This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/YbX_Uq-fQ-5ekdVmZwT4UX9M_AE.roa
File:                     YbX_Uq-fQ-5ekdVmZwT4UX9M_AE.roa (raw, json)
Hash identifier:          3ccMS28ZUPKFrYPJozhkPpBaeqel+ZZodIDTxyiq9A0=
Subject key identifier:   61:B5:FF:52:AF:9F:43:EE:5E:91:D5:66:67:04:F8:51:7F:4C:FC:01
Certificate issuer:       /CN=370ea1b05cbd4e5c0926787c79533ee29d94be96
Certificate serial:       019B7C7F1C2022914BA8B96AE6392B724A90
Authority key identifier: 37:0E:A1:B0:5C:BD:4E:5C:09:26:78:7C:79:53:3E:E2:9D:94:BE:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/YbX_Uq-fQ-5ekdVmZwT4UX9M_AE.roa
Signing time:             Fri 02 Jan 2026 02:17:43 +0000
ROA not before:           Fri 02 Jan 2026 02:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20704
IP address blocks:        185.158.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:1c:20:22:91:4b:a8:b9:6a:e6:39:2b:72:4a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370ea1b05cbd4e5c0926787c79533ee29d94be96
        Validity
            Not Before: Jan  2 02:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61b5ff52af9f43ee5e91d5666704f8517f4cfc01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d6:28:8c:45:d6:4e:34:63:f2:cf:a2:cc:a3:
                    28:44:19:71:ee:b5:e7:93:75:f3:f6:38:fc:c9:03:
                    4d:14:63:41:b6:2b:fa:4e:14:b7:f6:33:a3:fe:ea:
                    0f:ca:a8:d8:92:b7:97:58:78:28:b7:d5:1a:27:23:
                    3d:38:89:1e:64:dc:29:85:dd:bb:c2:ea:05:eb:62:
                    2f:f1:87:67:2f:26:8b:25:c0:2a:0f:c8:38:2a:02:
                    c6:ef:cc:4b:db:75:26:9f:f8:45:a1:3a:d5:81:b7:
                    1e:b0:91:d7:42:5f:ee:22:c4:f3:37:e3:02:05:08:
                    76:e0:a0:c4:48:61:bd:30:65:93:96:41:d8:b6:6c:
                    ba:36:c2:c0:2d:9a:d6:14:60:0b:01:d9:98:ee:73:
                    19:c0:12:03:af:87:bb:5e:0d:54:93:31:23:99:7d:
                    60:9d:55:5d:78:85:29:5d:46:d7:f3:b3:a7:1e:ae:
                    f5:cb:4a:7c:0b:6b:68:b0:07:72:51:e9:6e:45:74:
                    e8:0e:59:7c:ce:28:9f:f9:86:a1:8d:bb:55:45:35:
                    8f:cf:72:c0:23:ab:7a:26:b8:1a:76:cd:33:ac:20:
                    92:6f:a0:25:6b:88:90:ea:37:6b:58:ca:85:30:d9:
                    50:dc:df:c3:03:15:1f:96:b2:a3:04:bd:e4:3d:ae:
                    71:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B5:FF:52:AF:9F:43:EE:5E:91:D5:66:67:04:F8:51:7F:4C:FC:01
            X509v3 Authority Key Identifier:
                keyid:37:0E:A1:B0:5C:BD:4E:5C:09:26:78:7C:79:53:3E:E2:9D:94:BE:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/YbX_Uq-fQ-5ekdVmZwT4UX9M_AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5b2d16-087f-488c-9ebb-e8a322846641/1/Nw6hsFy9TlwJJnh8eVM-4p2UvpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:f8:f0:71:4f:cb:11:b8:ee:9d:53:b8:30:af:5c:1c:40:44:
         dd:10:8a:60:d2:2b:71:73:cf:11:85:9a:93:26:1a:0c:e6:81:
         75:3e:1b:15:3e:37:1a:f6:a5:53:2c:49:40:e8:5e:bd:12:6a:
         34:fe:bf:45:7d:19:47:fe:3d:09:63:23:52:a5:25:bf:c2:14:
         8a:23:78:3b:c5:76:bf:b8:e2:4b:94:83:90:8e:02:f2:09:95:
         0e:46:29:95:eb:08:2c:c9:db:0f:b6:70:32:c5:f5:01:bb:07:
         50:70:62:cc:73:6e:1f:bc:3b:a9:a4:2c:4d:8a:59:07:39:82:
         25:92:c0:de:7a:62:a6:da:99:40:67:54:80:e3:ac:a2:9e:9d:
         78:3c:35:6b:7b:f8:ca:6e:56:5e:1e:a4:de:cc:87:7d:8c:9d:
         f3:bf:f9:9d:ce:ad:72:e4:86:38:49:e8:6f:d8:4f:7d:eb:81:
         af:36:a2:5c:ea:da:bc:e0:54:61:c1:e5:4b:66:24:f4:5d:9e:
         b2:a0:55:9c:68:0a:a2:d0:31:7d:52:85:62:20:db:e1:fe:0b:
         64:72:d8:59:6c:1f:87:b0:16:32:63:f4:2c:82:59:f9:bd:e4:
         e9:c7:b1:11:96:29:a5:9b:af:28:44:82:fb:85:b3:59:86:be:
         ca:1f:8f:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fxwgIpFLqLlq5jkrckqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGVhMWIwNWNiZDRlNWMwOTI2Nzg3Yzc5NTMzZWUyOWQ5
NGJlOTYwHhcNMjYwMTAyMDIxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWI1ZmY1MmFmOWY0M2VlNWU5MWQ1NjY2NzA0Zjg1MTdmNGNmYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9YojEXWTjRj8s+izKMoRBlx7rXn
k3Xz9jj8yQNNFGNBtiv6ThS39jOj/uoPyqjYkreXWHgot9UaJyM9OIkeZNwphd27
wuoF62Iv8YdnLyaLJcAqD8g4KgLG78xL23Umn/hFoTrVgbcesJHXQl/uIsTzN+MC
BQh24KDESGG9MGWTlkHYtmy6NsLALZrWFGALAdmY7nMZwBIDr4e7Xg1UkzEjmX1g
nVVdeIUpXUbX87OnHq71y0p8C2tosAdyUeluRXToDll8ziif+YahjbtVRTWPz3LA
I6t6Jrgads0zrCCSb6Ala4iQ6jdrWMqFMNlQ3N/DAxUflrKjBL3kPa5x0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG1/1Kvn0PuXpHVZmcE+FF/TPwBMB8GA1UdIwQY
MBaAFDcOobBcvU5cCSZ4fHlTPuKdlL6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc2aHNGeTlUbHdKSm5oOGVWTS00cDJVdnBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81YjJkMTYtMDg3Zi00ODhjLTllYmIt
ZThhMzIyODQ2NjQxLzEvWWJYX1VxLWZRLTVla2RWbVp3VDRVWDlNX0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81YjJkMTYtMDg3Zi00ODhjLTllYmItZThhMzIyODQ2NjQx
LzEvTnc2aHNGeTlUbHdKSm5oOGVWTS00cDJVdnBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ4QMA0G
CSqGSIb3DQEBCwUAA4IBAQB9+PBxT8sRuO6dU7gwr1wcQETdEIpg0itxc88RhZqT
JhoM5oF1PhsVPjca9qVTLElA6F69Emo0/r9FfRlH/j0JYyNSpSW/whSKI3g7xXa/
uOJLlIOQjgLyCZUORimV6wgsydsPtnAyxfUBuwdQcGLMc24fvDuppCxNilkHOYIl
ksDeemKm2plAZ1SA46yinp14PDVre/jKblZeHqTezId9jJ3zv/mdzq1y5IY4Sehv
2E9964GvNqJc6tq84FRhweVLZiT0XZ6yoFWcaAqi0DF9UoViINvh/gtkcthZbB+H
sBYyY/Qsgln5veTpx7ERlimlm68oRIL7hbNZhr7KH49r
-----END CERTIFICATE-----