This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/yIWy_rvvNZnwLxKMF7Qd8tp5mIU.roa
File:                     yIWy_rvvNZnwLxKMF7Qd8tp5mIU.roa (raw, json)
Hash identifier:          yZlGIfyc2ty242yY4bQaWq7Zh/xS5/o+bqbYH7SHCr0=
Subject key identifier:   C8:85:B2:FE:BB:EF:35:99:F0:2F:12:8C:17:B4:1D:F2:DA:79:98:85
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       019B7F154FCB3D90ECC1DCF7A50E7AE61BD1
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/yIWy_rvvNZnwLxKMF7Qd8tp5mIU.roa
Signing time:             Fri 02 Jan 2026 14:21:01 +0000
ROA not before:           Fri 02 Jan 2026 14:21:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2.255.190.0/24 maxlen: 24
                          2.255.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 Jan 2026 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4f:cb:3d:90:ec:c1:dc:f7:a5:0e:7a:e6:1b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  2 14:21:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c885b2febbef3599f02f128c17b41df2da799885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c5:e3:02:c6:63:f6:19:1f:52:f7:64:b8:70:
                    88:73:d3:b9:7a:70:17:4e:df:f2:16:02:31:1b:da:
                    e0:ef:0d:12:c2:53:a3:6c:21:0b:5d:7d:4a:f5:06:
                    48:16:55:8f:05:7f:c4:ec:05:d0:fa:3a:67:04:1f:
                    ac:92:a1:9d:2d:7a:e1:81:04:3f:d0:40:93:dd:c7:
                    71:8c:2e:24:6e:11:43:5a:88:71:dc:bd:2f:21:48:
                    bb:38:16:e6:e4:24:62:09:74:40:d7:3e:7f:57:d1:
                    15:cd:b7:57:08:3c:91:7c:6f:52:aa:47:52:d9:ff:
                    54:d7:48:21:86:f9:23:04:45:77:ec:bf:b8:55:1f:
                    af:b8:ba:c0:41:0d:d7:51:5a:72:dd:ff:e5:a2:60:
                    d5:a6:65:46:fd:98:49:d9:e0:8e:0e:a8:7b:cb:99:
                    92:5b:cd:90:1b:fb:ec:65:9a:c1:43:4e:c8:e4:73:
                    cd:e8:60:3d:08:28:37:a0:25:66:93:0a:31:85:fc:
                    fc:15:1a:b6:35:6b:c3:31:80:b6:0b:8a:23:f4:a1:
                    85:5b:3c:7a:68:df:05:6f:66:da:27:68:6b:f3:52:
                    48:5c:d8:16:1c:3a:da:60:ac:c4:d4:09:d9:11:ea:
                    61:3c:08:76:8f:76:ea:57:f5:7f:58:44:35:63:08:
                    fb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:85:B2:FE:BB:EF:35:99:F0:2F:12:8C:17:B4:1D:F2:DA:79:98:85
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/yIWy_rvvNZnwLxKMF7Qd8tp5mIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.255.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:b1:da:35:34:72:00:87:4f:71:34:6c:7c:51:45:29:ec:4f:
         80:d5:3e:e9:8e:ff:b7:f0:5f:2b:73:f4:b9:ce:1c:d9:43:86:
         ac:2c:d7:ff:27:cc:5b:9b:6c:6f:33:75:09:cc:27:2f:3a:2e:
         14:ef:ed:eb:a6:56:c3:d8:05:a8:f2:f1:ac:06:3a:f8:7c:fe:
         eb:21:c0:d8:9f:e8:46:61:89:74:e6:d9:96:71:24:71:73:80:
         65:d6:bb:42:24:92:bf:8b:52:e9:ea:c9:0b:59:a5:d7:da:d7:
         11:8a:2e:6f:88:d2:a9:b0:ef:f2:d4:9b:2f:3c:22:4c:0d:bb:
         9c:92:08:d1:f6:d8:36:29:5c:d8:37:ce:42:b5:08:14:a5:41:
         71:10:7d:fb:92:10:54:1f:26:67:5c:23:d2:d5:69:a4:4d:4d:
         db:ab:78:dc:15:3f:9c:ae:93:b9:db:79:a8:2a:a2:f8:09:f1:
         d4:45:9a:4e:8f:05:64:a7:d2:3d:09:5d:29:ae:9d:2a:9b:30:
         91:5e:f3:b3:19:c2:23:06:cd:21:6f:e0:7f:12:0a:d8:9c:39:
         25:ad:34:7d:8a:e2:fd:30:a5:02:f2:30:55:6c:ab:0d:33:77:
         74:d0:45:fe:1d:9c:42:6a:19:d2:29:43:d0:f9:08:63:7c:fe:
         46:bd:d7:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU/LPZDswdz3pQ565hvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwMTAyMTQyMTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODg1YjJmZWJiZWYzNTk5ZjAyZjEyOGMxN2I0MWRmMmRhNzk5ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8XjAsZj9hkfUvdkuHCIc9O5enAX
Tt/yFgIxG9rg7w0SwlOjbCELXX1K9QZIFlWPBX/E7AXQ+jpnBB+skqGdLXrhgQQ/
0ECT3cdxjC4kbhFDWohx3L0vIUi7OBbm5CRiCXRA1z5/V9EVzbdXCDyRfG9SqkdS
2f9U10ghhvkjBEV37L+4VR+vuLrAQQ3XUVpy3f/lomDVpmVG/ZhJ2eCODqh7y5mS
W82QG/vsZZrBQ07I5HPN6GA9CCg3oCVmkwoxhfz8FRq2NWvDMYC2C4oj9KGFWzx6
aN8Fb2baJ2hr81JIXNgWHDraYKzE1AnZEephPAh2j3bqV/V/WEQ1Ywj7MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiFsv677zWZ8C8SjBe0HfLaeZiFMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEveUlXeV9ydnZOWm53THhLTUY3UWQ4dHA1bUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAv++MA0G
CSqGSIb3DQEBCwUAA4IBAQBOsdo1NHIAh09xNGx8UUUp7E+A1T7pjv+38F8rc/S5
zhzZQ4asLNf/J8xbm2xvM3UJzCcvOi4U7+3rplbD2AWo8vGsBjr4fP7rIcDYn+hG
YYl05tmWcSRxc4Bl1rtCJJK/i1Lp6skLWaXX2tcRii5viNKpsO/y1JsvPCJMDbuc
kgjR9tg2KVzYN85CtQgUpUFxEH37khBUHyZnXCPS1WmkTU3bq3jcFT+crpO523mo
KqL4CfHURZpOjwVkp9I9CV0prp0qmzCRXvOzGcIjBs0hb+B/EgrYnDklrTR9iuL9
MKUC8jBVbKsNM3d00EX+HZxCahnSKUPQ+QhjfP5Gvdcr
-----END CERTIFICATE-----