This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yCVmIRzNa3tIF_MU4qrOr7DResw.roa
File:                     yCVmIRzNa3tIF_MU4qrOr7DResw.roa (raw, json)
Hash identifier:          obCtvPuMFr0+7aVoRxpK/YudJ9U9WEay72ENhR3GLLg=
Subject key identifier:   C8:25:66:21:1C:CD:6B:7B:48:17:F3:14:E2:AA:CE:AF:B0:D1:7A:CC
Certificate issuer:       /CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
Certificate serial:       019B7910C64B551F138D4A818AA4EF35F48C
Authority key identifier: CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yCVmIRzNa3tIF_MU4qrOr7DResw.roa
Signing time:             Thu 01 Jan 2026 10:18:20 +0000
ROA not before:           Thu 01 Jan 2026 10:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        185.33.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:c6:4b:55:1f:13:8d:4a:81:8a:a4:ef:35:f4:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
        Validity
            Not Before: Jan  1 10:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c82566211ccd6b7b4817f314e2aaceafb0d17acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8b:60:43:ba:6a:71:c8:30:8e:0e:81:a2:d8:
                    ec:85:f9:f1:36:05:a2:4c:e3:bc:f5:93:b1:fd:80:
                    80:12:62:db:40:29:32:01:d9:f5:54:db:fc:25:6d:
                    77:ee:25:21:b3:60:28:eb:09:ff:a8:00:ec:13:3f:
                    7f:1f:08:f6:a4:62:04:ad:6a:64:ed:91:61:a8:ef:
                    7e:4f:53:06:b8:89:fe:bf:59:f0:17:15:7a:32:22:
                    03:3e:d9:b1:71:11:a2:1a:2a:1c:78:19:cf:3f:2a:
                    d2:be:b5:cd:4d:62:5c:74:98:49:43:37:96:ad:51:
                    45:85:8d:36:0f:9e:ff:2b:e1:6b:ea:2a:b2:32:b0:
                    c2:f1:b7:46:1c:0c:a5:f5:8e:4b:0b:be:00:78:e7:
                    11:f3:45:7c:ab:16:8d:b5:a5:19:31:fb:d5:bb:30:
                    55:20:25:8f:e7:42:1a:05:48:5a:32:64:5c:f0:8c:
                    b5:e1:50:3b:1c:40:94:24:31:04:fa:26:04:e8:a7:
                    dc:33:e7:01:b3:16:91:74:71:a1:54:27:38:b6:47:
                    51:8b:b0:97:37:7e:8c:04:5f:5e:07:be:ff:87:c3:
                    86:da:62:ac:c2:3a:70:ac:a1:e2:5f:84:02:a2:8f:
                    c3:57:28:f9:c3:47:8e:ec:00:b6:b1:4a:f3:cc:76:
                    92:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:25:66:21:1C:CD:6B:7B:48:17:F3:14:E2:AA:CE:AF:B0:D1:7A:CC
            X509v3 Authority Key Identifier:
                keyid:CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yCVmIRzNa3tIF_MU4qrOr7DResw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:14:2e:63:ae:85:b5:6c:23:f1:93:f5:59:d5:52:a0:81:15:
         92:86:25:d3:93:e5:d9:04:f1:a3:d6:c9:de:3b:a6:64:50:1d:
         30:32:6a:d0:96:9a:41:16:dd:67:2e:ac:e6:c8:89:56:78:ad:
         76:a4:88:00:d0:52:4d:92:8a:3a:f0:f8:3b:f5:e0:9d:e8:16:
         d7:17:63:63:5a:89:f8:24:43:95:bc:3e:f5:f2:e8:bb:d7:20:
         b4:4f:11:20:79:dd:45:0d:09:35:7b:a5:b7:1e:0f:59:44:0b:
         c8:18:8d:0a:00:41:22:a4:34:79:44:72:4c:99:4f:9b:b5:89:
         ed:a9:84:a2:a9:ec:08:9f:06:f2:07:69:e0:49:2a:ad:bc:c1:
         b7:5e:34:71:7c:1b:f7:4b:19:d3:54:72:16:dc:56:ec:2f:43:
         f8:f6:af:cf:99:70:54:de:20:d3:01:3d:9a:df:83:61:95:5b:
         61:16:26:ba:49:90:ae:d9:a6:70:c5:32:58:58:50:dc:ec:b3:
         c1:fa:1e:66:b8:b7:89:d1:4f:12:3f:05:5f:3e:4f:3a:f6:11:
         42:31:c9:fd:d2:b1:cc:b6:a1:df:b4:b8:fa:8c:62:09:e8:5c:
         97:3f:78:0e:6b:4a:1b:6e:91:8a:4d:21:f9:c5:f0:b8:a9:6b:
         5e:3b:68:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EMZLVR8TjUqBiqTvNfSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2I4NmU2NTQ3MGY5OTRkZmE2ZDZmZWU4ZTI2NGRiNjJl
MjRhZjkwHhcNMjYwMTAxMTAxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI1NjYyMTFjY2Q2YjdiNDgxN2YzMTRlMmFhY2VhZmIwZDE3YWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4tgQ7pqccgwjg6BotjshfnxNgWi
TOO89ZOx/YCAEmLbQCkyAdn1VNv8JW137iUhs2Ao6wn/qADsEz9/Hwj2pGIErWpk
7ZFhqO9+T1MGuIn+v1nwFxV6MiIDPtmxcRGiGioceBnPPyrSvrXNTWJcdJhJQzeW
rVFFhY02D57/K+Fr6iqyMrDC8bdGHAyl9Y5LC74AeOcR80V8qxaNtaUZMfvVuzBV
ICWP50IaBUhaMmRc8Iy14VA7HECUJDEE+iYE6KfcM+cBsxaRdHGhVCc4tkdRi7CX
N36MBF9eB77/h8OG2mKswjpwrKHiX4QCoo/DVyj5w0eO7AC2sUrzzHaS8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMglZiEczWt7SBfzFOKqzq+w0XrMMB8GA1UdIwQY
MBaAFMo7huZUcPmU36bW/ujiZNti4kr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgt
OTUzMWQyNGUwNjEwLzEveUNWbUlSek5hM3RJRl9NVTRxck9yN0RSZXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgtOTUzMWQyNGUwNjEw
LzEveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSE+MA0G
CSqGSIb3DQEBCwUAA4IBAQAhFC5jroW1bCPxk/VZ1VKggRWShiXTk+XZBPGj1sne
O6ZkUB0wMmrQlppBFt1nLqzmyIlWeK12pIgA0FJNkoo68Pg79eCd6BbXF2NjWon4
JEOVvD718ui71yC0TxEged1FDQk1e6W3Hg9ZRAvIGI0KAEEipDR5RHJMmU+btYnt
qYSiqewInwbyB2ngSSqtvMG3XjRxfBv3SxnTVHIW3FbsL0P49q/PmXBU3iDTAT2a
34NhlVthFia6SZCu2aZwxTJYWFDc7LPB+h5muLeJ0U8SPwVfPk869hFCMcn90rHM
tqHftLj6jGIJ6FyXP3gOa0obbpGKTSH5xfC4qWteO2hB
-----END CERTIFICATE-----