This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Yk0ojMxYl7E_O65ZuN0VuIZg0ks.roa
File:                     Yk0ojMxYl7E_O65ZuN0VuIZg0ks.roa (raw, json)
Hash identifier:          eae+r+XrI7VrmDAyzitfn/exKCqrhefXBbeg2ouIBtw=
Subject key identifier:   62:4D:28:8C:CC:58:97:B1:3F:3B:AE:59:B8:DD:15:B8:86:60:D2:4B
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B7A1FB895A82920A975DAB12D9D79B9A3
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Yk0ojMxYl7E_O65ZuN0VuIZg0ks.roa
Signing time:             Thu 01 Jan 2026 15:14:17 +0000
ROA not before:           Thu 01 Jan 2026 15:14:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     984
IP address blocks:        188.255.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:1f:b8:95:a8:29:20:a9:75:da:b1:2d:9d:79:b9:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 15:14:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=624d288ccc5897b13f3bae59b8dd15b88660d24b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:56:d6:0a:37:39:68:50:f0:cc:c5:20:aa:b7:
                    c2:2e:65:42:17:41:84:03:30:28:ee:70:53:22:ff:
                    03:81:19:1a:7e:20:d7:ab:76:d4:14:f1:45:ce:d5:
                    d3:fb:e3:48:19:bf:82:87:d0:8b:d6:86:c2:8d:f1:
                    d0:48:24:62:78:0a:0f:05:ce:32:35:f2:50:66:80:
                    ef:ee:14:31:08:d4:6c:5b:ad:8d:d0:66:86:31:37:
                    9c:92:54:33:d9:28:94:56:2d:c9:27:4a:c6:ef:5f:
                    4f:5b:66:91:75:e9:d2:dd:d0:5a:36:65:70:8e:4b:
                    c1:88:46:4f:fd:5a:df:15:8f:e0:e3:1b:06:5e:c1:
                    2c:7a:82:55:37:5d:b1:7e:f8:5a:40:36:4f:1a:5f:
                    66:8e:cc:ba:94:01:13:4e:94:4c:ef:cc:84:ed:f9:
                    07:e6:6d:42:6d:1a:4b:c2:7f:27:28:20:88:4f:f5:
                    86:90:01:a8:b9:22:36:e1:2d:ac:09:3f:53:16:04:
                    1a:8b:7c:e5:94:99:c0:34:cc:f3:38:6f:bf:9b:c5:
                    b5:b0:bf:5c:b0:60:4c:5f:bf:b5:7f:95:2e:e2:11:
                    f7:bc:39:79:07:86:11:10:fb:5b:a4:ff:7c:9e:f7:
                    54:28:55:f7:ce:b9:b1:08:8b:38:16:73:65:d2:e0:
                    2a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4D:28:8C:CC:58:97:B1:3F:3B:AE:59:B8:DD:15:B8:86:60:D2:4B
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Yk0ojMxYl7E_O65ZuN0VuIZg0ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ed:f5:5c:90:5b:47:31:e3:85:b5:c9:35:0f:f1:05:52:ee:
         ea:17:bb:8c:09:e3:98:a4:f4:b2:8a:d7:7e:2c:5e:31:28:65:
         fb:c3:fe:ce:6e:86:5a:82:ff:82:b0:46:85:c5:59:36:d7:04:
         c6:39:d0:bb:52:49:3d:68:75:ca:33:5a:03:71:7f:f9:56:1c:
         55:73:07:95:cc:82:86:cb:26:64:22:8d:06:01:bc:5f:fc:ad:
         50:6d:0f:3f:7a:fd:4e:d6:88:0b:72:0b:0c:b2:d7:3b:5c:2e:
         22:3d:db:07:29:94:c8:da:90:94:c9:b0:af:5a:fe:d7:7c:12:
         30:87:17:d8:38:a5:98:34:2e:f9:a2:26:3e:2c:f4:8f:f7:65:
         58:64:25:d5:a6:d4:00:24:f9:7b:18:f7:ad:06:47:b5:4d:a0:
         b7:1e:96:11:c6:dc:f6:7a:c5:22:bb:37:19:ae:cd:15:0b:36:
         f7:58:87:1a:b7:9f:d9:39:6e:eb:5c:8f:b1:88:20:c2:7f:94:
         d6:bd:b8:fc:22:1d:aa:91:9c:75:a0:2a:2b:23:0f:9b:d4:d3:
         00:59:12:a1:12:f6:27:7f:1e:17:bd:a4:d0:60:d6:b6:29:d0:
         a0:3d:20:41:1c:b6:12:5d:28:0c:ad:75:f7:36:f1:2e:d3:b3:
         ca:e2:64:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6H7iVqCkgqXXasS2debmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTAxMTUxNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRkMjg4Y2NjNTg5N2IxM2YzYmFlNTliOGRkMTViODg2NjBkMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklbWCjc5aFDwzMUgqrfCLmVCF0GE
AzAo7nBTIv8DgRkafiDXq3bUFPFFztXT++NIGb+Ch9CL1obCjfHQSCRieAoPBc4y
NfJQZoDv7hQxCNRsW62N0GaGMTecklQz2SiUVi3JJ0rG719PW2aRdenS3dBaNmVw
jkvBiEZP/VrfFY/g4xsGXsEseoJVN12xfvhaQDZPGl9mjsy6lAETTpRM78yE7fkH
5m1CbRpLwn8nKCCIT/WGkAGouSI24S2sCT9TFgQai3zllJnANMzzOG+/m8W1sL9c
sGBMX7+1f5Uu4hH3vDl5B4YREPtbpP98nvdUKFX3zrmxCIs4FnNl0uAqZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJNKIzMWJexPzuuWbjdFbiGYNJLMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWWswb2pNeFlsN0VfTzY1WnVOMFZ1SVpnMGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/jMA0G
CSqGSIb3DQEBCwUAA4IBAQAi7fVckFtHMeOFtck1D/EFUu7qF7uMCeOYpPSyitd+
LF4xKGX7w/7OboZagv+CsEaFxVk21wTGOdC7Ukk9aHXKM1oDcX/5VhxVcweVzIKG
yyZkIo0GAbxf/K1QbQ8/ev1O1ogLcgsMstc7XC4iPdsHKZTI2pCUybCvWv7XfBIw
hxfYOKWYNC75oiY+LPSP92VYZCXVptQAJPl7GPetBke1TaC3HpYRxtz2esUiuzcZ
rs0VCzb3WIcat5/ZOW7rXI+xiCDCf5TWvbj8Ih2qkZx1oCorIw+b1NMAWRKhEvYn
fx4XvaTQYNa2KdCgPSBBHLYSXSgMrXX3NvEu07PK4mRN
-----END CERTIFICATE-----