This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ygZyjuYzflVbHgfVvcHOxvuu0E4.roa
File:                     ygZyjuYzflVbHgfVvcHOxvuu0E4.roa (raw, json)
Hash identifier:          IH0YWQaBGEjd+Nsl8K72F6uJWsgW3OOY75p4PPRBdZg=
Subject key identifier:   CA:06:72:8E:E6:33:7E:55:5B:1E:07:D5:BD:C1:CE:C6:FB:AE:D0:4E
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       019B77C6D573F11BEFC8847C603FD4C8C457
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ygZyjuYzflVbHgfVvcHOxvuu0E4.roa
Signing time:             Thu 01 Jan 2026 04:17:57 +0000
ROA not before:           Thu 01 Jan 2026 04:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        85.28.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d5:73:f1:1b:ef:c8:84:7c:60:3f:d4:c8:c4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  1 04:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca06728ee6337e555b1e07d5bdc1cec6fbaed04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fe:29:f1:e0:24:60:f5:71:44:fb:0c:ca:1e:
                    a1:21:32:05:56:84:90:39:a4:08:78:13:fa:ac:71:
                    a3:52:9a:7f:d4:c2:c7:d3:03:f4:f7:fd:ac:e6:c6:
                    a3:b2:3d:f6:65:e3:34:8e:39:53:48:5f:c8:99:d7:
                    fb:67:5e:6e:b6:e9:81:a4:ee:ba:f6:75:f6:d9:54:
                    1b:4c:81:b9:8d:d2:1b:3c:2a:73:0a:5d:e9:ba:66:
                    44:f3:a7:d2:e9:0f:d0:8b:a3:fa:b8:3c:b7:85:55:
                    37:19:6b:d8:d5:27:9a:83:73:09:4b:73:cb:fd:6d:
                    8e:74:ac:bb:e1:65:c9:48:55:ba:10:95:7b:43:15:
                    fa:2a:80:af:00:2a:7e:01:d6:71:cf:fb:41:44:7e:
                    cc:9f:37:fb:c0:2e:55:41:87:7f:f1:08:e4:a7:c7:
                    89:59:ee:00:5b:ca:65:29:b9:ed:27:e0:f3:a4:16:
                    4d:93:45:36:8c:ce:9b:d6:83:0a:c3:23:72:dc:a6:
                    81:57:57:9e:89:59:7b:27:10:ac:1a:f1:e5:2a:04:
                    3c:14:34:39:fe:e6:99:b9:f7:1e:fd:fe:df:81:e1:
                    4a:1c:fd:62:9e:9f:4b:72:15:77:a4:97:e0:cd:cd:
                    92:f1:0a:80:97:f1:5b:b6:99:27:31:a8:2d:9d:8f:
                    52:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:72:8E:E6:33:7E:55:5B:1E:07:D5:BD:C1:CE:C6:FB:AE:D0:4E
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ygZyjuYzflVbHgfVvcHOxvuu0E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:a7:7b:f7:3b:87:84:e9:cc:ea:77:2c:b8:df:28:73:75:ce:
         e0:ef:71:23:fc:71:cd:1d:ff:ae:5f:0c:ba:57:24:c4:b6:d1:
         22:df:77:ef:5d:2e:bc:d0:13:29:ce:1a:2c:1a:a2:92:6c:f7:
         be:61:c1:0d:05:a7:ac:9a:a0:91:f0:b8:d6:6a:82:b7:09:07:
         a2:cf:b5:96:92:e0:67:6d:e5:c4:c1:dc:7f:0e:da:6c:ba:ee:
         d1:fe:00:37:ae:46:a5:7c:c5:33:e0:0b:09:38:a3:00:75:1d:
         71:7d:8e:42:a9:b5:98:6e:fc:1e:57:a6:4a:08:bb:f9:c0:94:
         5b:04:a1:56:ce:91:06:56:93:c0:e4:08:42:d8:ec:45:04:0d:
         67:6d:3e:49:93:72:1a:9b:9e:2e:b5:fe:4a:60:df:20:0e:1d:
         4f:b4:d4:48:a5:6d:fa:b7:56:99:db:cd:d4:b0:9e:75:c3:6c:
         b5:90:23:4f:02:1f:23:d4:60:ab:4e:06:0c:a3:8c:3a:c0:a6:
         5c:c5:e5:34:d7:93:76:89:72:14:ee:68:b2:e1:0f:df:d5:54:
         2c:6e:58:28:9f:50:7f:09:34:53:f7:6c:ff:ac:e7:cc:b5:0a:
         20:c0:81:68:70:91:6a:55:0b:8b:d5:39:10:14:fc:d3:27:a1:
         71:d8:0d:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xtVz8RvvyIR8YD/UyMRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjYwMTAxMDQxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA2NzI4ZWU2MzM3ZTU1NWIxZTA3ZDViZGMxY2VjNmZiYWVkMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif4p8eAkYPVxRPsMyh6hITIFVoSQ
OaQIeBP6rHGjUpp/1MLH0wP09/2s5sajsj32ZeM0jjlTSF/Imdf7Z15utumBpO66
9nX22VQbTIG5jdIbPCpzCl3pumZE86fS6Q/Qi6P6uDy3hVU3GWvY1Seag3MJS3PL
/W2OdKy74WXJSFW6EJV7QxX6KoCvACp+AdZxz/tBRH7Mnzf7wC5VQYd/8Qjkp8eJ
We4AW8plKbntJ+DzpBZNk0U2jM6b1oMKwyNy3KaBV1eeiVl7JxCsGvHlKgQ8FDQ5
/uaZufce/f7fgeFKHP1inp9LchV3pJfgzc2S8QqAl/FbtpknMagtnY9SZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoGco7mM35VWx4H1b3Bzsb7rtBOMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEveWdaeWp1WXpmbFZiSGdmVnZjSE94dnV1MEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVRw0MA0G
CSqGSIb3DQEBCwUAA4IBAQCFp3v3O4eE6czqdyy43yhzdc7g73Ej/HHNHf+uXwy6
VyTEttEi33fvXS680BMpzhosGqKSbPe+YcENBaesmqCR8LjWaoK3CQeiz7WWkuBn
beXEwdx/Dtpsuu7R/gA3rkalfMUz4AsJOKMAdR1xfY5CqbWYbvweV6ZKCLv5wJRb
BKFWzpEGVpPA5AhC2OxFBA1nbT5Jk3Iam54utf5KYN8gDh1PtNRIpW36t1aZ283U
sJ51w2y1kCNPAh8j1GCrTgYMo4w6wKZcxeU015N2iXIU7miy4Q/f1VQsblgon1B/
CTRT92z/rOfMtQogwIFocJFqVQuL1TkQFPzTJ6Fx2A06
-----END CERTIFICATE-----