This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YKvd-MLf2uofbzpm1yORdGinwdw.roa
File:                     YKvd-MLf2uofbzpm1yORdGinwdw.roa (raw, json)
Hash identifier:          e56flj0txyibCTefKbaoko0xNRjEwedyOzCPKqqF94Y=
Subject key identifier:   60:AB:DD:F8:C2:DF:DA:EA:1F:6F:3A:66:D7:23:91:74:68:A7:C1:DC
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A9169BE6C78C500C8A31E28E64DF6511C
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YKvd-MLf2uofbzpm1yORdGinwdw.roa
Signing time:             Mon 17 Nov 2025 10:43:37 +0000
ROA not before:           Mon 17 Nov 2025 10:43:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        81.18.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:91:69:be:6c:78:c5:00:c8:a3:1e:28:e6:4d:f6:51:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Nov 17 10:43:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60abddf8c2dfdaea1f6f3a66d723917468a7c1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b0:7d:31:00:a7:1e:8f:ab:8a:1b:16:af:dd:
                    c3:c8:7f:74:b3:4e:ee:ca:c7:b5:98:de:cb:7b:91:
                    b2:42:88:42:d6:96:84:b8:c1:ab:76:eb:58:f8:27:
                    71:7c:0e:91:97:f5:93:84:d2:73:24:b9:df:72:b5:
                    47:80:94:86:0d:53:08:0c:7d:39:cc:31:a5:53:a7:
                    f3:1a:6b:eb:bc:08:94:1c:e0:a9:6a:94:2f:ec:e9:
                    a6:a1:aa:03:85:4a:a7:44:fd:88:9d:04:d0:c0:59:
                    45:d6:7c:a5:d5:fe:29:50:c8:03:1a:44:e8:40:17:
                    f3:7d:c2:96:e7:c7:cf:60:04:55:cf:03:8e:c1:ee:
                    5a:4e:c2:1c:1d:bb:db:b7:69:f3:0a:24:e3:3f:32:
                    cb:15:50:17:d2:2f:b4:83:09:2c:bf:c8:44:be:cb:
                    61:db:7a:6e:77:a1:0b:38:e1:77:75:e5:03:42:73:
                    1e:aa:50:8d:78:bc:74:d7:cc:87:e2:47:5a:80:37:
                    bb:e2:4c:0f:71:ee:0e:d7:cf:cc:c8:90:f6:72:02:
                    10:7f:5a:19:98:d7:4f:7c:8f:04:35:c8:25:6f:ee:
                    39:22:72:6c:95:ab:ae:c2:38:7a:eb:13:5f:42:4c:
                    dc:98:d7:06:2c:36:ab:a5:e7:f8:66:fd:98:86:ce:
                    9d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AB:DD:F8:C2:DF:DA:EA:1F:6F:3A:66:D7:23:91:74:68:A7:C1:DC
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/YKvd-MLf2uofbzpm1yORdGinwdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:22:a0:04:7d:b2:c5:c9:a8:5b:de:dd:04:65:de:73:ec:fc:
         b7:82:5b:e1:48:ac:ad:ec:f3:4e:d8:58:2a:78:83:9a:66:f8:
         81:33:d1:93:28:c1:af:e8:fa:9f:28:5d:d3:9b:10:c5:9c:6f:
         ec:a9:00:76:f3:a4:33:ed:c5:53:9a:1e:c6:b0:c2:05:f3:d4:
         30:a3:8f:58:fb:41:a2:b6:87:4f:c0:bb:e7:99:d0:67:bd:ce:
         0c:9e:ca:5c:db:f3:6d:00:82:ae:3e:7c:02:39:ae:27:2a:1b:
         8d:69:b2:d6:cb:14:a3:6e:39:06:e7:ca:cd:80:b2:55:d5:3c:
         0f:50:23:64:d0:ce:1b:2d:a3:ec:e8:3a:d4:45:5b:94:48:b7:
         f5:97:02:99:5d:ba:5f:9d:a0:3f:70:83:94:88:6b:17:49:f5:
         15:59:1e:4c:f3:e2:42:f5:ee:8c:d4:8a:4e:b4:05:b5:4e:e2:
         c1:2a:84:fa:73:38:19:a9:f9:90:14:66:8e:32:65:92:72:be:
         b0:9d:0e:70:6e:00:7f:a4:5a:e4:47:18:d1:ad:67:8c:53:76:
         9b:19:03:19:9b:d1:14:6e:d0:3f:17:bc:8a:68:6a:73:a0:fb:
         4f:2d:b2:8f:e9:ff:7f:ab:dd:64:bd:40:ae:af:be:63:04:cf:
         08:3c:4a:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqRab5seMUAyKMeKOZN9lEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMTE3MTA0MzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFiZGRmOGMyZGZkYWVhMWY2ZjNhNjZkNzIzOTE3NDY4YTdjMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7B9MQCnHo+rihsWr93DyH90s07u
yse1mN7Le5GyQohC1paEuMGrdutY+CdxfA6Rl/WThNJzJLnfcrVHgJSGDVMIDH05
zDGlU6fzGmvrvAiUHOCpapQv7OmmoaoDhUqnRP2InQTQwFlF1nyl1f4pUMgDGkTo
QBfzfcKW58fPYARVzwOOwe5aTsIcHbvbt2nzCiTjPzLLFVAX0i+0gwksv8hEvsth
23pud6ELOOF3deUDQnMeqlCNeLx018yH4kdagDe74kwPce4O18/MyJD2cgIQf1oZ
mNdPfI8ENcglb+45InJslauuwjh66xNfQkzcmNcGLDarpef4Zv2Yhs6dGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCr3fjC39rqH286ZtcjkXRop8HcMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWUt2ZC1NTGYydW9mYnpwbTF5T1JkR2lud2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURIwMA0G
CSqGSIb3DQEBCwUAA4IBAQAoIqAEfbLFyahb3t0EZd5z7Py3glvhSKyt7PNO2Fgq
eIOaZviBM9GTKMGv6PqfKF3TmxDFnG/sqQB286Qz7cVTmh7GsMIF89Qwo49Y+0Gi
todPwLvnmdBnvc4Mnspc2/NtAIKuPnwCOa4nKhuNabLWyxSjbjkG58rNgLJV1TwP
UCNk0M4bLaPs6DrURVuUSLf1lwKZXbpfnaA/cIOUiGsXSfUVWR5M8+JC9e6M1IpO
tAW1TuLBKoT6czgZqfmQFGaOMmWScr6wnQ5wbgB/pFrkRxjRrWeMU3abGQMZm9EU
btA/F7yKaGpzoPtPLbKP6f9/q91kvUCur75jBM8IPErX
-----END CERTIFICATE-----