This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/YFhff6PieA-0R_-D6roOZogSJYw.roa
File:                     YFhff6PieA-0R_-D6roOZogSJYw.roa (raw, json)
Hash identifier:          uq54FImU4X4n4Q5wAXCqz42QpkCkIhO0GgHxJfUTPP8=
Subject key identifier:   60:58:5F:7F:A3:E2:78:0F:B4:47:FF:83:EA:BA:0E:66:88:12:25:8C
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019B7CEDA10B44AC0157D8C8361AD1C980F7
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/YFhff6PieA-0R_-D6roOZogSJYw.roa
Signing time:             Fri 02 Jan 2026 04:18:26 +0000
ROA not before:           Fri 02 Jan 2026 04:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209514
IP address blocks:        147.234.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:a1:0b:44:ac:01:57:d8:c8:36:1a:d1:c9:80:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 04:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60585f7fa3e2780fb447ff83eaba0e668812258c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:62:62:99:1f:d1:3f:f2:1f:0c:ff:30:c5:
                    ff:a8:c4:64:f8:9c:9b:a6:d2:10:b9:fc:63:53:67:
                    87:e7:ad:cc:1c:7a:71:df:b1:11:3d:72:3d:48:92:
                    bb:2f:75:cb:a2:3b:68:ca:1b:8b:6b:5c:16:6b:7c:
                    0c:50:5e:de:77:a7:1b:46:3d:9f:e3:0a:ac:9f:24:
                    18:1c:a3:08:3d:bb:15:6c:00:66:32:f9:c5:d0:f3:
                    7d:9b:8c:de:14:12:51:c8:ee:36:c8:35:e9:7a:db:
                    f9:73:04:6b:7c:a3:5c:04:b1:c2:8e:b2:e3:0b:5a:
                    4c:0c:62:1d:b6:a2:b3:3e:10:44:dd:96:3f:0f:24:
                    7a:ac:e8:46:cb:97:3e:1d:b3:b0:c5:81:53:82:c4:
                    7c:9a:dc:a6:25:42:57:e4:4f:fd:05:d2:d4:0b:f1:
                    61:37:b8:b5:b6:e2:8f:84:c6:03:f6:60:3e:a7:cb:
                    ad:b6:36:d3:ed:54:ee:04:d0:fc:5d:97:c0:dc:de:
                    5d:17:8c:d0:05:28:c3:02:8b:7e:3f:dc:03:19:ff:
                    d0:8a:be:e7:ed:af:9d:7b:b8:14:31:a9:2e:b2:f1:
                    0d:fe:47:ce:b9:69:f5:30:d6:88:c1:7d:0a:2c:2d:
                    df:4b:9a:75:07:b1:67:9a:15:be:1c:fd:6b:18:64:
                    ae:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:58:5F:7F:A3:E2:78:0F:B4:47:FF:83:EA:BA:0E:66:88:12:25:8C
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/YFhff6PieA-0R_-D6roOZogSJYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:c3:4b:99:33:6c:e9:77:c2:08:8a:d7:3e:bd:ab:c1:de:62:
         ef:43:1f:64:41:ab:c3:76:80:23:a7:8c:2f:28:84:fc:70:db:
         98:bf:f9:c2:f3:4a:cf:da:6f:10:db:fb:35:f4:5f:9b:d7:3a:
         66:bb:8e:a6:10:22:e2:7d:1b:3e:9a:46:d5:e8:c7:a7:20:0f:
         4e:6c:00:c1:57:e8:f8:3a:7e:6d:f5:c2:66:7e:1d:cc:ee:b5:
         ac:74:63:dd:57:28:31:b1:c6:c4:3d:7a:6b:7c:73:a7:5a:69:
         6d:6f:0c:2c:75:14:c9:54:f3:e5:3e:90:a5:95:f8:58:f2:a5:
         a6:73:e2:77:ee:25:03:eb:ff:a3:52:c5:f0:1e:3d:a0:46:c6:
         61:c5:6a:ed:bf:b8:85:79:c5:56:a2:54:5c:90:d0:48:17:6a:
         70:af:cc:1f:a3:6b:a2:a3:d9:da:12:e1:de:a0:62:f7:56:06:
         2a:ea:50:1e:b2:06:a4:84:fe:85:34:2b:b7:b3:01:12:c1:d2:
         cd:4c:a5:6b:8c:d4:6e:65:31:90:12:0e:f8:5a:d5:06:94:ec:
         7e:6f:ad:87:ef:58:ad:21:e2:fb:98:58:85:69:6f:b2:95:9c:
         0c:f4:9d:ba:4b:54:ab:41:1e:f9:78:f0:44:0b:1c:fd:2f:05:
         69:94:de:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87aELRKwBV9jINhrRyYD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjYwMTAyMDQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDU4NWY3ZmEzZTI3ODBmYjQ0N2ZmODNlYWJhMGU2Njg4MTIyNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq1iYpkf0T/yHwz/MMX/qMRk+Jyb
ptIQufxjU2eH563MHHpx37ERPXI9SJK7L3XLojtoyhuLa1wWa3wMUF7ed6cbRj2f
4wqsnyQYHKMIPbsVbABmMvnF0PN9m4zeFBJRyO42yDXpetv5cwRrfKNcBLHCjrLj
C1pMDGIdtqKzPhBE3ZY/DyR6rOhGy5c+HbOwxYFTgsR8mtymJUJX5E/9BdLUC/Fh
N7i1tuKPhMYD9mA+p8uttjbT7VTuBND8XZfA3N5dF4zQBSjDAot+P9wDGf/Qir7n
7a+de7gUMakusvEN/kfOuWn1MNaIwX0KLC3fS5p1B7FnmhW+HP1rGGSu+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBYX3+j4ngPtEf/g+q6DmaIEiWMMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvWUZoZmY2UGllQS0wUl8tRDZyb09ab2dTSll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+opMA0G
CSqGSIb3DQEBCwUAA4IBAQAXw0uZM2zpd8IIitc+vavB3mLvQx9kQavDdoAjp4wv
KIT8cNuYv/nC80rP2m8Q2/s19F+b1zpmu46mECLifRs+mkbV6MenIA9ObADBV+j4
On5t9cJmfh3M7rWsdGPdVygxscbEPXprfHOnWmltbwwsdRTJVPPlPpCllfhY8qWm
c+J37iUD6/+jUsXwHj2gRsZhxWrtv7iFecVWolRckNBIF2pwr8wfo2uio9naEuHe
oGL3VgYq6lAesgakhP6FNCu3swESwdLNTKVrjNRuZTGQEg74WtUGlOx+b62H71it
IeL7mFiFaW+ylZwM9J26S1SrQR75ePBECxz9LwVplN5y
-----END CERTIFICATE-----