This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/y3D_6T7LItZVGNAAIM2oiQLXK4k.roa
File:                     y3D_6T7LItZVGNAAIM2oiQLXK4k.roa (raw, json)
Hash identifier:          wbaR1iGKJRGc1NnOpfqCm7AMxI+gqPXjh0axv9TvfKE=
Subject key identifier:   CB:70:FF:E9:3E:CB:22:D6:55:18:D0:00:20:CD:A8:89:02:D7:2B:89
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       019B7EA737993664733FAF8F92E94E96485C
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/y3D_6T7LItZVGNAAIM2oiQLXK4k.roa
Signing time:             Fri 02 Jan 2026 12:20:46 +0000
ROA not before:           Fri 02 Jan 2026 12:20:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8708
IP address blocks:        194.113.80.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:37:99:36:64:73:3f:af:8f:92:e9:4e:96:48:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jan  2 12:20:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb70ffe93ecb22d65518d00020cda88902d72b89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:31:45:3e:2b:b2:57:4b:f3:ca:98:0c:5e:15:
                    44:03:e6:0a:cd:87:90:81:45:dc:e1:19:88:4c:e0:
                    c8:20:12:e8:a1:68:ab:dd:6f:ed:f4:66:b6:97:37:
                    27:60:0d:9f:0c:9c:35:d8:b1:cf:aa:e0:cd:d9:9f:
                    97:c1:e5:f5:1e:6e:98:64:30:d8:10:bd:4e:ad:f6:
                    15:e9:5c:7e:69:c5:8c:cd:ba:e0:c5:ec:58:0a:d2:
                    e9:b6:23:86:c7:41:c6:36:0c:5b:4d:ae:a5:72:47:
                    ec:8d:83:1d:35:7e:3b:16:ba:d6:8c:ed:1f:2f:a7:
                    ab:29:d4:95:e1:66:50:0e:93:82:7f:60:4a:58:22:
                    47:03:28:80:08:85:70:46:b3:10:51:19:18:7d:7f:
                    34:f1:68:df:c7:59:3e:79:3f:f5:06:2f:74:15:46:
                    ab:25:cb:61:19:8d:d7:42:eb:a9:b4:4a:bc:8b:41:
                    b6:7b:60:95:04:c0:a5:46:c8:4f:5c:ca:01:5b:50:
                    c6:cc:91:6b:ba:d0:de:a3:64:73:83:27:e2:99:79:
                    a8:14:7e:1f:b0:2a:90:80:8a:85:84:9f:e6:03:3f:
                    96:f1:d0:db:8c:8d:79:a2:16:09:1f:32:9b:00:70:
                    1d:87:00:58:ed:5a:ee:f7:fd:9c:b3:75:6f:9a:f6:
                    45:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:70:FF:E9:3E:CB:22:D6:55:18:D0:00:20:CD:A8:89:02:D7:2B:89
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/y3D_6T7LItZVGNAAIM2oiQLXK4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:8a:91:94:0a:24:cc:2e:fc:61:77:6f:b1:e6:3a:50:2a:a5:
         f2:56:e2:3e:79:ac:50:dd:e1:34:a1:1d:8d:31:97:62:3f:74:
         ac:6d:ee:b6:a4:cf:02:4b:e4:b3:b7:ca:27:17:ff:40:1f:0e:
         4c:c4:f8:88:7f:97:a0:b5:20:52:93:b1:71:fa:4f:04:5f:c4:
         0e:4f:0f:fd:de:3b:72:cb:8a:91:7c:1c:c6:9b:f6:2d:6a:cb:
         2b:0e:92:56:55:22:31:ab:af:37:0d:3c:36:b2:67:e4:e0:8d:
         f6:2f:70:5f:6b:19:ec:00:2b:fe:1f:08:1d:ca:4b:2c:9f:4a:
         7a:36:eb:fb:c2:ea:c6:6a:a6:d3:cf:37:30:55:4d:5d:55:0f:
         60:cd:e9:52:33:d4:bb:e7:32:a3:c9:2d:93:bc:d5:d4:19:78:
         72:53:fa:10:83:64:8a:07:57:93:34:90:a7:db:73:a6:a4:15:
         0e:07:4c:bf:27:de:4f:92:58:37:59:73:c6:a2:04:89:26:3e:
         74:d5:a6:1b:7b:86:f3:00:b0:68:5d:c3:43:4b:06:51:94:8c:
         c0:ed:cc:2d:9e:03:7a:8a:70:37:b4:47:e6:53:f0:29:4a:63:
         7f:ee:b0:d5:fb:f4:62:20:4c:61:d7:75:29:5b:60:ad:14:fa:
         ed:1f:a3:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pzeZNmRzP6+PkulOlkhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjYwMTAyMTIyMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjcwZmZlOTNlY2IyMmQ2NTUxOGQwMDAyMGNkYTg4OTAyZDcyYjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+jFFPiuyV0vzypgMXhVEA+YKzYeQ
gUXc4RmITODIIBLooWir3W/t9Ga2lzcnYA2fDJw12LHPquDN2Z+XweX1Hm6YZDDY
EL1OrfYV6Vx+acWMzbrgxexYCtLptiOGx0HGNgxbTa6lckfsjYMdNX47FrrWjO0f
L6erKdSV4WZQDpOCf2BKWCJHAyiACIVwRrMQURkYfX808Wjfx1k+eT/1Bi90FUar
JcthGY3XQuuptEq8i0G2e2CVBMClRshPXMoBW1DGzJFrutDeo2RzgyfimXmoFH4f
sCqQgIqFhJ/mAz+W8dDbjI15ohYJHzKbAHAdhwBY7Vru9/2cs3VvmvZFuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtw/+k+yyLWVRjQACDNqIkC1yuJMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEveTNEXzZUN0xJdFpWR05BQUlNMm9pUUxYSzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnFQMA0G
CSqGSIb3DQEBCwUAA4IBAQAiipGUCiTMLvxhd2+x5jpQKqXyVuI+eaxQ3eE0oR2N
MZdiP3Ssbe62pM8CS+Szt8onF/9AHw5MxPiIf5egtSBSk7Fx+k8EX8QOTw/93jty
y4qRfBzGm/YtassrDpJWVSIxq683DTw2smfk4I32L3BfaxnsACv+Hwgdykssn0p6
Nuv7wurGaqbTzzcwVU1dVQ9gzelSM9S75zKjyS2TvNXUGXhyU/oQg2SKB1eTNJCn
23OmpBUOB0y/J95Pklg3WXPGogSJJj501aYbe4bzALBoXcNDSwZRlIzA7cwtngN6
inA3tEfmU/ApSmN/7rDV+/RiIExh13UpW2CtFPrtH6Oz
-----END CERTIFICATE-----