This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YKfWsQ9n2idHPkkK4yTGAC8EHCE.roa
File:                     YKfWsQ9n2idHPkkK4yTGAC8EHCE.roa (raw, json)
Hash identifier:          emc29fx1IMJQ61l9OMx/kWezmWK1lkiAqzPuJ7LV9AQ=
Subject key identifier:   60:A7:D6:B1:0F:67:DA:27:47:3E:49:0A:E3:24:C6:00:2F:04:1C:21
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EACEF744045B33047D441E242AB202
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YKfWsQ9n2idHPkkK4yTGAC8EHCE.roa
Signing time:             Thu 01 Jan 2026 00:17:38 +0000
ROA not before:           Thu 01 Jan 2026 00:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205840
IP address blocks:        45.9.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ce:f7:44:04:5b:33:04:7d:44:1e:24:2a:b2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60a7d6b10f67da27473e490ae324c6002f041c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ba:02:88:1d:35:be:20:f2:c3:42:60:ff:ae:
                    9b:ba:ee:8f:fd:13:47:d0:fd:3a:1b:76:b6:57:79:
                    50:00:c3:e4:52:cd:1b:4f:bd:27:3f:b0:65:e0:d2:
                    f9:74:6e:aa:45:90:10:e8:d7:4d:eb:45:36:79:c1:
                    67:72:b4:8d:81:96:db:2a:7d:fd:1f:bd:d5:8c:44:
                    c1:1b:f0:5f:f4:7a:fa:9a:d7:7f:c5:eb:95:05:5f:
                    fb:04:89:e4:3b:60:65:cf:d2:b7:f3:d2:84:9b:08:
                    20:db:39:29:76:39:a3:e3:60:fe:ba:c3:8f:67:6c:
                    b4:f0:37:2b:db:6e:c8:4b:a5:8b:91:a2:85:bc:5d:
                    86:a3:ca:6c:e6:f4:6f:69:f2:03:cc:ea:70:00:c7:
                    5b:e1:db:5d:73:84:4b:17:65:4b:bc:5a:d9:63:e4:
                    8f:fe:34:2e:7c:63:33:25:77:f9:86:b9:b9:ed:cb:
                    23:bf:5f:ad:dc:ab:74:4d:d5:58:e4:ee:56:8e:cc:
                    a8:90:94:a9:53:77:09:d5:13:c6:5f:58:53:28:55:
                    70:0f:7e:13:94:31:7a:98:7e:d8:28:55:a5:13:d4:
                    46:19:74:68:7e:00:b9:e1:33:77:5c:c6:e2:80:00:
                    0d:32:ba:37:11:57:68:76:bf:29:81:59:65:68:b7:
                    db:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A7:D6:B1:0F:67:DA:27:47:3E:49:0A:E3:24:C6:00:2F:04:1C:21
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/YKfWsQ9n2idHPkkK4yTGAC8EHCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:5e:11:7d:93:7c:f6:e2:84:0f:61:e2:74:d5:e8:5c:46:9d:
         14:c0:b6:1c:9e:9c:a2:46:45:1c:a5:81:af:1c:b2:cf:da:e9:
         61:6c:22:81:13:b0:7d:ff:97:c5:73:dd:3c:fa:a6:7b:f5:76:
         20:a5:f0:5a:11:a5:7e:1c:8d:25:fe:90:4f:7c:9f:19:27:79:
         ea:fd:69:8f:61:c8:2d:ce:72:96:45:54:3d:e1:f7:da:44:f6:
         01:67:ff:04:77:c2:bf:10:86:5a:85:33:e7:98:62:dd:6c:34:
         94:f9:c4:f0:69:23:48:f7:29:ad:c0:b7:57:c5:bd:84:a5:1d:
         81:47:5e:e4:45:71:f7:45:1d:16:af:89:3a:f6:95:7b:3a:65:
         22:3c:54:ab:94:e1:3d:b9:2b:fe:58:61:65:22:93:e4:57:81:
         ad:78:1a:a7:7b:6a:23:46:93:af:9e:55:19:78:05:8b:14:5c:
         52:28:b7:80:30:f3:32:d5:b2:af:fd:9c:f6:7a:b2:f0:8d:8c:
         82:5f:5b:8a:e5:76:d7:0c:a4:64:ed:7b:d6:81:19:73:35:7b:
         65:20:e5:33:0d:cc:4a:19:d5:fa:41:9a:19:d3:8d:4c:50:5d:
         a2:a7:df:30:33:00:95:91:5e:e7:04:51:65:83:ee:4d:2b:da:
         ab:88:86:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26s73RARbMwR9RB4kKrICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE3ZDZiMTBmNjdkYTI3NDczZTQ5MGFlMzI0YzYwMDJmMDQxYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7oCiB01viDyw0Jg/66buu6P/RNH
0P06G3a2V3lQAMPkUs0bT70nP7Bl4NL5dG6qRZAQ6NdN60U2ecFncrSNgZbbKn39
H73VjETBG/Bf9Hr6mtd/xeuVBV/7BInkO2Blz9K389KEmwgg2zkpdjmj42D+usOP
Z2y08Dcr227IS6WLkaKFvF2Go8ps5vRvafIDzOpwAMdb4dtdc4RLF2VLvFrZY+SP
/jQufGMzJXf5hrm57csjv1+t3Kt0TdVY5O5WjsyokJSpU3cJ1RPGX1hTKFVwD34T
lDF6mH7YKFWlE9RGGXRofgC54TN3XMbigAANMro3EVdodr8pgVllaLfbYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCn1rEPZ9onRz5JCuMkxgAvBBwhMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWUtmV3NROW4yaWRIUGtrSzR5VEdBQzhFSENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkFMA0G
CSqGSIb3DQEBCwUAA4IBAQCqXhF9k3z24oQPYeJ01ehcRp0UwLYcnpyiRkUcpYGv
HLLP2ulhbCKBE7B9/5fFc908+qZ79XYgpfBaEaV+HI0l/pBPfJ8ZJ3nq/WmPYcgt
znKWRVQ94ffaRPYBZ/8Ed8K/EIZahTPnmGLdbDSU+cTwaSNI9ymtwLdXxb2EpR2B
R17kRXH3RR0Wr4k69pV7OmUiPFSrlOE9uSv+WGFlIpPkV4GteBqne2ojRpOvnlUZ
eAWLFFxSKLeAMPMy1bKv/Zz2erLwjYyCX1uK5XbXDKRk7XvWgRlzNXtlIOUzDcxK
GdX6QZoZ041MUF2ip98wMwCVkV7nBFFlg+5NK9qriIaR
-----END CERTIFICATE-----