This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YbmezzHXgj-DwziBToxfXkCcGDU.roa
File:                     YbmezzHXgj-DwziBToxfXkCcGDU.roa (raw, json)
Hash identifier:          XyyIkFNwG2AmIy/69PsxKvRepRashVyYO8jQYZbZctU=
Subject key identifier:   61:B9:9E:CF:31:D7:82:3F:83:C3:38:81:4E:8C:5F:5E:40:9C:18:35
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B355F9548FED79D2E09CE7FCE20ED14
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YbmezzHXgj-DwziBToxfXkCcGDU.roa
Signing time:             Thu 01 Jan 2026 20:17:34 +0000
ROA not before:           Thu 01 Jan 2026 20:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14315
IP address blocks:        85.121.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:5f:95:48:fe:d7:9d:2e:09:ce:7f:ce:20:ed:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61b99ecf31d7823f83c338814e8c5f5e409c1835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:19:d0:7b:da:e3:49:1d:22:79:21:95:a0:62:
                    4e:76:f6:ce:e2:99:52:cc:01:af:e6:92:cb:cc:87:
                    75:7a:d7:47:d2:a0:de:88:63:63:7c:5c:60:63:0d:
                    89:a8:65:ac:3d:2f:41:7b:8b:29:9c:57:1d:c3:78:
                    01:58:0c:04:57:f1:f7:57:5f:56:18:a7:70:8d:6e:
                    ee:dd:b4:8f:39:20:6b:9e:42:d1:7c:a0:1e:36:ca:
                    3b:ba:42:3c:90:3b:2b:3d:54:09:09:3e:52:57:d0:
                    fa:70:8a:f0:ea:98:71:fc:1a:0d:bd:80:e0:8c:aa:
                    0b:f8:9e:a7:7f:84:7d:fd:a1:e7:7c:f4:b4:1a:27:
                    0e:16:15:8c:28:27:8b:93:df:18:29:b7:d5:1c:b6:
                    e8:11:78:5f:86:92:ff:f9:0d:37:13:a7:34:69:58:
                    65:57:f2:e6:31:c2:f7:b1:33:a8:58:86:70:b2:f5:
                    23:14:1b:de:cf:16:d3:e5:2c:09:8c:25:0b:d7:1a:
                    c4:b2:cb:5d:79:89:9f:59:3e:62:67:98:f2:e8:7f:
                    1a:f3:2c:60:5e:f1:75:3e:61:0c:62:5f:3a:c8:a3:
                    75:ad:38:61:ef:10:d5:5b:4d:b1:e7:bc:03:31:24:
                    69:67:ce:cc:02:f9:0f:58:3d:24:f1:9c:d5:40:b3:
                    60:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B9:9E:CF:31:D7:82:3F:83:C3:38:81:4E:8C:5F:5E:40:9C:18:35
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/YbmezzHXgj-DwziBToxfXkCcGDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.121.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:8d:20:37:76:2c:54:9e:da:3a:df:4c:e0:10:3d:d7:b8:a7:
         8e:ea:51:2f:65:36:6c:e1:25:0a:53:3c:42:36:69:9a:ce:50:
         f9:07:ec:34:57:84:bb:7e:f3:71:01:8c:f5:fe:da:11:a2:10:
         e3:3c:a3:f4:79:56:5e:e3:40:3f:ff:cf:b6:da:bc:b7:7b:7c:
         c7:d1:f9:38:c1:5e:c2:df:7e:9e:2c:3c:a9:c8:e0:50:0d:c4:
         0a:3b:bf:19:0d:7d:7d:18:8f:3c:0d:9a:39:11:a3:6e:52:80:
         9f:d5:68:55:76:c5:b6:db:b0:e7:a1:66:9f:1e:94:dc:e3:be:
         30:ed:0e:c4:44:dc:5a:15:3e:1e:20:69:97:55:b6:bf:eb:8b:
         d2:77:e1:27:a6:2e:79:59:f0:93:67:fb:31:86:e5:83:01:47:
         64:06:6d:eb:0c:91:8f:03:e3:5d:41:54:ac:ce:e3:c3:71:f0:
         31:d7:82:df:46:56:24:1d:d1:d8:09:f9:50:b1:69:41:5f:6e:
         f4:d4:02:31:91:21:98:c2:6c:07:8c:c9:35:f8:54:f9:f8:25:
         6b:43:37:f8:f4:b4:98:f0:86:16:be:b6:66:a0:b2:be:c9:02:
         75:72:eb:07:aa:88:71:d0:9e:65:fe:d6:69:74:d5:43:8b:46:
         15:d5:06:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NV+VSP7XnS4Jzn/OIO0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWI5OWVjZjMxZDc4MjNmODNjMzM4ODE0ZThjNWY1ZTQwOWMxODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBnQe9rjSR0ieSGVoGJOdvbO4plS
zAGv5pLLzId1etdH0qDeiGNjfFxgYw2JqGWsPS9Be4spnFcdw3gBWAwEV/H3V19W
GKdwjW7u3bSPOSBrnkLRfKAeNso7ukI8kDsrPVQJCT5SV9D6cIrw6phx/BoNvYDg
jKoL+J6nf4R9/aHnfPS0GicOFhWMKCeLk98YKbfVHLboEXhfhpL/+Q03E6c0aVhl
V/LmMcL3sTOoWIZwsvUjFBvezxbT5SwJjCUL1xrEsstdeYmfWT5iZ5jy6H8a8yxg
XvF1PmEMYl86yKN1rThh7xDVW02x57wDMSRpZ87MAvkPWD0k8ZzVQLNg5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG5ns8x14I/g8M4gU6MX15AnBg1MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvWWJtZXp6SFhnai1Ed3ppQlRveGZYa0NjR0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXnwMA0G
CSqGSIb3DQEBCwUAA4IBAQCijSA3dixUnto630zgED3XuKeO6lEvZTZs4SUKUzxC
NmmazlD5B+w0V4S7fvNxAYz1/toRohDjPKP0eVZe40A//8+22ry3e3zH0fk4wV7C
336eLDypyOBQDcQKO78ZDX19GI88DZo5EaNuUoCf1WhVdsW227DnoWafHpTc474w
7Q7ERNxaFT4eIGmXVba/64vSd+Enpi55WfCTZ/sxhuWDAUdkBm3rDJGPA+NdQVSs
zuPDcfAx14LfRlYkHdHYCflQsWlBX2701AIxkSGYwmwHjMk1+FT5+CVrQzf49LSY
8IYWvrZmoLK+yQJ1cusHqohx0J5l/tZpdNVDi0YV1Qap
-----END CERTIFICATE-----