This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hYygt2D_2n1pYi_NTrG2nkmeaiI.roa
File:                     hYygt2D_2n1pYi_NTrG2nkmeaiI.roa (raw, json)
Hash identifier:          dQrBwFPxwSf58rNos8WFJkrSXg3GQyoC4p0wWkx0CkU=
Subject key identifier:   85:8C:A0:B7:60:FF:DA:7D:69:62:2F:CD:4E:B1:B6:9E:49:9E:6A:22
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       019B76EB7F982788926139C2E7FB77E26A74
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hYygt2D_2n1pYi_NTrG2nkmeaiI.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24891
IP address blocks:        82.222.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:7f:98:27:88:92:61:39:c2:e7:fb:77:e2:6a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=858ca0b760ffda7d69622fcd4eb1b69e499e6a22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3d:0c:d4:03:3a:7d:ec:bf:ac:cc:c7:a7:1f:
                    c5:55:b8:a8:bb:71:b7:8c:ed:e2:85:fd:de:9c:18:
                    63:ef:de:5e:d7:1b:09:6a:d1:c1:49:a9:2e:d2:89:
                    2b:0b:e1:78:ed:37:5f:0f:83:a7:a6:72:82:9b:8b:
                    34:d2:b2:be:f0:7e:6c:82:af:b2:11:cc:47:c0:f0:
                    c0:d3:f6:5b:67:26:53:f2:c7:45:f7:d6:f9:3b:95:
                    51:d4:5a:4c:85:50:a9:17:ec:b7:3d:5b:73:25:62:
                    11:df:4c:c3:c7:7c:56:6d:3b:fb:36:57:7d:54:36:
                    5f:ab:d2:b0:59:19:fb:ec:a4:e4:28:9f:1a:20:0d:
                    d8:67:d1:56:d5:3d:eb:ff:a9:33:9e:d3:aa:38:8d:
                    b7:66:d0:36:0e:bb:19:93:de:94:a8:c3:19:95:d1:
                    d1:36:18:d7:d2:98:ae:73:1e:8e:d5:f4:11:0e:78:
                    84:f7:79:3f:17:08:36:f5:14:ca:51:ce:b6:2f:26:
                    33:08:9d:27:ad:28:8e:42:b6:bc:98:24:98:d3:58:
                    06:fb:f4:11:0c:4c:24:11:b5:be:ce:38:8e:09:86:
                    29:8b:0f:fd:ee:d4:b1:4f:e9:cd:f0:ea:64:fa:d0:
                    80:91:4a:1d:27:2e:f5:2c:e2:0a:37:54:71:29:3e:
                    6e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:8C:A0:B7:60:FF:DA:7D:69:62:2F:CD:4E:B1:B6:9E:49:9E:6A:22
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hYygt2D_2n1pYi_NTrG2nkmeaiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:92:50:0e:ca:66:a6:0c:6f:00:82:c0:61:0a:28:1e:50:27:
         da:8b:63:f3:5a:38:b5:98:9e:52:f4:3a:c1:0a:38:c0:50:e6:
         0e:67:75:c4:b2:51:03:74:0c:3b:03:49:a8:6c:7c:7f:df:2f:
         cc:b1:39:9b:35:04:75:df:b1:fa:93:11:23:99:be:05:36:03:
         04:53:52:1f:e3:26:a6:27:7c:2e:6c:8f:f1:60:47:66:f7:6f:
         1b:f7:60:97:fe:ea:62:8b:3f:36:1e:9c:c7:15:2c:b6:94:93:
         61:15:f7:ec:36:06:ff:66:6d:b9:b0:99:a3:ca:a3:d4:00:15:
         75:9f:b5:20:57:6d:da:12:00:b5:01:41:b0:95:38:9b:57:f1:
         c2:85:98:5b:f7:da:83:3a:e6:4c:68:2f:f2:29:5b:6a:8d:fc:
         54:da:9e:e4:e6:d0:ae:94:9c:9c:bb:a0:ac:ba:c2:e0:a9:1a:
         08:bf:ce:0b:e3:e1:9b:c5:e1:47:09:f3:05:f1:e7:ac:12:28:
         b9:70:8a:c9:e7:da:d5:38:9c:cc:21:53:70:ec:d7:70:e5:69:
         8c:d1:d9:bb:8d:bc:58:3f:e3:a4:59:7a:68:83:86:54:74:1f:
         23:e2:13:e5:7c:28:ac:9e:67:e7:32:dd:e7:94:28:dd:55:c7:
         e4:b6:4a:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt263+YJ4iSYTnC5/t34mp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThjYTBiNzYwZmZkYTdkNjk2MjJmY2Q0ZWIxYjY5ZTQ5OWU2YTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD0M1AM6fey/rMzHpx/FVbiou3G3
jO3ihf3enBhj795e1xsJatHBSaku0okrC+F47TdfD4OnpnKCm4s00rK+8H5sgq+y
EcxHwPDA0/ZbZyZT8sdF99b5O5VR1FpMhVCpF+y3PVtzJWIR30zDx3xWbTv7Nld9
VDZfq9KwWRn77KTkKJ8aIA3YZ9FW1T3r/6kzntOqOI23ZtA2DrsZk96UqMMZldHR
NhjX0piucx6O1fQRDniE93k/Fwg29RTKUc62LyYzCJ0nrSiOQra8mCSY01gG+/QR
DEwkEbW+zjiOCYYpiw/97tSxT+nN8Opk+tCAkUodJy71LOIKN1RxKT5u8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWMoLdg/9p9aWIvzU6xtp5JnmoiMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvaFl5Z3QyRF8ybjFwWWlfTlRyRzJua21lYWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6pMA0G
CSqGSIb3DQEBCwUAA4IBAQAFklAOymamDG8AgsBhCigeUCfai2PzWji1mJ5S9DrB
CjjAUOYOZ3XEslEDdAw7A0mobHx/3y/MsTmbNQR137H6kxEjmb4FNgMEU1If4yam
J3wubI/xYEdm928b92CX/upiiz82HpzHFSy2lJNhFffsNgb/Zm25sJmjyqPUABV1
n7UgV23aEgC1AUGwlTibV/HChZhb99qDOuZMaC/yKVtqjfxU2p7k5tCulJycu6Cs
usLgqRoIv84L4+GbxeFHCfMF8eesEii5cIrJ59rVOJzMIVNw7Ndw5WmM0dm7jbxY
P+OkWXpog4ZUdB8j4hPlfCisnmfnMt3nlCjdVcfktkrc
-----END CERTIFICATE-----