This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/yaEEybz2NfCWEApyu2Dzx2yLpcI.roa
File:                     yaEEybz2NfCWEApyu2Dzx2yLpcI.roa (raw, json)
Hash identifier:          j2pzI49xHsyv/Ol3MBefWz6almNV2xHEmt1n4qjR/Wk=
Subject key identifier:   C9:A1:04:C9:BC:F6:35:F0:96:10:0A:72:BB:60:F3:C7:6C:8B:A5:C2
Certificate issuer:       /CN=40cf69cca2c86e194754788edcd88e352ed4e11c
Certificate serial:       019B7C7FC903CC373AD18D6FE481E72704DF
Authority key identifier: 40:CF:69:CC:A2:C8:6E:19:47:54:78:8E:DC:D8:8E:35:2E:D4:E1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/yaEEybz2NfCWEApyu2Dzx2yLpcI.roa
Signing time:             Fri 02 Jan 2026 02:18:27 +0000
ROA not before:           Fri 02 Jan 2026 02:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        176.119.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:c9:03:cc:37:3a:d1:8d:6f:e4:81:e7:27:04:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cf69cca2c86e194754788edcd88e352ed4e11c
        Validity
            Not Before: Jan  2 02:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9a104c9bcf635f096100a72bb60f3c76c8ba5c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6f:04:9c:43:8f:82:b3:df:7e:b1:a6:26:74:
                    30:e1:1e:41:92:26:46:8f:2a:60:69:10:b8:ba:08:
                    91:ef:19:5f:26:2a:b1:1a:71:df:f4:2a:ad:36:66:
                    8d:7d:5f:be:ff:c4:26:8d:f9:55:42:57:52:d7:3c:
                    5c:ed:ff:9e:bf:19:3f:91:08:62:f2:c7:d4:c4:71:
                    98:0f:4b:8a:f3:7b:ec:f2:44:92:29:67:33:0b:ef:
                    52:bd:29:13:bc:26:d0:06:65:94:9b:80:ee:64:65:
                    cd:84:30:39:80:04:6a:bb:cd:38:14:14:88:7b:c6:
                    bc:4f:68:77:b3:86:d3:0c:a9:ca:6d:72:0d:97:6a:
                    ac:43:27:4c:91:97:72:44:fe:31:85:74:2e:dc:a8:
                    35:63:45:bc:7f:84:0b:3c:22:85:71:2e:e3:8a:68:
                    38:3b:c4:34:1a:f9:91:57:65:a2:5b:b3:06:d4:9a:
                    71:92:04:37:d7:7a:a4:4f:88:59:da:e4:f2:33:1a:
                    03:e2:b3:f2:2b:5c:c1:1d:bc:a6:88:75:a2:51:7e:
                    07:70:c5:27:77:3a:8a:5a:23:42:ba:78:bf:9d:0e:
                    70:8c:0b:48:7a:eb:34:97:f2:a3:48:0a:d4:ee:77:
                    ae:38:fc:f0:42:65:5b:33:03:69:b4:b7:85:8a:37:
                    05:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A1:04:C9:BC:F6:35:F0:96:10:0A:72:BB:60:F3:C7:6C:8B:A5:C2
            X509v3 Authority Key Identifier:
                keyid:40:CF:69:CC:A2:C8:6E:19:47:54:78:8E:DC:D8:8E:35:2E:D4:E1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QM9pzKLIbhlHVHiO3NiONS7U4Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/yaEEybz2NfCWEApyu2Dzx2yLpcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b8b606-c65a-409a-ba8d-cf1a5d8e5f6d/1/QM9pzKLIbhlHVHiO3NiONS7U4Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:13:a5:e5:0d:fd:87:bb:4c:a2:1a:f6:d5:96:a4:2d:15:51:
         a8:52:44:33:10:4f:cf:49:20:46:8f:df:6b:34:18:ff:bb:08:
         44:d8:66:f8:20:47:f7:56:86:11:3f:1e:88:fe:a3:92:98:5e:
         a2:22:23:28:87:b7:ca:57:38:c6:b2:da:69:4e:65:97:44:c5:
         55:4b:a7:02:6a:0e:dc:c5:d8:cf:ca:fa:e1:16:87:5c:22:eb:
         ea:cd:d8:1c:d0:82:d8:40:cf:4f:cd:ec:a0:24:ec:a4:39:c5:
         d9:0f:7e:08:85:bb:53:d8:70:ba:9d:b1:8c:93:7d:9b:52:87:
         8f:6b:0f:56:75:ce:e3:d2:2b:9a:73:fa:32:ef:a6:df:35:53:
         1e:02:ef:45:ce:d9:b3:2d:ec:47:24:4b:ce:dc:bd:ed:e0:58:
         49:b5:3d:7c:90:e2:4a:03:8a:4f:03:ef:2d:44:cf:f4:8b:9c:
         6d:26:0f:56:bc:fc:1e:cb:b3:fb:33:4e:12:d3:c7:e0:07:01:
         bb:ca:b5:26:5b:60:dd:6f:1a:cc:e2:b3:70:cc:ab:b5:d2:8e:
         c3:72:8a:dc:08:fd:fc:bc:a2:bd:94:93:6e:09:30:5c:eb:5d:
         e6:8e:d4:11:fa:c6:bf:92:33:9e:7a:b9:23:30:95:91:cf:98:
         cf:ae:be:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f8kDzDc60Y1v5IHnJwTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2Y2OWNjYTJjODZlMTk0NzU0Nzg4ZWRjZDg4ZTM1MmVk
NGUxMWMwHhcNMjYwMTAyMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWExMDRjOWJjZjYzNWYwOTYxMDBhNzJiYjYwZjNjNzZjOGJhNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA028EnEOPgrPffrGmJnQw4R5BkiZG
jypgaRC4ugiR7xlfJiqxGnHf9CqtNmaNfV++/8QmjflVQldS1zxc7f+evxk/kQhi
8sfUxHGYD0uK83vs8kSSKWczC+9SvSkTvCbQBmWUm4DuZGXNhDA5gARqu804FBSI
e8a8T2h3s4bTDKnKbXINl2qsQydMkZdyRP4xhXQu3Kg1Y0W8f4QLPCKFcS7jimg4
O8Q0GvmRV2WiW7MG1JpxkgQ313qkT4hZ2uTyMxoD4rPyK1zBHbymiHWiUX4HcMUn
dzqKWiNCuni/nQ5wjAtIeus0l/KjSArU7neuOPzwQmVbMwNptLeFijcFvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmhBMm89jXwlhAKcrtg88dsi6XCMB8GA1UdIwQY
MBaAFEDPacyiyG4ZR1R4jtzYjjUu1OEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU05cHpLTEliaGxIVkhpTzNOaU9OUzdVNFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iOGI2MDYtYzY1YS00MDlhLWJhOGQt
Y2YxYTVkOGU1ZjZkLzEveWFFRXliejJOZkNXRUFweXUyRHp4MnlMcGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iOGI2MDYtYzY1YS00MDlhLWJhOGQtY2YxYTVkOGU1ZjZk
LzEvUU05cHpLTEliaGxIVkhpTzNOaU9OUzdVNFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfJMA0G
CSqGSIb3DQEBCwUAA4IBAQBLE6XlDf2Hu0yiGvbVlqQtFVGoUkQzEE/PSSBGj99r
NBj/uwhE2Gb4IEf3VoYRPx6I/qOSmF6iIiMoh7fKVzjGstppTmWXRMVVS6cCag7c
xdjPyvrhFodcIuvqzdgc0ILYQM9PzeygJOykOcXZD34IhbtT2HC6nbGMk32bUoeP
aw9Wdc7j0iuac/oy76bfNVMeAu9FztmzLexHJEvO3L3t4FhJtT18kOJKA4pPA+8t
RM/0i5xtJg9WvPwey7P7M04S08fgBwG7yrUmW2DdbxrM4rNwzKu10o7DcorcCP38
vKK9lJNuCTBc613mjtQR+sa/kjOeerkjMJWRz5jPrr6S
-----END CERTIFICATE-----