This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/LYTtAf3H_kyY7ENaa_s2xlDryvA.roa
File:                     LYTtAf3H_kyY7ENaa_s2xlDryvA.roa (raw, json)
Hash identifier:          qVqCrQfBkXTFFeCBC+csIaSWA9WFskDBhKnN7ZNtnUI=
Subject key identifier:   2D:84:ED:01:FD:C7:FE:4C:98:EC:43:5A:6B:FB:36:C6:50:EB:CA:F0
Certificate issuer:       /CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
Certificate serial:       019B7D5BF2DCADEB1CA489B8CB41514D52DF
Authority key identifier: 72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/LYTtAf3H_kyY7ENaa_s2xlDryvA.roa
Signing time:             Fri 02 Jan 2026 06:18:56 +0000
ROA not before:           Fri 02 Jan 2026 06:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16550
IP address blocks:        185.17.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 Jan 2026 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:f2:dc:ad:eb:1c:a4:89:b8:cb:41:51:4d:52:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
        Validity
            Not Before: Jan  2 06:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d84ed01fdc7fe4c98ec435a6bfb36c650ebcaf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:20:6b:09:8b:ee:ce:f1:20:27:21:38:2f:91:
                    35:e3:58:57:c9:bf:03:aa:8b:eb:fb:c5:33:ed:a4:
                    f2:35:6a:c9:85:ff:73:05:a0:6d:67:4b:08:de:09:
                    44:91:3a:d2:74:80:ac:10:34:2b:78:81:5e:32:5e:
                    0d:2c:f5:76:c9:c3:a8:d5:a0:ad:cd:16:5d:d1:0c:
                    4b:55:da:83:47:e6:c7:d0:1c:70:9f:fb:5a:d2:49:
                    84:af:b3:c7:43:2a:03:e9:0a:b3:ed:75:9b:42:20:
                    fe:48:86:09:02:12:5d:1c:78:03:4d:01:ba:1f:d8:
                    f9:be:f2:fb:62:8e:26:82:b5:9f:b6:cd:25:ea:26:
                    91:c1:44:85:a3:f9:88:63:18:2f:d5:69:65:78:58:
                    49:43:b8:b2:25:9d:e7:9f:f3:98:e7:ec:3f:ce:66:
                    2b:50:03:7f:de:06:a1:00:c8:ba:d2:06:c3:27:ea:
                    67:8d:31:35:0f:7a:98:9b:f0:5f:23:a4:ee:89:7d:
                    42:9f:c5:47:3e:2e:1b:c1:c6:49:b9:be:81:76:7e:
                    81:0e:14:e3:c8:be:b3:9e:a5:99:c7:f2:2d:ab:04:
                    1e:36:f6:23:72:a7:1e:1f:f3:0f:46:a4:bd:91:20:
                    92:b6:21:7f:89:a1:f5:c8:42:aa:55:29:5b:c0:b0:
                    82:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:84:ED:01:FD:C7:FE:4C:98:EC:43:5A:6B:FB:36:C6:50:EB:CA:F0
            X509v3 Authority Key Identifier:
                keyid:72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/LYTtAf3H_kyY7ENaa_s2xlDryvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:d4:fa:53:eb:83:9c:01:ea:c3:23:6f:c4:3a:b6:6e:ec:4f:
         f3:56:f5:10:a5:dc:a1:ab:f2:a1:8a:40:ba:d1:29:ca:aa:92:
         6a:d7:01:ba:0c:1f:11:4b:4f:19:22:9c:ed:9e:c0:a6:e7:3c:
         d4:67:11:8f:1a:cd:16:d0:6a:6a:fd:fb:90:0d:79:6d:2e:78:
         e7:2d:42:b9:80:70:25:c9:81:6d:d8:9c:59:96:c5:a6:2b:38:
         20:68:ef:3f:42:10:bd:a7:e8:89:a8:aa:7a:1d:d1:ae:c4:a3:
         e4:78:3d:49:78:47:1e:3b:b2:42:62:64:50:76:d5:6f:71:eb:
         0e:a7:d4:67:c8:57:e4:fd:2d:24:58:35:67:94:12:7d:f7:2d:
         3a:5b:0f:b0:97:58:b3:90:20:f0:af:fc:8a:bd:7b:ef:4b:7b:
         57:cb:99:8b:e8:91:6b:da:c4:62:6d:3c:92:1a:58:4e:e5:e3:
         4d:1c:3e:15:e1:9d:f9:d9:84:bc:d8:7e:f7:d8:d4:26:3f:3f:
         02:b8:57:f1:ee:f7:6c:ba:a5:1c:7c:f0:0b:15:cc:4e:f6:2b:
         e1:db:1b:19:54:5f:41:36:41:ef:94:70:66:bd:e9:49:b9:0a:
         fd:cd:87:e2:9e:7a:4b:8f:c5:88:08:c4:5b:3c:91:31:3c:07:
         7b:82:2c:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/LcrescpIm4y0FRTVLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmJkMmZhMTgzMTk2MzllMjVmZmJmNGJkYmZhMDA4NjYw
MTU4YWUwHhcNMjYwMTAyMDYxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg0ZWQwMWZkYzdmZTRjOThlYzQzNWE2YmZiMzZjNjUwZWJjYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyBrCYvuzvEgJyE4L5E141hXyb8D
qovr+8Uz7aTyNWrJhf9zBaBtZ0sI3glEkTrSdICsEDQreIFeMl4NLPV2ycOo1aCt
zRZd0QxLVdqDR+bH0Bxwn/ta0kmEr7PHQyoD6Qqz7XWbQiD+SIYJAhJdHHgDTQG6
H9j5vvL7Yo4mgrWfts0l6iaRwUSFo/mIYxgv1WlleFhJQ7iyJZ3nn/OY5+w/zmYr
UAN/3gahAMi60gbDJ+pnjTE1D3qYm/BfI6TuiX1Cn8VHPi4bwcZJub6Bdn6BDhTj
yL6znqWZx/ItqwQeNvYjcqceH/MPRqS9kSCStiF/iaH1yEKqVSlbwLCCKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2E7QH9x/5MmOxDWmv7NsZQ68rwMB8GA1UdIwQY
MBaAFHK70voYMZY54l/79L2/oAhmAViuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgt
MGFmMmU1NDE2NDZjLzEvTFlUdEFmM0hfa3lZN0VOYWFfczJ4bERyeXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgtMGFmMmU1NDE2NDZj
LzEvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRH4MA0G
CSqGSIb3DQEBCwUAA4IBAQBp1PpT64OcAerDI2/EOrZu7E/zVvUQpdyhq/KhikC6
0SnKqpJq1wG6DB8RS08ZIpztnsCm5zzUZxGPGs0W0Gpq/fuQDXltLnjnLUK5gHAl
yYFt2JxZlsWmKzggaO8/QhC9p+iJqKp6HdGuxKPkeD1JeEceO7JCYmRQdtVvcesO
p9RnyFfk/S0kWDVnlBJ99y06Ww+wl1izkCDwr/yKvXvvS3tXy5mL6JFr2sRibTyS
GlhO5eNNHD4V4Z352YS82H732NQmPz8CuFfx7vdsuqUcfPALFcxO9ivh2xsZVF9B
NkHvlHBmvelJuQr9zYfinnpLj8WICMRbPJExPAd7gizg
-----END CERTIFICATE-----