This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/YHYbmuz_pM9wn1qc-egcCE-kAEA.roa
File:                     YHYbmuz_pM9wn1qc-egcCE-kAEA.roa (raw, json)
Hash identifier:          6Tz9Tz8OM7622P+63dPrrdM/er/OUWTKt1lvg0lixIg=
Subject key identifier:   60:76:1B:9A:EC:FF:A4:CF:70:9F:5A:9C:F9:E8:1C:08:4F:A4:00:40
Certificate issuer:       /CN=31cb00d2f84401810c3200b52fa388e93651ddf3
Certificate serial:       019B7DCA0BCC4FBF7E21EC5A8C4B5696397E
Authority key identifier: 31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/YHYbmuz_pM9wn1qc-egcCE-kAEA.roa
Signing time:             Fri 02 Jan 2026 08:19:11 +0000
ROA not before:           Fri 02 Jan 2026 08:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5483
IP address blocks:        188.127.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:0b:cc:4f:bf:7e:21:ec:5a:8c:4b:56:96:39:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31cb00d2f84401810c3200b52fa388e93651ddf3
        Validity
            Not Before: Jan  2 08:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60761b9aecffa4cf709f5a9cf9e81c084fa40040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4c:70:8b:ea:e7:38:17:18:ae:ef:2d:f5:1d:
                    21:35:b2:27:8e:da:59:12:3e:49:85:7a:2f:0d:01:
                    bb:5e:2f:5a:a3:12:08:ce:f9:b6:7d:29:9f:f4:cd:
                    91:79:3e:1b:7a:56:2f:81:60:b4:b4:e6:7a:25:73:
                    34:79:b5:c0:f8:57:cc:e9:51:da:6a:f1:67:90:79:
                    05:44:43:c5:52:5b:4c:3b:d6:99:40:d4:ac:0f:47:
                    00:e2:30:45:6a:5e:2b:34:3b:5f:13:af:79:ff:3a:
                    bf:2d:65:ab:35:7d:c4:72:5a:54:de:c7:cd:00:e4:
                    ce:4c:ae:24:c2:01:a2:ed:95:a6:0f:a8:fa:d7:87:
                    86:7a:70:d5:a8:53:43:87:a3:72:2e:bf:28:07:7e:
                    d7:a2:4e:70:af:aa:f1:d9:fc:22:43:43:89:16:f6:
                    01:3f:b9:5e:fc:e0:c3:e9:a8:33:9b:c2:54:d1:be:
                    f2:52:b4:93:1d:cd:ac:58:ea:c4:45:59:31:9a:d8:
                    53:8a:18:8a:e1:30:d7:bb:43:c6:02:88:7c:32:ac:
                    39:3a:e8:5f:73:c3:e4:ba:22:63:1d:2c:75:b9:27:
                    86:34:4e:30:83:b1:1a:dd:cf:e3:5b:9c:c0:76:35:
                    5c:43:ad:cd:a4:4a:a6:fe:00:11:53:32:3d:f5:da:
                    ea:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:76:1B:9A:EC:FF:A4:CF:70:9F:5A:9C:F9:E8:1C:08:4F:A4:00:40
            X509v3 Authority Key Identifier:
                keyid:31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/YHYbmuz_pM9wn1qc-egcCE-kAEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.127.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:53:83:e4:68:cf:83:9c:51:f4:01:b3:43:01:02:cb:fc:c9:
         7b:fa:89:01:e2:5e:e7:b5:54:b2:2b:cd:17:0b:83:22:ed:9d:
         e1:08:9c:03:2b:02:a4:9a:7b:28:b3:84:65:c8:ee:06:6f:14:
         71:a8:5b:71:46:ab:e6:d8:95:7b:7c:fc:33:6a:11:72:aa:ad:
         d3:9b:a4:1d:b6:0a:20:21:22:24:0e:4b:94:0a:ab:d3:37:36:
         f2:1c:d6:fe:66:2f:79:92:c0:ce:87:51:4f:58:f0:50:8c:a1:
         01:b0:69:f6:cc:14:88:50:b1:e9:99:90:c7:2d:bd:7c:0e:d5:
         96:05:33:47:c9:4a:f7:58:02:6f:ba:3e:51:cc:99:a1:18:09:
         00:3b:48:d5:a5:5f:fd:50:cd:27:6f:21:ab:5d:99:f3:5e:9a:
         76:41:25:9a:14:8f:69:ba:29:2e:b1:e5:42:f7:46:b0:ba:35:
         2e:c7:69:b3:17:bf:67:e3:d5:c9:0c:af:bc:e2:c8:51:00:d6:
         2c:81:c2:b8:56:9e:e3:4e:12:2b:13:09:64:e3:78:a3:42:4b:
         ee:9c:94:fc:3c:e6:e7:38:90:93:bc:84:0e:3c:14:76:4c:2c:
         00:e5:74:c4:35:02:57:3f:22:fe:59:51:42:e7:65:7a:2c:c9:
         81:32:0e:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ygvMT79+IexajEtWljl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxY2IwMGQyZjg0NDAxODEwYzMyMDBiNTJmYTM4OGU5MzY1
MWRkZjMwHhcNMjYwMTAyMDgxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc2MWI5YWVjZmZhNGNmNzA5ZjVhOWNmOWU4MWMwODRmYTQwMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0xwi+rnOBcYru8t9R0hNbInjtpZ
Ej5JhXovDQG7Xi9aoxIIzvm2fSmf9M2ReT4belYvgWC0tOZ6JXM0ebXA+FfM6VHa
avFnkHkFREPFUltMO9aZQNSsD0cA4jBFal4rNDtfE695/zq/LWWrNX3EclpU3sfN
AOTOTK4kwgGi7ZWmD6j614eGenDVqFNDh6NyLr8oB37Xok5wr6rx2fwiQ0OJFvYB
P7le/ODD6agzm8JU0b7yUrSTHc2sWOrERVkxmthTihiK4TDXu0PGAoh8Mqw5Ouhf
c8PkuiJjHSx1uSeGNE4wg7Ea3c/jW5zAdjVcQ63NpEqm/gARUzI99drqOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB2G5rs/6TPcJ9anPnoHAhPpABAMB8GA1UdIwQY
MBaAFDHLANL4RAGBDDIAtS+jiOk2Ud3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUt
ODBlNDI3NTk2YjVkLzEvWUhZYm11el9wTTl3bjFxYy1lZ2NDRS1rQUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUtODBlNDI3NTk2YjVk
LzEvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvH+AMA0G
CSqGSIb3DQEBCwUAA4IBAQB5U4PkaM+DnFH0AbNDAQLL/Ml7+okB4l7ntVSyK80X
C4Mi7Z3hCJwDKwKkmnsos4RlyO4GbxRxqFtxRqvm2JV7fPwzahFyqq3Tm6Qdtgog
ISIkDkuUCqvTNzbyHNb+Zi95ksDOh1FPWPBQjKEBsGn2zBSIULHpmZDHLb18DtWW
BTNHyUr3WAJvuj5RzJmhGAkAO0jVpV/9UM0nbyGrXZnzXpp2QSWaFI9puikuseVC
90awujUux2mzF79n49XJDK+84shRANYsgcK4Vp7jThIrEwlk43ijQkvunJT8PObn
OJCTvIQOPBR2TCwA5XTENQJXPyL+WVFC52V6LMmBMg5d
-----END CERTIFICATE-----