This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ygWs-sHzivtfoMPPnMV6aV1UCv4.roa
File:                     ygWs-sHzivtfoMPPnMV6aV1UCv4.roa (raw, json)
Hash identifier:          KjRCKq03kFFE3PyzvTA3OcOazG7q6LPfF+mD7puBZ4o=
Subject key identifier:   CA:05:AC:FA:C1:F3:8A:FB:5F:A0:C3:CF:9C:C5:7A:69:5D:54:0A:FE
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019B7E37F3B2AA2480EB4418E646C1B36F87
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ygWs-sHzivtfoMPPnMV6aV1UCv4.roa
Signing time:             Fri 02 Jan 2026 10:19:14 +0000
ROA not before:           Fri 02 Jan 2026 10:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12693
IP address blocks:        153.96.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f3:b2:aa:24:80:eb:44:18:e6:46:c1:b3:6f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 10:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca05acfac1f38afb5fa0c3cf9cc57a695d540afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8e:99:9c:4a:92:18:c1:f1:1a:cc:45:11:51:
                    c8:a7:59:c8:9f:46:b2:2c:3c:b4:e1:f6:b0:84:b2:
                    7c:58:2c:49:a2:71:5e:c6:0f:bd:c6:48:74:7c:83:
                    77:a2:5d:4a:5e:1a:05:bb:6b:20:c6:a2:c7:94:48:
                    db:75:ef:26:83:fe:2f:0f:22:60:d8:b0:05:a7:3e:
                    76:c1:cd:04:5a:2d:bc:46:d4:92:f2:07:71:79:41:
                    af:a4:eb:2b:f6:ef:47:60:1e:7d:6d:58:13:7d:c1:
                    94:9f:09:37:8d:ca:10:58:ec:47:1a:9a:3c:82:66:
                    4d:94:b7:9c:ac:dd:89:c1:89:7b:32:57:e1:90:3c:
                    de:09:b6:61:cb:3b:a7:93:55:7b:2d:6c:be:44:57:
                    d4:b4:b9:b2:63:43:a5:b1:2d:5b:9f:4b:ee:5c:d8:
                    a5:17:5c:b8:e5:cd:95:30:43:9b:e8:3e:10:22:7d:
                    7e:76:1f:ab:8e:11:4c:79:54:fe:7e:ff:91:84:ec:
                    a4:2e:36:4a:70:31:95:4d:be:93:85:c0:af:4e:1f:
                    bc:6d:a8:bc:31:c4:c6:f0:ac:23:02:d4:7d:b9:0c:
                    17:f8:a0:7f:5e:e5:d9:df:23:6f:19:d7:3f:af:64:
                    3e:09:83:c8:c1:d1:66:0f:62:e3:f9:ad:b7:fb:41:
                    99:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:05:AC:FA:C1:F3:8A:FB:5F:A0:C3:CF:9C:C5:7A:69:5D:54:0A:FE
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ygWs-sHzivtfoMPPnMV6aV1UCv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:0d:de:af:09:0a:16:64:4c:75:f5:b1:b8:65:b2:7a:1b:9c:
         f5:70:b8:26:68:8f:bc:02:1e:1f:47:9c:8d:4f:f7:95:59:bf:
         f4:09:14:1e:93:0e:ea:ff:68:c2:0b:52:60:8f:98:3c:24:f4:
         1e:ee:ba:03:c7:77:06:bf:00:93:88:4f:41:51:51:6b:5a:2a:
         1f:6f:13:e8:71:a1:b6:0e:af:f1:d0:63:8a:ac:d4:ed:a3:fc:
         98:5f:12:92:86:e1:fe:9f:7d:12:b6:7d:53:33:48:fe:b4:e1:
         b2:10:19:06:fe:5e:fc:33:79:08:aa:16:b6:a1:ba:ef:0f:1f:
         7b:d1:9f:55:29:5e:80:31:02:f4:c2:c1:2b:0c:fc:ff:67:71:
         96:a1:85:d9:7a:e3:ab:b8:32:6b:78:3a:b8:ef:ed:67:57:b2:
         0d:14:6c:68:57:11:56:46:91:f3:57:b1:62:d6:6a:3c:ca:70:
         6d:19:70:95:09:a8:f8:88:f0:83:c7:ba:75:8f:f4:3a:dd:29:
         85:21:ae:2a:aa:c8:12:11:a6:c5:9e:6c:75:18:ee:1a:e1:39:
         f5:cc:fd:43:b5:b8:91:16:ca:bc:95:3d:75:46:73:62:48:b8:
         df:55:20:c4:fa:48:43:ae:c4:02:41:c2:78:12:a6:98:9b:60:
         c4:00:fa:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N/OyqiSA60QY5kbBs2+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMTAyMTAxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA1YWNmYWMxZjM4YWZiNWZhMGMzY2Y5Y2M1N2E2OTVkNTQwYWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo6ZnEqSGMHxGsxFEVHIp1nIn0ay
LDy04fawhLJ8WCxJonFexg+9xkh0fIN3ol1KXhoFu2sgxqLHlEjbde8mg/4vDyJg
2LAFpz52wc0EWi28RtSS8gdxeUGvpOsr9u9HYB59bVgTfcGUnwk3jcoQWOxHGpo8
gmZNlLecrN2JwYl7MlfhkDzeCbZhyzunk1V7LWy+RFfUtLmyY0OlsS1bn0vuXNil
F1y45c2VMEOb6D4QIn1+dh+rjhFMeVT+fv+RhOykLjZKcDGVTb6ThcCvTh+8bai8
McTG8KwjAtR9uQwX+KB/XuXZ3yNvGdc/r2Q+CYPIwdFmD2Lj+a23+0GZywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoFrPrB84r7X6DDz5zFemldVAr+MB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEveWdXcy1zSHppdnRmb01QUG5NVjZhVjFVQ3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmWAqMA0G
CSqGSIb3DQEBCwUAA4IBAQAzDd6vCQoWZEx19bG4ZbJ6G5z1cLgmaI+8Ah4fR5yN
T/eVWb/0CRQekw7q/2jCC1Jgj5g8JPQe7roDx3cGvwCTiE9BUVFrWiofbxPocaG2
Dq/x0GOKrNTto/yYXxKShuH+n30Stn1TM0j+tOGyEBkG/l78M3kIqha2obrvDx97
0Z9VKV6AMQL0wsErDPz/Z3GWoYXZeuOruDJreDq47+1nV7INFGxoVxFWRpHzV7Fi
1mo8ynBtGXCVCaj4iPCDx7p1j/Q63SmFIa4qqsgSEabFnmx1GO4a4Tn1zP1DtbiR
Fsq8lT11RnNiSLjfVSDE+khDrsQCQcJ4EqaYm2DEAPr4
-----END CERTIFICATE-----