This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YakwVYN6sFxSZaYEaqK71VQ1Je0.roa
File:                     YakwVYN6sFxSZaYEaqK71VQ1Je0.roa (raw, json)
Hash identifier:          xqJCpVLm29RKY3U3KKbf1TmWN0pBDt7hZkf1jTVNqA4=
Subject key identifier:   61:A9:30:55:83:7A:B0:5C:52:65:A6:04:6A:A2:BB:D5:54:35:25:ED
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3563861DA2FCC903390BF84F56BC8E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YakwVYN6sFxSZaYEaqK71VQ1Je0.roa
Signing time:             Thu 01 Jan 2026 20:17:35 +0000
ROA not before:           Thu 01 Jan 2026 20:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28925
IP address blocks:        81.181.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:63:86:1d:a2:fc:c9:03:39:0b:f8:4f:56:bc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61a93055837ab05c5265a6046aa2bbd5543525ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:a5:0d:13:e9:52:7b:f9:ee:8b:2f:97:72:8b:
                    23:97:63:fa:81:93:8c:bf:aa:fb:28:30:3a:a3:a4:
                    9c:ff:31:1f:42:33:f2:e1:9c:be:0b:70:7f:5c:52:
                    c8:5a:b7:af:45:84:4a:09:db:14:3c:d0:18:af:6c:
                    85:c9:66:b1:dd:46:b8:8d:c4:04:85:28:1b:ac:14:
                    2c:4e:f4:ea:8f:2c:7e:b7:27:e3:f4:c0:17:63:16:
                    c7:8d:d2:d8:66:99:96:d8:56:f0:b8:ae:20:9c:e7:
                    db:69:96:d6:ac:8a:db:a8:5e:ed:3f:70:62:c4:69:
                    d4:75:6f:e1:d7:6b:e8:7e:3d:a0:a0:d5:4d:f3:68:
                    76:b7:1e:71:44:b2:db:80:5f:fc:e4:f8:5a:ec:f8:
                    6b:aa:b5:5b:a5:a0:75:30:99:ac:72:3f:4c:30:c4:
                    31:8c:93:41:b9:d1:a5:4c:a8:b1:88:85:5b:fb:b4:
                    f3:d5:5f:93:fb:c4:5b:aa:24:6b:f0:47:f7:c8:3b:
                    78:5a:ba:3e:25:c4:c9:25:70:7a:4c:a3:f6:1c:78:
                    37:8a:0f:14:62:56:ad:79:cd:db:16:8c:d0:97:6c:
                    53:39:95:4b:00:47:a5:72:3e:55:c1:cc:eb:0d:66:
                    83:3c:2a:00:2d:a0:a5:4e:7e:72:70:f8:51:8e:c3:
                    cf:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A9:30:55:83:7A:B0:5C:52:65:A6:04:6A:A2:BB:D5:54:35:25:ED
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YakwVYN6sFxSZaYEaqK71VQ1Je0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:ec:d8:84:41:af:ef:16:36:64:ae:f0:8a:61:d8:b4:7c:8d:
         9d:2e:4b:d9:7e:38:53:3a:3e:51:ba:78:73:c4:e1:db:ae:c2:
         c7:f3:27:c3:36:31:d9:b9:73:ce:30:5c:38:e0:bf:53:62:ae:
         5f:1d:46:aa:5c:b7:29:dc:48:af:c6:d1:bd:5e:7e:a7:90:23:
         d5:e6:4e:79:11:60:a6:75:4e:a5:60:af:57:63:88:5b:7b:30:
         68:eb:28:7b:f3:ad:67:87:4d:a6:c0:de:a8:6c:b7:9f:2d:4c:
         ce:99:9f:70:17:29:a6:fd:be:9c:3f:72:1e:d8:35:a2:c5:f3:
         3c:7a:b6:14:75:5d:15:ef:23:a0:1f:aa:59:96:7f:0a:41:3b:
         16:96:b5:20:6d:93:9e:68:cb:0e:58:08:40:43:cd:27:fb:15:
         2e:63:a9:c7:be:6f:4e:c1:98:0f:f4:3d:89:98:12:7f:ff:e5:
         13:7a:e2:2b:79:74:8d:e5:ed:17:15:21:12:f3:1e:25:aa:d9:
         d9:29:c5:05:c3:3d:1b:95:78:3d:f6:c9:10:fb:3f:c8:41:ef:
         b7:ab:aa:81:96:7b:7c:24:d7:93:a5:ac:08:d0:e0:e8:af:42:
         ef:f5:6c:3b:f9:f5:e4:6f:96:73:c1:b9:ed:6e:fd:09:31:8c:
         51:04:c6:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWOGHaL8yQM5C/hPVryOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWE5MzA1NTgzN2FiMDVjNTI2NWE2MDQ2YWEyYmJkNTU0MzUyNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aUNE+lSe/nuiy+Xcosjl2P6gZOM
v6r7KDA6o6Sc/zEfQjPy4Zy+C3B/XFLIWrevRYRKCdsUPNAYr2yFyWax3Ua4jcQE
hSgbrBQsTvTqjyx+tyfj9MAXYxbHjdLYZpmW2FbwuK4gnOfbaZbWrIrbqF7tP3Bi
xGnUdW/h12vofj2goNVN82h2tx5xRLLbgF/85Pha7PhrqrVbpaB1MJmscj9MMMQx
jJNBudGlTKixiIVb+7Tz1V+T+8RbqiRr8Ef3yDt4Wro+JcTJJXB6TKP2HHg3ig8U
Ylatec3bFozQl2xTOZVLAEelcj5VwczrDWaDPCoALaClTn5ycPhRjsPP9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGpMFWDerBcUmWmBGqiu9VUNSXtMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvWWFrd1ZZTjZzRnhTWmFZRWFxSzcxVlExSmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUbXKMA0G
CSqGSIb3DQEBCwUAA4IBAQBw7NiEQa/vFjZkrvCKYdi0fI2dLkvZfjhTOj5Runhz
xOHbrsLH8yfDNjHZuXPOMFw44L9TYq5fHUaqXLcp3EivxtG9Xn6nkCPV5k55EWCm
dU6lYK9XY4hbezBo6yh7861nh02mwN6obLefLUzOmZ9wFymm/b6cP3Ie2DWixfM8
erYUdV0V7yOgH6pZln8KQTsWlrUgbZOeaMsOWAhAQ80n+xUuY6nHvm9OwZgP9D2J
mBJ//+UTeuIreXSN5e0XFSES8x4lqtnZKcUFwz0blXg99skQ+z/IQe+3q6qBlnt8
JNeTpawI0ODor0Lv9Ww7+fXkb5Zzwbntbv0JMYxRBMaw
-----END CERTIFICATE-----