This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/YGGcoMwgnXgQhZlFiELK4BMadGs.roa
File:                     YGGcoMwgnXgQhZlFiELK4BMadGs.roa (raw, json)
Hash identifier:          YXm7yk6lZ9RL1Uc7MqGLkZ8Gibptwurwo1w5xqii1FU=
Subject key identifier:   60:61:9C:A0:CC:20:9D:78:10:85:99:45:88:42:CA:E0:13:1A:74:6B
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       019B7AC92DF1211DD8D52EFE4EF260DAA872
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/YGGcoMwgnXgQhZlFiELK4BMadGs.roa
Signing time:             Thu 01 Jan 2026 18:19:23 +0000
ROA not before:           Thu 01 Jan 2026 18:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60446
IP address blocks:        2.59.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 14:20:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:2d:f1:21:1d:d8:d5:2e:fe:4e:f2:60:da:a8:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  1 18:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60619ca0cc209d78108599458842cae0131a746b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:38:9e:22:de:2b:db:f2:f1:ef:06:c3:77:06:
                    e9:f4:d2:29:4d:ee:24:7e:30:6d:88:45:6e:27:8b:
                    90:d4:f1:69:1c:58:b4:22:13:76:12:98:7c:ea:9d:
                    b0:c3:6b:9a:23:fe:78:31:2e:03:76:17:9e:ac:a9:
                    5f:2a:e6:55:bc:60:09:4d:c3:4d:4c:c6:eb:7c:f8:
                    e0:97:b6:ea:0b:27:91:8e:dc:1a:55:63:49:eb:bd:
                    61:5d:6f:b0:a7:a6:f7:c2:27:09:56:67:3e:c8:78:
                    76:49:24:5c:4e:45:ee:9c:5a:79:1d:89:a3:73:72:
                    1c:3a:bb:9d:64:34:57:a7:9e:47:1f:ac:b2:65:b6:
                    a0:b2:db:fa:82:75:ce:cb:f3:ae:e2:60:c4:3c:08:
                    4a:59:89:5f:b7:7c:cb:de:c5:de:9b:ea:7c:6f:be:
                    77:51:90:5a:b6:d5:dd:ce:12:d0:70:f5:b3:4b:40:
                    59:6b:5a:c4:57:d8:0a:4b:fb:fe:b1:54:61:da:62:
                    a7:15:69:85:04:33:5d:a2:18:3a:ec:2a:94:7a:0e:
                    5e:fa:73:c0:bb:c8:c0:1c:11:cc:93:4d:93:e7:5d:
                    8b:ae:86:7f:81:92:5c:d5:0e:ab:5b:d5:3d:9b:97:
                    43:97:b2:5a:6e:c4:30:89:63:1c:8b:30:d7:a8:96:
                    0f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:61:9C:A0:CC:20:9D:78:10:85:99:45:88:42:CA:E0:13:1A:74:6B
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/YGGcoMwgnXgQhZlFiELK4BMadGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:e9:26:20:c0:a6:77:b4:48:f7:45:47:17:41:93:08:6a:09:
         45:5e:e9:61:ce:d9:53:6e:2f:c3:5c:4b:51:10:c1:e0:8b:5b:
         91:26:0c:c3:07:c7:db:3a:f5:9c:25:12:c8:f8:87:f9:6e:ec:
         c0:7e:5b:a1:59:76:9c:d9:4a:1f:32:24:8d:b3:d9:bc:c9:1c:
         5d:68:6b:31:d7:81:c3:35:86:d0:c3:4b:b6:33:b4:47:e4:01:
         88:36:75:19:01:d3:0b:75:50:de:ff:89:40:35:fe:d7:be:de:
         c0:1f:62:f0:bb:1f:3e:3c:8e:b6:ba:35:8c:41:73:71:d6:c1:
         d2:7b:fc:1c:5b:ca:fc:cf:8b:08:27:d6:97:10:47:4d:a1:e0:
         29:1b:c1:b9:37:76:1a:73:7c:58:49:f4:22:82:ed:81:49:ab:
         62:88:73:bb:fd:af:b6:99:6e:55:2b:73:70:98:b6:78:cd:a4:
         37:28:69:bf:8f:d9:4e:d7:6e:cb:5f:2c:dd:91:6b:91:0d:14:
         22:34:97:c0:7a:ae:31:f2:7e:77:ae:5c:c8:01:54:0b:b7:3a:
         63:51:c1:2c:7b:50:23:02:97:a7:e8:fa:5e:16:ce:84:bb:c1:
         8a:b0:d0:31:3a:15:a6:23:b9:4d:af:5e:29:c7:61:53:28:d0:
         81:23:56:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yS3xIR3Y1S7+TvJg2qhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjYwMTAxMTgxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDYxOWNhMGNjMjA5ZDc4MTA4NTk5NDU4ODQyY2FlMDEzMWE3NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzieIt4r2/Lx7wbDdwbp9NIpTe4k
fjBtiEVuJ4uQ1PFpHFi0IhN2Eph86p2ww2uaI/54MS4DdheerKlfKuZVvGAJTcNN
TMbrfPjgl7bqCyeRjtwaVWNJ671hXW+wp6b3wicJVmc+yHh2SSRcTkXunFp5HYmj
c3IcOrudZDRXp55HH6yyZbagstv6gnXOy/Ou4mDEPAhKWYlft3zL3sXem+p8b753
UZBattXdzhLQcPWzS0BZa1rEV9gKS/v+sVRh2mKnFWmFBDNdohg67CqUeg5e+nPA
u8jAHBHMk02T512LroZ/gZJc1Q6rW9U9m5dDl7JabsQwiWMcizDXqJYPDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBhnKDMIJ14EIWZRYhCyuATGnRrMB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvWUdHY29Nd2duWGdRaFpsRmlFTEs0Qk1hZEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjt3MA0G
CSqGSIb3DQEBCwUAA4IBAQAx6SYgwKZ3tEj3RUcXQZMIaglFXulhztlTbi/DXEtR
EMHgi1uRJgzDB8fbOvWcJRLI+If5buzAfluhWXac2UofMiSNs9m8yRxdaGsx14HD
NYbQw0u2M7RH5AGINnUZAdMLdVDe/4lANf7Xvt7AH2Lwux8+PI62ujWMQXNx1sHS
e/wcW8r8z4sIJ9aXEEdNoeApG8G5N3Yac3xYSfQigu2BSatiiHO7/a+2mW5VK3Nw
mLZ4zaQ3KGm/j9lO127LXyzdkWuRDRQiNJfAeq4x8n53rlzIAVQLtzpjUcEse1Aj
Apen6PpeFs6Eu8GKsNAxOhWmI7lNr14px2FTKNCBI1Zi
-----END CERTIFICATE-----