This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/YcUnHKzg_WhzSXY6pBzamQ3-NNw.roa
File:                     YcUnHKzg_WhzSXY6pBzamQ3-NNw.roa (raw, json)
Hash identifier:          eZPIUTblrkYzTypRpx4By8fNDKQ5nNgHoQSpeVO227c=
Subject key identifier:   61:C5:27:1C:AC:E0:FD:68:73:49:76:3A:A4:1C:DA:99:0D:FE:34:DC
Certificate issuer:       /CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
Certificate serial:       019B7EA69FDEFD41C6AD9765707C8A8E01FB
Authority key identifier: E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/YcUnHKzg_WhzSXY6pBzamQ3-NNw.roa
Signing time:             Fri 02 Jan 2026 12:20:07 +0000
ROA not before:           Fri 02 Jan 2026 12:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135391
IP address blocks:        185.145.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 09:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:9f:de:fd:41:c6:ad:97:65:70:7c:8a:8e:01:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
        Validity
            Not Before: Jan  2 12:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61c5271cace0fd687349763aa41cda990dfe34dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d7:a0:22:78:67:a5:8e:ca:a8:76:41:9b:2f:
                    9e:1f:46:41:10:20:b3:a7:e8:d7:da:00:8c:88:95:
                    7d:73:eb:c1:df:3a:c4:04:82:ef:ae:1f:00:78:96:
                    38:dd:15:57:22:3e:63:39:8c:3c:be:29:ea:c0:46:
                    5d:88:21:9a:f9:03:c5:86:01:01:0d:a2:db:6e:46:
                    ca:7c:b3:c7:52:45:e0:fc:82:97:2f:ac:c6:b8:72:
                    89:b2:87:7e:22:b5:32:da:4e:b5:47:49:4c:23:c3:
                    fc:ec:b1:35:69:e9:89:d8:9d:1e:2e:72:35:06:f4:
                    7b:7a:d2:04:83:72:9c:68:65:c2:76:d8:ce:89:31:
                    65:99:8e:98:97:95:75:f4:40:d4:33:e1:cf:05:1b:
                    73:4c:78:36:7d:b7:f4:d8:22:10:b3:3a:98:2b:a0:
                    e3:fc:b5:c7:dc:e4:65:66:b8:0f:64:c6:4b:bf:df:
                    70:84:83:cd:bc:67:40:18:87:be:cb:ec:2e:7a:bb:
                    1b:03:8e:33:1a:fa:9d:e7:3e:97:47:0f:a8:6e:2a:
                    c6:3d:55:42:ce:1e:c8:32:98:8d:0c:f2:cc:58:2f:
                    d2:aa:d3:fe:5e:9b:52:cc:00:21:30:d5:bc:f5:5d:
                    a8:71:55:de:81:87:dd:5e:b5:6a:0c:a9:64:54:ab:
                    c3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C5:27:1C:AC:E0:FD:68:73:49:76:3A:A4:1C:DA:99:0D:FE:34:DC
            X509v3 Authority Key Identifier:
                keyid:E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/YcUnHKzg_WhzSXY6pBzamQ3-NNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:92:ae:c6:3b:94:f0:23:34:cf:7e:9f:e0:3a:54:16:fc:33:
         5f:7e:8f:ac:70:7c:3f:f8:57:82:35:12:61:de:86:15:0e:9e:
         07:22:ec:83:08:65:98:74:de:b7:ae:a5:88:5b:96:ab:a6:f9:
         69:b7:df:d9:89:b7:bd:77:cf:2d:8b:00:ab:c2:7d:aa:c2:23:
         54:a1:23:64:86:af:ec:77:63:45:ff:81:f4:08:57:a2:87:5f:
         92:6b:a1:3e:f9:89:42:4a:33:26:fd:6d:fa:18:23:d8:86:42:
         c6:4d:46:77:cd:ae:d4:ae:26:31:24:25:c0:f7:a0:72:ac:0b:
         dd:e6:d1:9e:81:27:4e:74:40:e2:d8:18:8a:5c:10:de:7f:63:
         a5:e8:6c:2a:2c:00:36:f7:23:1e:fd:0a:af:58:8d:0d:7d:9e:
         7b:29:d1:48:3d:65:c9:3d:41:61:4a:ee:bc:48:1c:fa:c8:20:
         8c:54:1c:94:d4:90:2c:b5:e6:25:5e:31:b2:7b:1c:19:37:e9:
         81:37:e8:d7:e3:8e:03:26:bb:5e:44:ef:f0:45:6f:25:6a:c8:
         76:b3:df:89:63:1c:66:a5:e5:64:14:a2:10:fe:21:a3:d8:d7:
         3f:8e:55:00:e1:85:6c:95:4b:21:42:e4:90:0a:3d:18:8b:c5:
         b1:5a:12:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pp/e/UHGrZdlcHyKjgH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNDc3MDcyYjkxYWY1YzNmM2JmZTY5NzQzMjQzZTdjZGEz
YWU4NzkwHhcNMjYwMTAyMTIyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWM1MjcxY2FjZTBmZDY4NzM0OTc2M2FhNDFjZGE5OTBkZmUzNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdegInhnpY7KqHZBmy+eH0ZBECCz
p+jX2gCMiJV9c+vB3zrEBILvrh8AeJY43RVXIj5jOYw8vinqwEZdiCGa+QPFhgEB
DaLbbkbKfLPHUkXg/IKXL6zGuHKJsod+IrUy2k61R0lMI8P87LE1aemJ2J0eLnI1
BvR7etIEg3KcaGXCdtjOiTFlmY6Yl5V19EDUM+HPBRtzTHg2fbf02CIQszqYK6Dj
/LXH3ORlZrgPZMZLv99whIPNvGdAGIe+y+wuersbA44zGvqd5z6XRw+obirGPVVC
zh7IMpiNDPLMWC/SqtP+XptSzAAhMNW89V2ocVXegYfdXrVqDKlkVKvDFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHFJxys4P1oc0l2OqQc2pkN/jTcMB8GA1UdIwQY
MBaAFOFHcHK5GvXD87/ml0MkPnzaOuh5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2Ut
ZTdjOGNmM2FmNWRlLzEvWWNVbkhLemdfV2h6U1hZNnBCemFtUTMtTk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2UtZTdjOGNmM2FmNWRl
LzEvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZHrMA0G
CSqGSIb3DQEBCwUAA4IBAQBBkq7GO5TwIzTPfp/gOlQW/DNffo+scHw/+FeCNRJh
3oYVDp4HIuyDCGWYdN63rqWIW5arpvlpt9/Zibe9d88tiwCrwn2qwiNUoSNkhq/s
d2NF/4H0CFeih1+Sa6E++YlCSjMm/W36GCPYhkLGTUZ3za7UriYxJCXA96ByrAvd
5tGegSdOdEDi2BiKXBDef2Ol6GwqLAA29yMe/QqvWI0NfZ57KdFIPWXJPUFhSu68
SBz6yCCMVByU1JAsteYlXjGyexwZN+mBN+jX444DJrteRO/wRW8lash2s9+JYxxm
peVkFKIQ/iGj2Nc/jlUA4YVslUshQuSQCj0Yi8WxWhK8
-----END CERTIFICATE-----