This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/YuHJmYFCnAz2SSKMxUmvTY991CE.roa
File:                     YuHJmYFCnAz2SSKMxUmvTY991CE.roa (raw, json)
Hash identifier:          TOD8ARSMl4ubAqj2aurWlfEhx3SyaroxCxGERNtBcZQ=
Subject key identifier:   62:E1:C9:99:81:42:9C:0C:F6:49:22:8C:C5:49:AF:4D:8F:7D:D4:21
Certificate issuer:       /CN=868256ae34e54526c5b25aac2b9d5f5fa87d061e
Certificate serial:       019B7910B6034B672095D0D8D68075F2C8C6
Authority key identifier: 86:82:56:AE:34:E5:45:26:C5:B2:5A:AC:2B:9D:5F:5F:A8:7D:06:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/YuHJmYFCnAz2SSKMxUmvTY991CE.roa
Signing time:             Thu 01 Jan 2026 10:18:16 +0000
ROA not before:           Thu 01 Jan 2026 10:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39809
IP address blocks:        195.170.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:b6:03:4b:67:20:95:d0:d8:d6:80:75:f2:c8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=868256ae34e54526c5b25aac2b9d5f5fa87d061e
        Validity
            Not Before: Jan  1 10:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62e1c99981429c0cf649228cc549af4d8f7dd421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:33:40:5d:90:c8:a4:cd:6b:52:b1:72:0d:7c:
                    7b:f4:4e:96:bc:1a:14:10:cf:13:aa:1a:3b:01:b1:
                    19:c8:2b:f4:3f:24:a2:f4:9e:bc:55:4e:40:dc:4e:
                    73:f1:b4:c4:e9:94:af:3b:b6:ad:d5:2e:b9:93:bc:
                    b1:bf:e4:85:1e:03:6f:5d:f9:5c:2b:e1:10:42:a4:
                    30:6e:fc:e4:43:10:46:bf:6f:cb:5b:e3:a6:84:8f:
                    02:ec:7b:61:eb:0e:8e:1f:3b:be:6d:41:bc:3d:30:
                    6f:b5:df:d9:ad:66:57:5c:79:53:44:f4:83:ac:59:
                    4c:78:64:8f:fa:46:e1:49:21:8e:05:5a:c2:e3:5a:
                    24:91:27:86:a5:0b:34:e9:6a:50:1c:20:fc:49:de:
                    8c:dc:8b:d0:67:8a:ab:25:de:8e:2c:97:e0:26:1b:
                    93:59:67:c1:6c:db:a5:a0:ec:01:b3:8b:f6:df:50:
                    7d:91:fb:cd:b3:2a:ef:80:35:ce:97:0a:9b:cd:68:
                    0b:4e:0e:cc:6e:6b:3b:10:9a:40:66:42:59:03:9f:
                    6e:bb:1b:2c:6a:63:b0:dc:fc:57:ab:0e:56:44:6b:
                    b5:8b:ff:b1:df:0c:5a:07:34:8a:f0:f4:1d:3c:c7:
                    6e:ef:37:81:fd:39:e0:75:01:e4:69:2b:d9:3d:88:
                    8c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E1:C9:99:81:42:9C:0C:F6:49:22:8C:C5:49:AF:4D:8F:7D:D4:21
            X509v3 Authority Key Identifier:
                keyid:86:82:56:AE:34:E5:45:26:C5:B2:5A:AC:2B:9D:5F:5F:A8:7D:06:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/YuHJmYFCnAz2SSKMxUmvTY991CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:17:6c:1b:f5:b9:b7:3c:3b:d7:18:6b:11:a5:f5:dc:8a:6d:
         24:b9:50:41:6b:d3:98:0d:09:af:a2:e8:5f:0a:37:12:e8:ee:
         32:80:71:9c:30:eb:6a:8d:35:18:fd:0c:cf:a7:f2:db:00:f2:
         da:e2:e6:78:e9:77:e1:0f:68:44:c0:a2:b4:15:a7:3d:27:50:
         cc:2f:5c:c0:49:74:9a:c1:bc:cd:3d:1e:28:c2:e9:30:01:90:
         b3:c2:d4:f1:8d:f2:c2:3e:f8:8c:2e:66:f7:dc:2d:16:c4:65:
         03:72:cc:f2:6f:9d:5a:b3:9d:d7:c1:32:d0:a1:94:ab:25:b7:
         c5:28:94:59:95:b6:3d:af:40:de:00:98:1f:46:77:d4:92:04:
         ae:e8:e5:c0:84:d3:eb:1b:2e:53:a3:75:ce:50:75:1a:e0:2e:
         3d:af:c4:f1:98:00:5d:81:26:47:dd:47:20:79:86:77:6f:4d:
         21:38:af:c3:ff:fa:64:9e:20:c3:3d:64:0d:4a:ca:de:2c:c4:
         f2:3a:57:f8:e7:d2:66:dd:38:a6:c3:05:6d:0b:64:b1:8e:c4:
         a9:8f:2e:50:46:9d:f8:43:35:35:fc:23:c9:30:d7:13:d4:66:
         1b:b7:5c:ff:75:4e:2d:23:0e:7a:4f:19:be:61:8b:79:5f:d3:
         5c:87:69:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ELYDS2cgldDY1oB18sjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ODI1NmFlMzRlNTQ1MjZjNWIyNWFhYzJiOWQ1ZjVmYTg3
ZDA2MWUwHhcNMjYwMTAxMTAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmUxYzk5OTgxNDI5YzBjZjY0OTIyOGNjNTQ5YWY0ZDhmN2RkNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zNAXZDIpM1rUrFyDXx79E6WvBoU
EM8Tqho7AbEZyCv0PySi9J68VU5A3E5z8bTE6ZSvO7at1S65k7yxv+SFHgNvXflc
K+EQQqQwbvzkQxBGv2/LW+OmhI8C7Hth6w6OHzu+bUG8PTBvtd/ZrWZXXHlTRPSD
rFlMeGSP+kbhSSGOBVrC41okkSeGpQs06WpQHCD8Sd6M3IvQZ4qrJd6OLJfgJhuT
WWfBbNuloOwBs4v231B9kfvNsyrvgDXOlwqbzWgLTg7Mbms7EJpAZkJZA59uuxss
amOw3PxXqw5WRGu1i/+x3wxaBzSK8PQdPMdu7zeB/TngdQHkaSvZPYiMCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLhyZmBQpwM9kkijMVJr02PfdQhMB8GA1UdIwQY
MBaAFIaCVq405UUmxbJarCudX1+ofQYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG9KV3JqVGxSU2JGc2xxc0s1MWZYNmg5Qmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YjI5NmEtZmQwMy00YWZhLWJjZDIt
Y2JmNjA3MDBlYjkyLzEvWXVISm1ZRkNuQXoyU1NLTXhVbXZUWTk5MUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YjI5NmEtZmQwMy00YWZhLWJjZDItY2JmNjA3MDBlYjky
LzEvaG9KV3JqVGxSU2JGc2xxc0s1MWZYNmg5Qmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qhMA0G
CSqGSIb3DQEBCwUAA4IBAQA6F2wb9bm3PDvXGGsRpfXcim0kuVBBa9OYDQmvouhf
CjcS6O4ygHGcMOtqjTUY/QzPp/LbAPLa4uZ46XfhD2hEwKK0Fac9J1DML1zASXSa
wbzNPR4owukwAZCzwtTxjfLCPviMLmb33C0WxGUDcszyb51as53XwTLQoZSrJbfF
KJRZlbY9r0DeAJgfRnfUkgSu6OXAhNPrGy5To3XOUHUa4C49r8TxmABdgSZH3Ucg
eYZ3b00hOK/D//pkniDDPWQNSsreLMTyOlf459Jm3TimwwVtC2SxjsSpjy5QRp34
QzU1/CPJMNcT1GYbt1z/dU4tIw56Txm+YYt5X9Nch2mm
-----END CERTIFICATE-----