This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yamVxhPMtGDOKqX-XxLSfkFPy20.roa
File:                     yamVxhPMtGDOKqX-XxLSfkFPy20.roa (raw, json)
Hash identifier:          3rPXxwv3ihR9tkre3TAXdkU0cFqqVdW5FyMnLjPX2oQ=
Subject key identifier:   C9:A9:95:C6:13:CC:B4:60:CE:2A:A5:FE:5F:12:D2:7E:41:4F:CB:6D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019AA09E3A91AE595513317EEB9632FC9972
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yamVxhPMtGDOKqX-XxLSfkFPy20.roa
Signing time:             Thu 20 Nov 2025 09:35:15 +0000
ROA not before:           Thu 20 Nov 2025 09:35:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203758
IP address blocks:        185.186.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a0:9e:3a:91:ae:59:55:13:31:7e:eb:96:32:fc:99:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Nov 20 09:35:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9a995c613ccb460ce2aa5fe5f12d27e414fcb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1c:88:67:8a:45:2b:ec:08:30:04:8d:02:3e:
                    a6:e2:65:4f:ec:3b:b5:a2:2d:e7:81:c9:1b:14:de:
                    04:16:39:ef:63:54:35:ec:5d:71:b5:38:03:b4:b6:
                    6b:aa:a0:4f:b3:ef:93:c0:6f:ac:5c:6e:84:2a:9b:
                    ee:dd:b3:e2:d8:aa:78:2a:63:f8:12:c0:64:95:e4:
                    eb:03:6d:11:bd:37:4b:e8:6d:e4:d0:87:2a:11:8c:
                    87:d4:8e:a4:2d:83:0b:98:c9:c1:c1:7e:19:81:c7:
                    b1:92:12:63:2b:29:b5:4a:97:2d:b0:86:7b:ff:d9:
                    6a:25:8e:87:5f:82:9a:6a:0b:15:b7:06:e3:f2:e2:
                    08:e8:e8:4e:94:5e:9e:f5:23:b4:1d:5e:cf:50:58:
                    28:1a:98:93:50:8a:23:61:2d:e3:ad:9d:c7:ce:20:
                    0c:af:b5:7d:bd:b9:32:e3:40:c0:ac:48:36:e3:b7:
                    92:55:f7:75:7d:e6:a4:2e:b1:db:8f:97:72:4a:20:
                    77:70:42:d8:bf:6c:8a:80:3d:90:b0:0e:76:40:1d:
                    a2:3b:b0:7b:e8:2a:bb:ee:8e:4d:70:be:e2:ac:27:
                    6c:ad:d0:fd:65:52:ca:82:d5:2a:1b:31:fa:a8:db:
                    68:92:c1:62:03:c5:8b:1e:57:7a:4a:bc:2d:ce:c8:
                    47:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A9:95:C6:13:CC:B4:60:CE:2A:A5:FE:5F:12:D2:7E:41:4F:CB:6D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/yamVxhPMtGDOKqX-XxLSfkFPy20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:eb:e7:5c:38:44:fd:cc:32:54:88:b3:2a:d6:af:ee:96:6b:
         f6:36:5b:e9:27:f9:b3:e1:5a:a9:5f:83:38:6d:a1:68:3a:2d:
         9c:da:ee:7f:15:0a:14:1b:99:36:e0:0d:be:03:bc:72:71:12:
         34:db:11:d7:26:e6:6c:33:77:2b:5e:e5:ad:af:e7:9b:47:1c:
         bf:00:5f:33:a8:7d:c8:9d:fb:14:18:eb:35:08:2b:3e:4d:2c:
         66:d2:73:71:23:50:a4:17:11:c5:89:61:80:e6:14:28:0e:d0:
         f3:2c:80:4b:36:66:3d:b5:45:f8:81:32:f4:6b:c5:20:7b:3f:
         ba:28:3b:a4:6a:e7:5b:40:c5:54:24:a2:bb:00:19:28:c2:8d:
         b3:a8:ea:e4:13:a9:7e:57:ff:d2:b2:cc:7d:94:52:2a:06:ca:
         ed:c0:c9:23:2b:b7:2d:97:8e:3d:77:90:fb:6c:c0:9b:10:0f:
         b3:d4:14:44:d8:67:ca:b1:21:1d:99:e0:6e:7e:87:1b:0f:49:
         a9:a9:e6:ea:a7:22:fc:2a:80:0e:81:c3:cd:86:56:74:7b:17:
         45:26:37:93:17:c8:cc:3d:4d:60:27:7d:fd:b1:f6:1f:eb:85:
         f3:5a:0e:e2:9c:b2:f0:9e:de:91:82:e0:a9:2d:79:95:e0:a3:
         3c:69:21:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqgnjqRrllVEzF+65Yy/JlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUxMTIwMDkzNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE5OTVjNjEzY2NiNDYwY2UyYWE1ZmU1ZjEyZDI3ZTQxNGZjYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhyIZ4pFK+wIMASNAj6m4mVP7Du1
oi3ngckbFN4EFjnvY1Q17F1xtTgDtLZrqqBPs++TwG+sXG6EKpvu3bPi2Kp4KmP4
EsBkleTrA20RvTdL6G3k0IcqEYyH1I6kLYMLmMnBwX4ZgcexkhJjKym1SpctsIZ7
/9lqJY6HX4KaagsVtwbj8uII6OhOlF6e9SO0HV7PUFgoGpiTUIojYS3jrZ3HziAM
r7V9vbky40DArEg247eSVfd1feakLrHbj5dySiB3cELYv2yKgD2QsA52QB2iO7B7
6Cq77o5NcL7irCdsrdD9ZVLKgtUqGzH6qNtoksFiA8WLHld6SrwtzshHmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmplcYTzLRgziql/l8S0n5BT8ttMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEveWFtVnhoUE10R0RPS3FYLVh4TFNma0ZQeTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpBMA0G
CSqGSIb3DQEBCwUAA4IBAQCj6+dcOET9zDJUiLMq1q/ulmv2NlvpJ/mz4VqpX4M4
baFoOi2c2u5/FQoUG5k24A2+A7xycRI02xHXJuZsM3crXuWtr+ebRxy/AF8zqH3I
nfsUGOs1CCs+TSxm0nNxI1CkFxHFiWGA5hQoDtDzLIBLNmY9tUX4gTL0a8Ugez+6
KDukaudbQMVUJKK7ABkowo2zqOrkE6l+V//Sssx9lFIqBsrtwMkjK7ctl449d5D7
bMCbEA+z1BRE2GfKsSEdmeBufocbD0mpqebqpyL8KoAOgcPNhlZ0exdFJjeTF8jM
PU1gJ339sfYf64XzWg7inLLwnt6RguCpLXmV4KM8aSGd
-----END CERTIFICATE-----