This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/YMLK0WNDiWhZ_JWaco4Zw3kDGJo.roa
File:                     YMLK0WNDiWhZ_JWaco4Zw3kDGJo.roa (raw, json)
Hash identifier:          bGHRKz945zUEwIZMVSGI/Yx1YtIwUjpLEOddKtnhMVQ=
Subject key identifier:   60:C2:CA:D1:63:43:89:68:59:FC:95:9A:72:8E:19:C3:79:03:18:9A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E3824E02BFF0F09A5C2DD0626D9592D
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/YMLK0WNDiWhZ_JWaco4Zw3kDGJo.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50340
IP address blocks:        146.185.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:24:e0:2b:ff:0f:09:a5:c2:dd:06:26:d9:59:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60c2cad16343896859fc959a728e19c37903189a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3e:71:b4:48:c4:85:7f:72:b9:85:b5:4e:59:
                    91:a9:b8:a2:7d:ed:36:74:f8:b4:49:44:ef:b7:23:
                    34:b2:eb:9d:d9:12:2e:de:6b:5e:10:f7:0e:90:c6:
                    b1:24:46:20:e9:13:92:46:88:20:a2:f3:27:56:de:
                    0c:f1:27:32:08:c8:1d:aa:78:a5:09:ce:a3:b6:97:
                    40:63:12:63:ab:f7:f1:7b:94:e7:2a:0d:59:43:d7:
                    88:c0:71:ed:f7:db:dd:03:83:3a:44:a6:30:e9:86:
                    45:25:e1:be:ab:13:de:b3:91:0d:41:3a:df:26:f6:
                    d1:e8:a4:ff:6b:8d:24:ee:e5:67:28:dc:53:51:ed:
                    f3:61:78:ba:ce:da:cc:4c:6c:e9:0f:20:20:6f:5b:
                    e0:43:2b:c2:bb:52:0b:c7:ae:83:69:41:08:cb:36:
                    9d:ab:c4:4a:2f:e2:03:3f:cf:35:04:96:93:a5:66:
                    ed:d7:27:cb:3f:78:f0:69:2f:c8:e4:73:27:d0:ea:
                    5f:61:06:7a:60:4f:0c:3c:a6:0b:89:2a:26:fc:3f:
                    02:01:bb:2b:1f:05:55:20:f3:10:0d:4c:18:9b:02:
                    9a:1d:6d:25:b0:8e:cd:4e:9d:0d:7a:30:50:e0:3b:
                    72:06:16:41:5f:e0:0c:60:63:f1:57:f5:a1:ba:55:
                    fb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C2:CA:D1:63:43:89:68:59:FC:95:9A:72:8E:19:C3:79:03:18:9A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/YMLK0WNDiWhZ_JWaco4Zw3kDGJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:14:28:18:d5:d2:3b:9d:7a:d8:16:c2:c7:c7:1c:30:8c:21:
         e5:42:5e:05:8b:b7:b9:1b:d9:03:8e:df:5e:f5:70:ca:19:42:
         e8:54:72:80:2f:94:3e:fe:12:84:b0:91:46:bc:16:45:40:30:
         e4:e0:75:09:93:34:62:12:92:cf:9d:37:de:6d:64:07:cf:a5:
         3c:e5:64:7c:68:8e:35:19:b4:10:03:90:af:a0:f0:84:9c:d6:
         96:fb:c2:d7:43:6d:f9:04:71:0c:dc:fc:cf:82:c7:e8:0e:cf:
         dc:8c:6e:bf:8b:65:e2:ff:3c:70:d0:8a:67:64:63:08:d2:04:
         6d:75:12:1e:1a:bd:c8:52:7f:af:95:24:42:77:2b:2e:81:85:
         db:1a:c4:0c:f2:3a:4a:9d:8d:c1:2c:db:ed:72:97:b7:20:3a:
         52:67:49:bf:ec:67:89:5c:ac:be:10:ae:64:f3:4e:28:8a:5d:
         eb:01:2d:54:a2:2b:ab:f2:9c:5b:55:26:5b:48:11:61:b5:25:
         1f:ce:9a:99:0b:12:2b:d8:ac:d1:a1:42:a5:13:8f:ad:29:a0:
         9c:02:cc:ea:ca:10:59:88:d3:ac:89:66:ed:64:08:af:d4:7a:
         6c:56:8e:34:7d:52:e0:65:44:f0:62:ca:54:73:b4:ae:45:a6:
         e6:58:cc:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCTgK/8PCaXC3QYm2VktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGMyY2FkMTYzNDM4OTY4NTlmYzk1OWE3MjhlMTljMzc5MDMxODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz5xtEjEhX9yuYW1TlmRqbiife02
dPi0SUTvtyM0suud2RIu3mteEPcOkMaxJEYg6ROSRoggovMnVt4M8ScyCMgdqnil
Cc6jtpdAYxJjq/fxe5TnKg1ZQ9eIwHHt99vdA4M6RKYw6YZFJeG+qxPes5ENQTrf
JvbR6KT/a40k7uVnKNxTUe3zYXi6ztrMTGzpDyAgb1vgQyvCu1ILx66DaUEIyzad
q8RKL+IDP881BJaTpWbt1yfLP3jwaS/I5HMn0OpfYQZ6YE8MPKYLiSom/D8CAbsr
HwVVIPMQDUwYmwKaHW0lsI7NTp0NejBQ4DtyBhZBX+AMYGPxV/WhulX7oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDCytFjQ4loWfyVmnKOGcN5AxiaMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvWU1MSzBXTkRpV2haX0pXYWNvNFp3M2tER0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkrnrMA0G
CSqGSIb3DQEBCwUAA4IBAQCeFCgY1dI7nXrYFsLHxxwwjCHlQl4Fi7e5G9kDjt9e
9XDKGULoVHKAL5Q+/hKEsJFGvBZFQDDk4HUJkzRiEpLPnTfebWQHz6U85WR8aI41
GbQQA5CvoPCEnNaW+8LXQ235BHEM3PzPgsfoDs/cjG6/i2Xi/zxw0IpnZGMI0gRt
dRIeGr3IUn+vlSRCdysugYXbGsQM8jpKnY3BLNvtcpe3IDpSZ0m/7GeJXKy+EK5k
804oil3rAS1Uoiur8pxbVSZbSBFhtSUfzpqZCxIr2KzRoUKlE4+tKaCcAszqyhBZ
iNOsiWbtZAiv1HpsVo40fVLgZUTwYspUc7SuRabmWMxD
-----END CERTIFICATE-----