This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/lYp-YR5agUeBIpPproziS51g9ek.roa
File:                     lYp-YR5agUeBIpPproziS51g9ek.roa (raw, json)
Hash identifier:          9jFyVnGeTg/IMXlqGgWRdiaBnJrjVXxu+HDus3oW3gU=
Subject key identifier:   95:8A:7E:61:1E:5A:81:47:81:22:93:E9:AE:8C:E2:4B:9D:60:F5:E9
Certificate issuer:       /CN=6ab449c198cb96637bac1a5b6d51cb31f258bb2c
Certificate serial:       019B7A5B8303D124B85C249800F1E0AE6D85
Authority key identifier: 6A:B4:49:C1:98:CB:96:63:7B:AC:1A:5B:6D:51:CB:31:F2:58:BB:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/arRJwZjLlmN7rBpbbVHLMfJYuyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/lYp-YR5agUeBIpPproziS51g9ek.roa
Signing time:             Thu 01 Jan 2026 16:19:36 +0000
ROA not before:           Thu 01 Jan 2026 16:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31446
IP address blocks:        193.16.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/arRJwZjLlmN7rBpbbVHLMfJYuyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/arRJwZjLlmN7rBpbbVHLMfJYuyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/arRJwZjLlmN7rBpbbVHLMfJYuyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:83:03:d1:24:b8:5c:24:98:00:f1:e0:ae:6d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ab449c198cb96637bac1a5b6d51cb31f258bb2c
        Validity
            Not Before: Jan  1 16:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=958a7e611e5a8147812293e9ae8ce24b9d60f5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c3:ad:5c:79:9b:34:f5:56:60:d4:8d:b2:ba:
                    9e:a6:1a:e6:e9:83:27:b0:ca:ca:16:07:ef:8f:cf:
                    42:74:48:e4:c0:ee:cb:44:f3:80:ab:b7:9a:3b:67:
                    ab:70:12:cf:c4:21:13:00:64:39:bb:9c:c6:7e:8c:
                    7d:52:97:e9:45:27:1b:fb:22:d2:dc:f0:6a:65:09:
                    a6:ea:e7:3f:cd:f8:67:7f:bd:f2:34:4e:5a:00:8a:
                    a2:03:d1:fb:a5:e4:9c:6e:a8:a6:5e:d1:8a:c5:31:
                    e7:c6:51:9b:b2:e3:cb:58:f6:a1:1c:74:c2:a1:3f:
                    82:fd:c0:a7:f9:02:15:88:8b:40:a2:51:51:b3:55:
                    59:f6:40:f9:70:7e:bb:90:51:7d:6d:f1:a0:0c:41:
                    98:fc:f1:46:ad:9c:2d:3b:ed:89:48:f9:3a:c0:fb:
                    9d:87:7a:83:fc:c3:4d:9e:36:d0:c5:9c:55:65:36:
                    5e:78:eb:66:b6:f0:f8:1d:82:5f:5d:d3:a6:e8:91:
                    96:4d:0d:1d:bb:0f:88:e0:f4:92:f6:8f:14:3a:3d:
                    fc:45:36:c8:65:79:19:29:d9:c3:8a:84:af:30:fd:
                    80:dd:16:38:b5:1e:8a:24:d0:d7:72:0d:94:0d:99:
                    f7:32:17:d8:5d:4e:bb:30:36:8b:47:6e:8b:49:2f:
                    19:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:8A:7E:61:1E:5A:81:47:81:22:93:E9:AE:8C:E2:4B:9D:60:F5:E9
            X509v3 Authority Key Identifier:
                keyid:6A:B4:49:C1:98:CB:96:63:7B:AC:1A:5B:6D:51:CB:31:F2:58:BB:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/arRJwZjLlmN7rBpbbVHLMfJYuyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/lYp-YR5agUeBIpPproziS51g9ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2b187d-edd8-40ee-a17c-d67da3c6969b/1/arRJwZjLlmN7rBpbbVHLMfJYuyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:67:f1:61:e5:4e:00:89:c5:b5:84:9e:a8:44:63:3c:6a:6e:
         60:25:3e:a2:76:10:b0:fd:85:34:c4:cb:99:06:12:a3:62:f5:
         e2:e2:42:79:7a:f1:fd:b2:d1:1b:4c:13:eb:66:9c:ef:90:ff:
         58:3a:da:9b:36:ed:63:1f:77:86:8b:8b:1f:60:c5:13:da:f3:
         3d:28:7b:44:85:64:0c:9f:ce:c1:7e:e0:62:ea:fc:2c:31:4c:
         75:f1:b3:7c:77:f5:2e:9a:ef:e7:01:28:f2:ee:89:f5:a9:09:
         e5:b9:79:da:d2:66:c9:2f:25:af:17:f7:92:77:30:45:5e:c5:
         65:f6:d2:a8:da:4a:65:c0:32:9a:52:b6:d5:2b:0c:f0:68:a7:
         68:70:35:6f:e2:83:31:d7:ca:7c:d8:fc:ad:bf:2e:a1:45:c0:
         66:7e:80:bd:87:a9:65:ca:33:1b:8e:f4:41:a4:db:18:1b:ec:
         78:27:d0:77:9e:a8:28:8e:eb:11:be:3e:40:90:06:0e:92:69:
         50:d9:92:a1:a3:3c:37:11:41:72:9e:5d:27:b5:19:12:62:f5:
         6f:0b:b4:ed:67:84:ca:91:70:75:ca:43:38:23:9d:88:74:d6:
         6b:2d:39:5e:3c:82:2e:6e:ee:01:c3:b6:1b:91:0d:58:56:62:
         3f:c8:a2:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W4MD0SS4XCSYAPHgrm2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYjQ0OWMxOThjYjk2NjM3YmFjMWE1YjZkNTFjYjMxZjI1
OGJiMmMwHhcNMjYwMTAxMTYxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NThhN2U2MTFlNWE4MTQ3ODEyMjkzZTlhZThjZTI0YjlkNjBmNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8OtXHmbNPVWYNSNsrqephrm6YMn
sMrKFgfvj89CdEjkwO7LRPOAq7eaO2ercBLPxCETAGQ5u5zGfox9UpfpRScb+yLS
3PBqZQmm6uc/zfhnf73yNE5aAIqiA9H7peScbqimXtGKxTHnxlGbsuPLWPahHHTC
oT+C/cCn+QIViItAolFRs1VZ9kD5cH67kFF9bfGgDEGY/PFGrZwtO+2JSPk6wPud
h3qD/MNNnjbQxZxVZTZeeOtmtvD4HYJfXdOm6JGWTQ0duw+I4PSS9o8UOj38RTbI
ZXkZKdnDioSvMP2A3RY4tR6KJNDXcg2UDZn3MhfYXU67MDaLR26LSS8Z1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWKfmEeWoFHgSKT6a6M4kudYPXpMB8GA1UdIwQY
MBaAFGq0ScGYy5Zje6waW21RyzHyWLssMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXJSSndaakxsbU43ckJwYmJWSExNZkpZdXl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8yYjE4N2QtZWRkOC00MGVlLWExN2Mt
ZDY3ZGEzYzY5NjliLzEvbFlwLVlSNWFnVWVCSXBQcHJvemlTNTFnOWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8yYjE4N2QtZWRkOC00MGVlLWExN2MtZDY3ZGEzYzY5Njli
LzEvYXJSSndaakxsbU43ckJwYmJWSExNZkpZdXl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRDtMA0G
CSqGSIb3DQEBCwUAA4IBAQByZ/Fh5U4AicW1hJ6oRGM8am5gJT6idhCw/YU0xMuZ
BhKjYvXi4kJ5evH9stEbTBPrZpzvkP9YOtqbNu1jH3eGi4sfYMUT2vM9KHtEhWQM
n87BfuBi6vwsMUx18bN8d/Uumu/nASjy7on1qQnluXna0mbJLyWvF/eSdzBFXsVl
9tKo2kplwDKaUrbVKwzwaKdocDVv4oMx18p82Pytvy6hRcBmfoC9h6llyjMbjvRB
pNsYG+x4J9B3nqgojusRvj5AkAYOkmlQ2ZKhozw3EUFynl0ntRkSYvVvC7TtZ4TK
kXB1ykM4I52IdNZrLTlePIIubu4Bw7YbkQ1YVmI/yKIa
-----END CERTIFICATE-----