This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/yhn9dpQ9JMdhORhKTGHRWo28skc.roa
File:                     yhn9dpQ9JMdhORhKTGHRWo28skc.roa (raw, json)
Hash identifier:          bSzQxY0bRO3l7byWiRWjJbF72ZbccA9YQZh/5o/wPiI=
Subject key identifier:   CA:19:FD:76:94:3D:24:C7:61:39:18:4A:4C:61:D1:5A:8D:BC:B2:47
Certificate issuer:       /CN=08fcbc341c87433d03e4dd615b7f3453164344b3
Certificate serial:       019B7D5ABAC9E414A905915942509238CA56
Authority key identifier: 08:FC:BC:34:1C:87:43:3D:03:E4:DD:61:5B:7F:34:53:16:43:44:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/yhn9dpQ9JMdhORhKTGHRWo28skc.roa
Signing time:             Fri 02 Jan 2026 06:17:36 +0000
ROA not before:           Fri 02 Jan 2026 06:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201913
IP address blocks:        185.77.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:ba:c9:e4:14:a9:05:91:59:42:50:92:38:ca:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fcbc341c87433d03e4dd615b7f3453164344b3
        Validity
            Not Before: Jan  2 06:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca19fd76943d24c76139184a4c61d15a8dbcb247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9f:38:56:02:a2:c9:42:b9:e6:a2:d8:4f:30:
                    4c:42:76:8c:95:68:51:74:75:9a:92:82:9e:2d:2c:
                    79:2b:6f:7e:c3:82:67:83:6a:21:1b:37:ac:ce:fc:
                    7d:c3:ab:ca:29:d5:97:72:f2:fc:7b:a1:d8:09:07:
                    20:80:d7:43:61:aa:9d:86:2c:e3:db:87:a9:e0:78:
                    7e:d8:4d:d8:e7:4a:ca:ab:d1:14:20:ac:71:fb:2b:
                    c9:94:24:66:5e:f1:00:0e:75:2d:06:90:a0:dc:e5:
                    c1:98:e9:9e:61:b6:7d:43:d9:55:ab:b1:d7:ba:6f:
                    35:44:f0:2b:11:ab:03:c6:92:2e:2e:9d:44:5e:90:
                    c5:7e:7e:05:be:f5:f9:97:70:a9:39:cc:f1:a3:98:
                    3f:78:bd:d5:2e:ff:9c:6e:f3:3d:7b:ec:cb:ee:29:
                    a9:08:dd:26:67:58:97:4e:e6:fe:f8:c9:2e:3a:4b:
                    5d:80:2c:c9:7e:fb:ba:e3:e6:95:a0:c8:d1:4a:9b:
                    e4:cf:ba:a9:b1:6d:fd:cb:22:24:3e:ee:c3:87:45:
                    b8:3b:b9:2c:bc:5f:9b:19:f4:6c:2a:8d:4d:3b:78:
                    6a:5e:ff:11:a5:1d:10:52:9e:be:07:48:12:5a:cc:
                    fb:e8:39:f5:65:c6:17:dd:f8:a6:48:68:9e:6e:42:
                    b0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:19:FD:76:94:3D:24:C7:61:39:18:4A:4C:61:D1:5A:8D:BC:B2:47
            X509v3 Authority Key Identifier:
                keyid:08:FC:BC:34:1C:87:43:3D:03:E4:DD:61:5B:7F:34:53:16:43:44:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/yhn9dpQ9JMdhORhKTGHRWo28skc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:8d:49:56:59:e6:b4:21:4a:f8:aa:5d:2e:12:54:41:d5:cc:
         dc:9c:c6:d2:3f:0f:8a:5a:a6:49:17:a3:f5:fb:b8:d8:ec:b4:
         89:ac:fd:cd:c2:bc:1a:98:89:e1:27:3b:89:08:24:1a:0b:1d:
         77:fa:6d:f1:0b:6f:a5:d8:74:7d:1e:cd:47:da:4f:fe:55:f6:
         01:5c:8c:08:11:a6:cf:36:4e:6b:e5:4f:ab:e6:1f:90:dc:a3:
         78:90:0d:2f:24:7f:94:fd:b5:df:35:45:61:bd:76:5f:63:93:
         e2:7c:72:db:71:05:2b:98:de:28:75:79:39:f8:f1:c0:0f:ca:
         e3:af:90:d4:17:58:14:ab:ed:3b:fe:06:a7:97:9a:7e:47:e2:
         b0:06:15:56:75:b7:4a:1e:d2:26:92:2d:cd:90:b6:d3:ef:45:
         68:e9:17:e0:5a:8c:14:d1:d2:48:3b:47:7c:5e:1c:26:ce:f8:
         4a:02:e2:b1:f3:a2:17:d5:8e:3a:7e:ef:50:5b:e0:56:84:80:
         64:a3:f6:88:72:2d:30:51:6e:29:9d:14:96:53:fb:25:17:55:
         18:66:96:c2:c5:65:62:c0:2e:7f:3f:2f:b0:e2:0e:e9:21:c6:
         e0:6b:08:97:22:6e:f8:29:92:0f:91:79:f9:18:06:16:9e:89:
         2e:3c:d5:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WrrJ5BSpBZFZQlCSOMpWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNiYzM0MWM4NzQzM2QwM2U0ZGQ2MTViN2YzNDUzMTY0
MzQ0YjMwHhcNMjYwMTAyMDYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE5ZmQ3Njk0M2QyNGM3NjEzOTE4NGE0YzYxZDE1YThkYmNiMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ84VgKiyUK55qLYTzBMQnaMlWhR
dHWakoKeLSx5K29+w4Jng2ohGzeszvx9w6vKKdWXcvL8e6HYCQcggNdDYaqdhizj
24ep4Hh+2E3Y50rKq9EUIKxx+yvJlCRmXvEADnUtBpCg3OXBmOmeYbZ9Q9lVq7HX
um81RPArEasDxpIuLp1EXpDFfn4FvvX5l3CpOczxo5g/eL3VLv+cbvM9e+zL7imp
CN0mZ1iXTub++MkuOktdgCzJfvu64+aVoMjRSpvkz7qpsW39yyIkPu7Dh0W4O7ks
vF+bGfRsKo1NO3hqXv8RpR0QUp6+B0gSWsz76Dn1ZcYX3fimSGiebkKw/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoZ/XaUPSTHYTkYSkxh0VqNvLJHMB8GA1UdIwQY
MBaAFAj8vDQch0M9A+TdYVt/NFMWQ0SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B5OE5CeUhRejBENU4xaFczODBVeFpEUkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xYWU3YmUtMzQ4NC00YjEyLThiZjQt
YzEwMGE5ODZiYzVjLzEveWhuOWRwUTlKTWRoT1JoS1RHSFJXbzI4c2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xYWU3YmUtMzQ4NC00YjEyLThiZjQtYzEwMGE5ODZiYzVj
LzEvQ1B5OE5CeUhRejBENU4xaFczODBVeFpEUkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU0LMA0G
CSqGSIb3DQEBCwUAA4IBAQBGjUlWWea0IUr4ql0uElRB1czcnMbSPw+KWqZJF6P1
+7jY7LSJrP3NwrwamInhJzuJCCQaCx13+m3xC2+l2HR9Hs1H2k/+VfYBXIwIEabP
Nk5r5U+r5h+Q3KN4kA0vJH+U/bXfNUVhvXZfY5PifHLbcQUrmN4odXk5+PHAD8rj
r5DUF1gUq+07/ganl5p+R+KwBhVWdbdKHtImki3NkLbT70Vo6RfgWowU0dJIO0d8
XhwmzvhKAuKx86IX1Y46fu9QW+BWhIBko/aIci0wUW4pnRSWU/slF1UYZpbCxWVi
wC5/Py+w4g7pIcbgawiXIm74KZIPkXn5GAYWnokuPNVn
-----END CERTIFICATE-----