This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/YfMmn3NTxzanjSoW2CgtmSyKoBw.roa
File:                     YfMmn3NTxzanjSoW2CgtmSyKoBw.roa (raw, json)
Hash identifier:          R1/beSy+NbtBJBgUSOR66DtF7b/TO6ueQaOcS29ElbE=
Subject key identifier:   61:F3:26:9F:73:53:C7:36:A7:8D:2A:16:D8:28:2D:99:2C:8A:A0:1C
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       019B797F114D11CAA25F2944AEB28EB75017
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/YfMmn3NTxzanjSoW2CgtmSyKoBw.roa
Signing time:             Thu 01 Jan 2026 12:18:49 +0000
ROA not before:           Thu 01 Jan 2026 12:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61233
IP address blocks:        185.14.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 06:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:11:4d:11:ca:a2:5f:29:44:ae:b2:8e:b7:50:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  1 12:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61f3269f7353c736a78d2a16d8282d992c8aa01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:46:b3:9c:f9:01:40:e0:b4:fd:b4:c3:f4:20:
                    95:69:19:fb:07:1f:42:d1:48:64:40:dc:9f:cb:0b:
                    42:7e:b7:cd:fa:d1:57:0c:c9:84:fc:2c:3e:b2:37:
                    65:a8:00:09:cf:96:da:c3:66:1e:2a:61:15:24:78:
                    83:9d:a3:f5:d1:9a:b6:25:b2:fd:c1:68:78:eb:f9:
                    8b:5f:83:21:a0:2b:71:8c:2c:ff:b2:23:ac:5a:82:
                    75:0f:3c:f8:8f:85:1e:26:bf:0b:df:53:33:a4:09:
                    fc:3f:5b:73:25:a3:ae:25:ad:1e:bd:d3:eb:8c:00:
                    7a:ba:86:75:dc:7c:88:1e:f7:f3:b6:17:0c:74:c3:
                    ec:cf:f1:c5:59:69:9b:7d:a7:88:34:b6:d9:59:df:
                    dc:9f:e6:f0:f8:26:97:14:04:75:df:36:fa:1c:be:
                    6d:78:e8:ae:85:6f:fd:c0:75:81:05:3e:69:ba:08:
                    d4:7e:e3:46:46:94:d0:70:43:b5:70:8c:e1:6f:04:
                    8b:2d:d5:db:a6:7d:b3:3d:e7:bf:58:0c:22:cc:42:
                    58:f4:33:bd:94:f9:cd:96:e4:0d:4a:5d:53:e4:8c:
                    d6:81:a2:2a:21:00:69:eb:5f:8f:82:70:47:bb:78:
                    ad:75:78:d0:fc:1d:d9:92:73:d2:42:7a:af:6e:8f:
                    e8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F3:26:9F:73:53:C7:36:A7:8D:2A:16:D8:28:2D:99:2C:8A:A0:1C
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/YfMmn3NTxzanjSoW2CgtmSyKoBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:c8:25:ca:9d:ad:63:34:3c:3e:f0:04:b4:32:66:5f:24:bc:
         ff:3e:74:ff:10:1f:32:2a:62:51:c1:d5:12:e3:2a:79:af:ed:
         da:4f:5a:19:b5:92:6c:14:3b:2b:f3:2e:f4:37:33:5a:16:fb:
         d1:b4:3e:57:ab:03:59:52:ab:01:b2:59:53:35:d5:6b:97:ef:
         94:31:09:9a:3d:34:ef:d7:3a:67:94:8f:b5:62:60:66:9c:15:
         37:56:c0:b2:ab:72:d4:96:5a:31:a8:ce:cf:59:5f:8a:67:2e:
         fe:1e:53:05:04:32:72:a5:94:05:b5:38:c5:a9:0a:c4:90:69:
         71:31:1b:08:1d:6c:14:1c:89:8e:41:df:b5:79:b0:fd:b7:26:
         31:d3:86:ae:43:b2:ec:bf:b5:b5:0f:1d:e8:48:08:d7:e3:ea:
         2a:f9:60:f1:e8:85:ee:f4:76:95:d8:58:09:71:1b:43:1c:db:
         d5:56:0a:da:93:d2:dc:5d:0a:fa:9e:f2:76:b4:d3:38:2d:80:
         e8:b5:db:7f:3d:4d:f5:9b:db:bd:b7:45:49:76:06:78:a1:d3:
         36:6b:13:48:b2:7a:10:ac:2e:51:43:1b:b5:cf:c3:86:90:a9:
         de:8d:c0:2a:15:9f:20:1c:5a:9f:79:38:23:ec:09:64:bf:29:
         59:7e:0b:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fxFNEcqiXylErrKOt1AXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjYwMTAxMTIxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWYzMjY5ZjczNTNjNzM2YTc4ZDJhMTZkODI4MmQ5OTJjOGFhMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUaznPkBQOC0/bTD9CCVaRn7Bx9C
0UhkQNyfywtCfrfN+tFXDMmE/Cw+sjdlqAAJz5baw2YeKmEVJHiDnaP10Zq2JbL9
wWh46/mLX4MhoCtxjCz/siOsWoJ1Dzz4j4UeJr8L31MzpAn8P1tzJaOuJa0evdPr
jAB6uoZ13HyIHvfzthcMdMPsz/HFWWmbfaeINLbZWd/cn+bw+CaXFAR13zb6HL5t
eOiuhW/9wHWBBT5pugjUfuNGRpTQcEO1cIzhbwSLLdXbpn2zPee/WAwizEJY9DO9
lPnNluQNSl1T5IzWgaIqIQBp61+PgnBHu3itdXjQ/B3ZknPSQnqvbo/oGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHzJp9zU8c2p40qFtgoLZksiqAcMB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvWWZNbW4zTlR4emFualNvVzJDZ3RtU3lLb0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ6UMA0G
CSqGSIb3DQEBCwUAA4IBAQAMyCXKna1jNDw+8AS0MmZfJLz/PnT/EB8yKmJRwdUS
4yp5r+3aT1oZtZJsFDsr8y70NzNaFvvRtD5XqwNZUqsBsllTNdVrl++UMQmaPTTv
1zpnlI+1YmBmnBU3VsCyq3LUlloxqM7PWV+KZy7+HlMFBDJypZQFtTjFqQrEkGlx
MRsIHWwUHImOQd+1ebD9tyYx04auQ7Lsv7W1Dx3oSAjX4+oq+WDx6IXu9HaV2FgJ
cRtDHNvVVgrak9LcXQr6nvJ2tNM4LYDotdt/PU31m9u9t0VJdgZ4odM2axNIsnoQ
rC5RQxu1z8OGkKnejcAqFZ8gHFqfeTgj7AlkvylZfguJ
-----END CERTIFICATE-----