This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YJI3cYxDlbBmBRsiTGiQiHXlT10.roa
File:                     YJI3cYxDlbBmBRsiTGiQiHXlT10.roa (raw, json)
Hash identifier:          9byk8WfiaTpR2U2NExSJPmbE1/u8vmZKAJhxGHk/wp0=
Subject key identifier:   60:92:37:71:8C:43:95:B0:66:05:1B:22:4C:68:90:88:75:E5:4F:5D
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019B7E38EACE45C5B990B73B45373C519B5F
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YJI3cYxDlbBmBRsiTGiQiHXlT10.roa
Signing time:             Fri 02 Jan 2026 10:20:17 +0000
ROA not before:           Fri 02 Jan 2026 10:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63989
IP address blocks:        109.122.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:ea:ce:45:c5:b9:90:b7:3b:45:37:3c:51:9b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jan  2 10:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=609237718c4395b066051b224c68908875e54f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1a:b7:97:4a:99:7f:17:fa:ee:57:50:0a:6f:
                    93:14:c9:e1:d6:70:e7:46:fa:fe:dd:bd:1e:55:43:
                    e6:f4:be:eb:dd:0a:a5:22:3c:66:eb:7f:aa:e1:05:
                    32:5e:00:4c:2b:cb:b3:97:e0:fe:1a:42:f4:60:b1:
                    07:0d:cd:99:f6:77:71:44:7a:c0:95:9e:4b:2f:5b:
                    d5:9c:67:a5:95:8b:55:e9:cf:f1:52:57:db:9b:22:
                    c7:f4:07:11:49:36:a3:ba:6c:b6:6a:c3:13:37:b6:
                    1b:c1:d5:71:49:d0:58:2b:58:e3:85:cc:0d:81:1a:
                    fb:67:c0:f2:ee:e4:69:5f:a8:30:80:20:98:7a:66:
                    3d:7e:0a:24:0a:78:25:a6:a0:af:b7:cf:07:dc:92:
                    55:c9:a9:fc:41:90:cd:8d:c3:39:82:9a:1a:80:d3:
                    b0:c5:73:88:9f:ab:f2:37:3b:92:d1:03:b1:8e:b6:
                    0c:69:d9:c2:73:a2:79:d7:58:00:bc:e1:2e:be:ea:
                    d1:4b:6d:8a:3c:45:a6:7e:51:12:31:e9:40:66:96:
                    11:8f:3c:db:22:6d:94:88:ab:27:d1:fb:5d:7c:ab:
                    6b:72:55:57:dd:ed:da:52:94:9f:f7:bb:e4:f4:d8:
                    d7:d5:fa:58:96:73:df:bc:21:1f:57:8f:7a:97:d7:
                    5b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:92:37:71:8C:43:95:B0:66:05:1B:22:4C:68:90:88:75:E5:4F:5D
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/YJI3cYxDlbBmBRsiTGiQiHXlT10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:00:a1:af:4c:46:e4:ab:bc:e4:5c:ae:24:90:eb:6f:54:a5:
         bf:62:54:ec:78:66:b0:84:9c:89:ac:9e:e1:f8:b7:8c:06:56:
         a5:35:1b:6c:aa:ab:24:38:90:83:4c:0b:5f:1c:4b:7e:17:9e:
         57:3e:82:49:62:d8:f0:5d:5d:18:83:6f:71:64:9e:7c:56:ac:
         19:1b:9d:06:e6:22:47:eb:be:59:54:c9:09:f2:db:9c:c4:f6:
         58:22:29:a8:40:92:90:69:b8:d1:37:b9:1d:1c:bf:c4:74:7e:
         08:3a:13:5a:20:24:bf:22:93:a5:1b:df:9e:74:0e:5a:f8:bb:
         3f:88:19:f4:68:90:c0:5a:c4:ee:8f:86:12:00:93:5a:94:bf:
         9c:fb:31:a1:be:1f:a4:01:6c:3a:fe:b1:45:d2:74:4c:85:27:
         f9:89:6e:10:db:a9:b9:4d:4c:dd:a4:4c:53:ed:c7:58:4c:9c:
         76:2e:c7:e6:03:ca:d3:3d:d0:d6:16:ae:09:bb:c9:b2:71:f3:
         2d:ec:d3:c5:0a:94:b3:96:2d:95:86:35:21:90:48:a4:48:e6:
         ad:93:59:db:81:45:94:6f:21:54:f4:cb:0d:9b:2f:9a:50:a8:
         13:87:2e:d5:0e:7a:f5:98:bc:2a:10:cf:9e:a1:59:ad:e4:53:
         b6:c2:c3:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OOrORcW5kLc7RTc8UZtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwMTAyMTAyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDkyMzc3MThjNDM5NWIwNjYwNTFiMjI0YzY4OTA4ODc1ZTU0ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshq3l0qZfxf67ldQCm+TFMnh1nDn
Rvr+3b0eVUPm9L7r3QqlIjxm63+q4QUyXgBMK8uzl+D+GkL0YLEHDc2Z9ndxRHrA
lZ5LL1vVnGellYtV6c/xUlfbmyLH9AcRSTajumy2asMTN7YbwdVxSdBYK1jjhcwN
gRr7Z8Dy7uRpX6gwgCCYemY9fgokCnglpqCvt88H3JJVyan8QZDNjcM5gpoagNOw
xXOIn6vyNzuS0QOxjrYMadnCc6J511gAvOEuvurRS22KPEWmflESMelAZpYRjzzb
Im2UiKsn0ftdfKtrclVX3e3aUpSf97vk9NjX1fpYlnPfvCEfV496l9dbAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCSN3GMQ5WwZgUbIkxokIh15U9dMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvWUpJM2NZeERsYkJtQlJzaVRHaVFpSFhsVDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoYMA0G
CSqGSIb3DQEBCwUAA4IBAQBSAKGvTEbkq7zkXK4kkOtvVKW/YlTseGawhJyJrJ7h
+LeMBlalNRtsqqskOJCDTAtfHEt+F55XPoJJYtjwXV0Yg29xZJ58VqwZG50G5iJH
675ZVMkJ8tucxPZYIimoQJKQabjRN7kdHL/EdH4IOhNaICS/IpOlG9+edA5a+Ls/
iBn0aJDAWsTuj4YSAJNalL+c+zGhvh+kAWw6/rFF0nRMhSf5iW4Q26m5TUzdpExT
7cdYTJx2LsfmA8rTPdDWFq4Ju8mycfMt7NPFCpSzli2VhjUhkEikSOatk1nbgUWU
byFU9MsNmy+aUKgThy7VDnr1mLwqEM+eoVmt5FO2wsOI
-----END CERTIFICATE-----