXhS5MD1VjIP6ZGMYnE+7+WDdp0WLCLvbNm
DEonuWrvTJk/L7+mDrKO451Svvu2uy3iFfZTG2/q4Aeb0NzV3tQc21IV4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIstU78/b1gfzsisOpF9EjyrsGjIMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvaXkxVHZ6OXZXQl9PeUt3NmtYMFNQS3V3YU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBIMA0G
CSqGSIb3DQEBCwUAA4IBAQAMEY+32dAjCxL4eFNRyW7yW1zI5v/1iC22X8hm23wA
muBuf6GRM6y8kqpSbf5f9qDZgKPFNlDUcRm0G44+1BMkfplHVxag44fUJZPlT1tF
X9nfnxhIvI9VbuSKdYMbLUPUf+gamnABpyLCdQM9ul65oUqJ5zj+OT8zzJnWpSbz
p8emVUGlwyeI+BKNSxjhfYft79iYVzOqCFPJQDQhI9W4xP7MN2FcAtQpwBm1xKLn
Zt8XVx/KS3VwW+fFwSNzDNBh1rAx0t8Wdcoof8Tk7DZsG+XarKfweB+7A0z3vNgT
gnJMknn2UNGVl23J//mC4qrTHBAyhHAlATJzCAp1xpXD
-----END CERTIFICATE-----