This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/lYK_65AKlFPw1-t6tjg4pQYtXHY.roa
File:                     lYK_65AKlFPw1-t6tjg4pQYtXHY.roa (raw, json)
Hash identifier:          VCWprxMwmjsHW4IsRUv/igV1kqqp3MMJUQXFePAz+0s=
Subject key identifier:   95:82:BF:EB:90:0A:94:53:F0:D7:EB:7A:B6:38:38:A5:06:2D:5C:76
Certificate issuer:       /CN=815fc22125726256d6a35f3da28f7513dd31c1fe
Certificate serial:       019B7C80890A7B18558B7FB11A0E0B15A352
Authority key identifier: 81:5F:C2:21:25:72:62:56:D6:A3:5F:3D:A2:8F:75:13:DD:31:C1:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/lYK_65AKlFPw1-t6tjg4pQYtXHY.roa
Signing time:             Fri 02 Jan 2026 02:19:17 +0000
ROA not before:           Fri 02 Jan 2026 02:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.20.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 05:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:89:0a:7b:18:55:8b:7f:b1:1a:0e:0b:15:a3:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=815fc22125726256d6a35f3da28f7513dd31c1fe
        Validity
            Not Before: Jan  2 02:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9582bfeb900a9453f0d7eb7ab63838a5062d5c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:44:55:21:cd:8b:b3:cd:9b:de:fa:5f:5b:e0:
                    01:ff:7f:37:db:d5:9f:23:05:cf:fc:e6:af:93:c1:
                    9a:69:72:21:65:28:24:87:de:75:da:32:b7:29:88:
                    7d:85:88:90:bd:2e:d0:e2:6b:14:20:d8:e4:91:a0:
                    cc:8d:ef:b8:d5:94:91:52:5b:91:89:0c:b9:50:6e:
                    a6:d6:a0:d1:4c:62:06:88:7a:eb:d8:21:82:61:15:
                    0c:6e:1b:85:d3:18:f4:e6:88:1b:1c:56:72:10:a5:
                    37:4e:b1:7f:60:cb:37:2f:58:c5:7e:60:db:41:75:
                    97:54:7b:ad:b5:33:6e:e4:ce:d5:ff:5f:ae:66:c7:
                    86:94:c1:6f:94:95:b0:c7:12:f8:47:64:23:24:17:
                    86:6b:94:16:0d:97:ef:7b:cc:16:1d:eb:a5:66:7b:
                    17:df:d8:9f:5d:96:5a:0e:10:cc:24:a5:a9:1f:6f:
                    2d:e3:de:45:ec:7f:d2:ac:a6:b7:10:07:80:e0:3b:
                    af:04:32:94:b5:9b:3e:b0:51:3d:96:8b:3f:a8:b1:
                    06:26:4e:26:c9:b0:a6:61:3e:35:92:81:fc:19:e5:
                    e5:ac:0a:d6:8d:15:d2:ee:b9:05:59:77:e1:fd:74:
                    8f:0c:02:61:e4:e9:7e:e0:2c:db:aa:7a:5b:57:aa:
                    e4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:82:BF:EB:90:0A:94:53:F0:D7:EB:7A:B6:38:38:A5:06:2D:5C:76
            X509v3 Authority Key Identifier:
                keyid:81:5F:C2:21:25:72:62:56:D6:A3:5F:3D:A2:8F:75:13:DD:31:C1:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/lYK_65AKlFPw1-t6tjg4pQYtXHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:6d:12:bd:f9:b9:c0:02:fb:b6:da:7d:aa:f5:2b:48:bd:88:
         85:35:51:09:1d:8a:c1:e3:77:bb:02:66:f1:f9:f8:f7:d2:b5:
         aa:2c:e5:14:46:e8:52:cf:69:54:ad:9b:2c:43:38:cb:ae:3a:
         58:ea:96:2f:a2:4c:4b:67:c3:b9:1f:5a:d2:11:4a:4c:ec:73:
         e8:01:3c:8b:a4:62:4b:13:a8:a2:60:ab:0e:18:d4:cf:a1:6e:
         e9:bf:b2:df:93:d8:86:44:96:50:ef:31:0f:43:56:95:12:d2:
         07:0b:52:99:b5:1f:20:49:b1:db:77:bb:9c:ca:6a:f1:22:dd:
         d5:14:a3:12:55:60:27:be:29:94:2e:3f:c7:63:90:8d:d9:14:
         8a:a5:4c:56:e7:4d:25:1f:dd:b7:aa:d6:c0:49:d7:6d:46:26:
         c3:e4:7d:46:95:21:f9:cb:fd:7c:54:ae:b7:7f:c1:d7:35:e5:
         58:59:ed:85:03:d5:79:f6:3c:4d:c3:7e:59:88:51:74:e6:6a:
         f2:0c:5f:14:04:9f:a7:71:fc:bc:15:04:2c:a9:34:31:22:7a:
         05:66:86:ab:d1:7f:eb:23:0f:9e:44:b2:df:d1:b1:23:52:8f:
         89:3e:71:df:17:d4:e4:68:3d:9b:f1:1d:3b:26:b6:e3:7a:25:
         04:2c:7a:76
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8gIkKexhVi3+xGg4LFaNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNWZjMjIxMjU3MjYyNTZkNmEzNWYzZGEyOGY3NTEzZGQz
MWMxZmUwHhcNMjYwMTAyMDIxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTgyYmZlYjkwMGE5NDUzZjBkN2ViN2FiNjM4MzhhNTA2MmQ1Yzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ERVIc2Ls82b3vpfW+AB/38329Wf
IwXP/Oavk8GaaXIhZSgkh9512jK3KYh9hYiQvS7Q4msUINjkkaDMje+41ZSRUluR
iQy5UG6m1qDRTGIGiHrr2CGCYRUMbhuF0xj05ogbHFZyEKU3TrF/YMs3L1jFfmDb
QXWXVHuttTNu5M7V/1+uZseGlMFvlJWwxxL4R2QjJBeGa5QWDZfve8wWHeulZnsX
39ifXZZaDhDMJKWpH28t495F7H/SrKa3EAeA4DuvBDKUtZs+sFE9los/qLEGJk4m
ybCmYT41koH8GeXlrArWjRXS7rkFWXfh/XSPDAJh5Ol+4CzbqnpbV6rkUwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJWCv+uQCpRT8NfrerY4OKUGLVx2MB8GA1UdIwQY
MBaAFIFfwiElcmJW1qNfPaKPdRPdMcH+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ZfQ0lTVnlZbGJXbzE4OW9vOTFFOTB4d2Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9iM2M4YTYtZTMyZS00NzAwLWI1ZWQt
NmE5OTRlNWVjNDcyLzEvbFlLXzY1QUtsRlB3MS10NnRqZzRwUVl0WEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9iM2M4YTYtZTMyZS00NzAwLWI1ZWQtNmE5OTRlNWVjNDcy
LzEvZ1ZfQ0lTVnlZbGJXbzE4OW9vOTFFOTB4d2Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjRQwDQYJ
KoZIhvcNAQELBQADggEBAJdtEr35ucAC+7bafar1K0i9iIU1UQkdisHjd7sCZvH5
+PfStaos5RRG6FLPaVStmyxDOMuuOljqli+iTEtnw7kfWtIRSkzsc+gBPIukYksT
qKJgqw4Y1M+hbum/st+T2IZEllDvMQ9DVpUS0gcLUpm1HyBJsdt3u5zKavEi3dUU
oxJVYCe+KZQuP8djkI3ZFIqlTFbnTSUf3beq1sBJ121GJsPkfUaVIfnL/XxUrrd/
wdc15VhZ7YUD1Xn2PE3DflmIUXTmavIMXxQEn6dx/LwVBCypNDEiegVmhqvRf+sj
D55Est/RsSNSj4k+cd8X1ORoPZvxHTsmtuN6JQQsenY=
-----END CERTIFICATE-----