This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/YR3MJhayMOIcEgDa7WoFB8LAJdE.roa
File:                     YR3MJhayMOIcEgDa7WoFB8LAJdE.roa (raw, json)
Hash identifier:          DbVHQlQH+oPthovWmJ2MpgFJQxLVITiApa5PfX6MwT0=
Subject key identifier:   61:1D:CC:26:16:B2:30:E2:1C:12:00:DA:ED:6A:05:07:C2:C0:25:D1
Certificate issuer:       /CN=896c634675f17bf6a4f35fa18bb855601a18a5b5
Certificate serial:       019B797F1EB11EAB9896CACF4FF99F63B486
Authority key identifier: 89:6C:63:46:75:F1:7B:F6:A4:F3:5F:A1:8B:B8:55:60:1A:18:A5:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWxjRnXxe_ak81-hi7hVYBoYpbU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/YR3MJhayMOIcEgDa7WoFB8LAJdE.roa
Signing time:             Thu 01 Jan 2026 12:18:52 +0000
ROA not before:           Thu 01 Jan 2026 12:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210844
IP address blocks:        185.241.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/iWxjRnXxe_ak81-hi7hVYBoYpbU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/iWxjRnXxe_ak81-hi7hVYBoYpbU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWxjRnXxe_ak81-hi7hVYBoYpbU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:1e:b1:1e:ab:98:96:ca:cf:4f:f9:9f:63:b4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896c634675f17bf6a4f35fa18bb855601a18a5b5
        Validity
            Not Before: Jan  1 12:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=611dcc2616b230e21c1200daed6a0507c2c025d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:af:0c:aa:c1:b9:b1:f3:90:9b:25:a8:9b:80:
                    f1:81:29:70:18:b8:15:ce:b0:fa:d9:e0:87:48:8f:
                    6e:48:c6:d9:3f:77:0c:4d:1b:7b:46:73:8b:02:b1:
                    9e:f1:da:dd:21:e8:5b:29:52:db:89:6c:0a:dd:64:
                    00:28:02:05:a5:bc:ac:a9:d2:3e:b7:9d:87:00:e9:
                    c4:ce:9a:bc:6e:cd:bd:2e:5a:e2:75:d9:2b:14:d6:
                    9e:5e:d5:b2:e7:e8:3a:02:7f:b3:28:4e:54:9f:7e:
                    b2:7a:f0:4b:df:13:0f:81:e3:dd:67:f2:3c:b5:a1:
                    35:43:db:6a:b2:37:36:47:28:c3:cb:78:dc:68:cb:
                    38:30:c2:0d:94:76:52:f0:50:4c:97:01:0b:c1:4e:
                    66:8e:9a:55:67:77:1d:3d:88:08:44:38:1d:f1:83:
                    8f:2d:ae:c0:c8:07:08:75:a4:e7:2b:99:c2:97:a4:
                    91:68:78:a8:df:60:15:46:26:be:be:f7:5d:25:07:
                    1c:33:5b:20:6c:15:f7:d9:88:9e:e3:9e:40:c7:62:
                    f2:0f:f5:87:67:88:e8:08:e7:56:2d:3d:f9:d2:30:
                    c0:e3:b3:e6:e6:a5:a9:84:84:9e:b4:0a:64:7a:6b:
                    a9:cb:75:a3:1f:22:57:b1:73:d9:9e:b2:f3:4c:6c:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1D:CC:26:16:B2:30:E2:1C:12:00:DA:ED:6A:05:07:C2:C0:25:D1
            X509v3 Authority Key Identifier:
                keyid:89:6C:63:46:75:F1:7B:F6:A4:F3:5F:A1:8B:B8:55:60:1A:18:A5:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWxjRnXxe_ak81-hi7hVYBoYpbU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/YR3MJhayMOIcEgDa7WoFB8LAJdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f45c5c-b645-4be4-a74c-320e1459a40a/1/iWxjRnXxe_ak81-hi7hVYBoYpbU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:ac:9e:c2:7d:13:bf:15:f1:87:cd:f5:04:88:e6:81:1b:d2:
         8d:53:51:66:f6:d5:aa:f6:ee:1d:c9:b5:1f:a6:a7:e3:cf:b4:
         8f:32:ee:a8:9c:bb:fa:de:a4:45:51:f0:b4:91:ab:4b:a8:c5:
         dd:c6:0f:75:e8:8a:27:4b:75:9d:80:a6:4d:46:92:81:ca:c5:
         ac:3d:a5:de:47:15:5d:be:0d:d2:7d:d2:40:87:b2:b2:16:ce:
         2c:b2:c8:c5:64:26:77:66:15:7c:45:89:ba:cb:a7:ac:1b:6f:
         db:20:c9:6e:dc:39:1d:5e:ba:05:c6:d9:e4:11:ba:35:bc:95:
         ca:96:37:fe:65:10:36:83:96:09:7d:0d:ed:54:20:ce:02:3f:
         89:78:f6:bb:08:4f:ef:b2:79:3f:63:e7:83:55:c0:84:49:84:
         95:34:98:eb:b7:f5:bc:18:9b:05:51:6d:bf:bc:78:3a:59:62:
         3f:eb:a9:54:75:28:eb:bd:ca:40:48:87:48:70:30:74:8e:3e:
         f9:ae:70:1a:16:8b:c6:51:57:6f:e0:27:b1:95:44:63:4b:8e:
         9a:b3:91:1a:bb:b6:dd:66:b7:31:8c:ef:14:a0:99:17:27:45:
         09:ba:9f:b8:15:44:e7:84:12:5c:96:a2:a9:6a:de:82:6a:78:
         13:42:54:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fx6xHquYlsrPT/mfY7SGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmM2MzQ2NzVmMTdiZjZhNGYzNWZhMThiYjg1NTYwMWEx
OGE1YjUwHhcNMjYwMTAxMTIxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFkY2MyNjE2YjIzMGUyMWMxMjAwZGFlZDZhMDUwN2MyYzAyNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9K8MqsG5sfOQmyWom4DxgSlwGLgV
zrD62eCHSI9uSMbZP3cMTRt7RnOLArGe8drdIehbKVLbiWwK3WQAKAIFpbysqdI+
t52HAOnEzpq8bs29LlriddkrFNaeXtWy5+g6An+zKE5Un36yevBL3xMPgePdZ/I8
taE1Q9tqsjc2RyjDy3jcaMs4MMINlHZS8FBMlwELwU5mjppVZ3cdPYgIRDgd8YOP
La7AyAcIdaTnK5nCl6SRaHio32AVRia+vvddJQccM1sgbBX32Yie455Ax2LyD/WH
Z4joCOdWLT350jDA47Pm5qWphISetApkemupy3WjHyJXsXPZnrLzTGwrTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEdzCYWsjDiHBIA2u1qBQfCwCXRMB8GA1UdIwQY
MBaAFIlsY0Z18Xv2pPNfoYu4VWAaGKW1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVd4alJuWHhlX2FrODEtaGk3aFZZQm9ZcGJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mNDVjNWMtYjY0NS00YmU0LWE3NGMt
MzIwZTE0NTlhNDBhLzEvWVIzTUpoYXlNT0ljRWdEYTdXb0ZCOExBSmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mNDVjNWMtYjY0NS00YmU0LWE3NGMtMzIwZTE0NTlhNDBh
LzEvaVd4alJuWHhlX2FrODEtaGk3aFZZQm9ZcGJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufE+MA0G
CSqGSIb3DQEBCwUAA4IBAQAurJ7CfRO/FfGHzfUEiOaBG9KNU1Fm9tWq9u4dybUf
pqfjz7SPMu6onLv63qRFUfC0katLqMXdxg916IonS3WdgKZNRpKBysWsPaXeRxVd
vg3SfdJAh7KyFs4sssjFZCZ3ZhV8RYm6y6esG2/bIMlu3DkdXroFxtnkEbo1vJXK
ljf+ZRA2g5YJfQ3tVCDOAj+JePa7CE/vsnk/Y+eDVcCESYSVNJjrt/W8GJsFUW2/
vHg6WWI/66lUdSjrvcpASIdIcDB0jj75rnAaFovGUVdv4CexlURjS46as5Eau7bd
ZrcxjO8UoJkXJ0UJup+4FUTnhBJclqKpat6CangTQlQg
-----END CERTIFICATE-----