This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/NbUyaKZBv1RnKePQIxmyxsT9zGw.roa
File:                     NbUyaKZBv1RnKePQIxmyxsT9zGw.roa (raw, json)
Hash identifier:          YfuIIb8IL5a5Ql6qciTZgKEuG43i9WjmWByHoP25V3M=
Subject key identifier:   35:B5:32:68:A6:41:BF:54:67:29:E3:D0:23:19:B2:C6:C4:FD:CC:6C
Certificate issuer:       /CN=61877f4ce0d361617724d4b289a8918c5c6d722d
Certificate serial:       019B7DCA05C866EE663AC6B640C6BA3C7D2F
Authority key identifier: 61:87:7F:4C:E0:D3:61:61:77:24:D4:B2:89:A8:91:8C:5C:6D:72:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/NbUyaKZBv1RnKePQIxmyxsT9zGw.roa
Signing time:             Fri 02 Jan 2026 08:19:10 +0000
ROA not before:           Fri 02 Jan 2026 08:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25540
IP address blocks:        45.86.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:05:c8:66:ee:66:3a:c6:b6:40:c6:ba:3c:7d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61877f4ce0d361617724d4b289a8918c5c6d722d
        Validity
            Not Before: Jan  2 08:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35b53268a641bf546729e3d02319b2c6c4fdcc6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ca:4b:c9:26:37:49:1e:6a:c8:18:25:05:81:
                    cb:fb:e4:55:4f:5a:e3:9f:7f:9f:a1:93:46:96:56:
                    cb:9c:16:2c:41:a9:38:43:7d:d2:26:4e:d3:a7:4b:
                    12:29:28:a5:12:5d:95:de:16:e0:82:1f:2a:65:ad:
                    78:ab:e6:c2:1a:ec:a3:f2:7b:9c:5b:a5:90:86:0b:
                    25:63:52:5b:c3:35:fc:52:ba:19:bc:04:d2:bc:b0:
                    02:fd:ff:cb:d2:62:8a:d3:19:af:af:8a:c3:74:8d:
                    29:f1:92:ce:92:fa:48:58:20:81:6a:01:7b:78:58:
                    8c:da:d7:0d:52:d0:6e:94:16:4e:7e:12:a1:52:8a:
                    ee:1d:de:6e:db:f8:b6:40:ea:0e:b3:69:98:88:72:
                    95:29:f3:20:d0:81:d2:a1:68:b1:57:6d:87:08:1b:
                    3c:ea:d6:fe:91:63:90:97:b0:b8:bd:7a:52:f3:d8:
                    ee:28:9b:0a:1a:6a:b8:8e:10:07:f0:88:6e:82:ee:
                    80:ca:d0:34:b6:69:34:d8:36:c4:80:8d:db:8e:8e:
                    33:81:f6:3b:fc:dc:f8:64:10:0b:8c:1c:66:70:08:
                    0f:9e:b8:ff:f5:b5:d5:3b:56:ac:39:ff:85:1a:6c:
                    77:cf:01:e2:9c:09:f8:f0:77:59:42:2a:1f:05:a7:
                    e9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B5:32:68:A6:41:BF:54:67:29:E3:D0:23:19:B2:C6:C4:FD:CC:6C
            X509v3 Authority Key Identifier:
                keyid:61:87:7F:4C:E0:D3:61:61:77:24:D4:B2:89:A8:91:8C:5C:6D:72:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYd_TODTYWF3JNSyiaiRjFxtci0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/NbUyaKZBv1RnKePQIxmyxsT9zGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c43b2f-10ba-4170-b521-c722217e53b6/1/YYd_TODTYWF3JNSyiaiRjFxtci0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:5a:1f:c8:f6:94:af:7b:23:e1:45:a4:8f:4d:48:94:29:cb:
         53:8f:6c:ba:4d:ec:a3:7e:dc:4d:d2:5c:68:1a:9f:72:a7:5e:
         30:41:87:01:58:ef:b7:46:b7:cd:c7:43:97:61:e4:90:83:b7:
         89:63:99:b0:4e:c9:41:7e:cc:03:f2:30:02:db:b2:9c:11:2f:
         7c:01:8d:9b:34:66:50:6d:64:54:c4:be:25:92:26:9a:dc:2e:
         fc:2d:c5:35:ee:21:43:e1:2f:48:31:57:83:9f:d3:78:90:7c:
         62:af:61:6d:bb:e1:08:60:a6:7a:fa:10:6e:6b:b3:7b:53:a6:
         28:ff:84:5e:b7:e9:0e:e4:8f:d8:80:f3:95:5b:8a:9c:5e:9a:
         86:77:ce:b1:db:dd:33:f1:0f:f5:2d:e3:d6:c8:9b:93:19:97:
         b7:ff:10:41:59:33:9f:27:fd:63:25:ba:72:f1:a8:41:3d:72:
         2f:57:ad:1c:15:08:b7:97:94:c5:54:72:49:a1:2a:e8:ec:45:
         23:37:f7:5f:fd:c7:57:aa:bc:ec:4f:11:df:90:a1:ce:75:bb:
         83:c6:63:d2:56:24:9c:9b:c3:d2:c0:fc:90:87:3b:50:cb:01:
         d7:f3:b6:cc:fb:55:ca:25:f6:29:91:cc:ee:55:c7:ce:ec:e0:
         7f:cc:36:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ygXIZu5mOsa2QMa6PH0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODc3ZjRjZTBkMzYxNjE3NzI0ZDRiMjg5YTg5MThjNWM2
ZDcyMmQwHhcNMjYwMTAyMDgxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI1MzI2OGE2NDFiZjU0NjcyOWUzZDAyMzE5YjJjNmM0ZmRjYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8pLySY3SR5qyBglBYHL++RVT1rj
n3+foZNGllbLnBYsQak4Q33SJk7Tp0sSKSilEl2V3hbggh8qZa14q+bCGuyj8nuc
W6WQhgslY1JbwzX8UroZvATSvLAC/f/L0mKK0xmvr4rDdI0p8ZLOkvpIWCCBagF7
eFiM2tcNUtBulBZOfhKhUoruHd5u2/i2QOoOs2mYiHKVKfMg0IHSoWixV22HCBs8
6tb+kWOQl7C4vXpS89juKJsKGmq4jhAH8Ihugu6AytA0tmk02DbEgI3bjo4zgfY7
/Nz4ZBALjBxmcAgPnrj/9bXVO1asOf+FGmx3zwHinAn48HdZQiofBafpjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW1MmimQb9UZynj0CMZssbE/cxsMB8GA1UdIwQY
MBaAFGGHf0zg02FhdyTUsomokYxcbXItMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlkX1RPRFRZV0YzSk5TeWlhaVJqRnh0Y2kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jNDNiMmYtMTBiYS00MTcwLWI1MjEt
YzcyMjIxN2U1M2I2LzEvTmJVeWFLWkJ2MVJuS2VQUUl4bXl4c1Q5ekd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jNDNiMmYtMTBiYS00MTcwLWI1MjEtYzcyMjIxN2U1M2I2
LzEvWVlkX1RPRFRZV0YzSk5TeWlhaVJqRnh0Y2kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVbMMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Wh/I9pSveyPhRaSPTUiUKctTj2y6TeyjftxN0lxo
Gp9yp14wQYcBWO+3RrfNx0OXYeSQg7eJY5mwTslBfswD8jAC27KcES98AY2bNGZQ
bWRUxL4lkiaa3C78LcU17iFD4S9IMVeDn9N4kHxir2Ftu+EIYKZ6+hBua7N7U6Yo
/4Ret+kO5I/YgPOVW4qcXpqGd86x290z8Q/1LePWyJuTGZe3/xBBWTOfJ/1jJbpy
8ahBPXIvV60cFQi3l5TFVHJJoSro7EUjN/df/cdXqrzsTxHfkKHOdbuDxmPSViSc
m8PSwPyQhztQywHX87bM+1XKJfYpkczuVcfO7OB/zDbC
-----END CERTIFICATE-----