This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ydn03btKMI46uGq-Vn5jOUrrN90.roa
File:                     ydn03btKMI46uGq-Vn5jOUrrN90.roa (raw, json)
Hash identifier:          wCd9OwuNQZuDXDcrMWvqCW6/JhmA2O1fHWAVijSc0Kg=
Subject key identifier:   C9:D9:F4:DD:BB:4A:30:8E:3A:B8:6A:BE:56:7E:63:39:4A:EB:37:DD
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019B7CEDFF0B988FBFE9EAE5F79D9393066D
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ydn03btKMI46uGq-Vn5jOUrrN90.roa
Signing time:             Fri 02 Jan 2026 04:18:50 +0000
ROA not before:           Fri 02 Jan 2026 04:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        80.71.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:ff:0b:98:8f:bf:e9:ea:e5:f7:9d:93:93:06:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 04:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9d9f4ddbb4a308e3ab86abe567e63394aeb37dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:d1:4a:3d:22:ba:b4:72:fb:72:d9:af:6d:
                    8f:65:58:3a:a9:6c:46:79:28:99:ec:50:79:58:28:
                    c4:66:33:11:d4:61:de:dc:a9:1f:6f:ae:bf:13:6a:
                    d1:b7:bc:19:62:ff:be:48:0d:1a:c6:b9:29:57:4e:
                    52:f2:4d:7f:d9:5c:60:45:81:8b:e6:ae:c6:3f:39:
                    c1:36:a2:3f:0d:e1:3b:56:b7:de:f6:c0:70:f1:f4:
                    22:2a:77:fc:08:a3:84:77:13:37:78:13:42:8b:4e:
                    d7:de:32:61:16:93:e9:b2:0f:3f:2b:d6:b1:57:ea:
                    5e:af:a1:60:e6:8e:84:4f:a1:f0:f2:26:ba:c8:40:
                    cf:fc:c1:72:7d:7c:cb:5f:f6:c7:29:24:96:af:6e:
                    8c:a9:a9:39:9d:c0:eb:57:35:c4:73:5d:89:1f:15:
                    86:49:c6:41:46:10:5b:7d:c9:9f:a0:88:66:d0:aa:
                    2b:c5:b9:ec:06:d6:37:fe:21:3c:a9:dd:fc:d2:68:
                    53:86:83:90:a8:00:3a:c7:7b:e3:0f:a2:06:1b:3d:
                    3c:b8:67:24:71:d7:30:71:c4:3a:b9:49:d7:95:5d:
                    5e:6a:18:c9:92:1f:61:b5:39:dd:eb:9a:24:1b:75:
                    b2:d4:b6:0d:1b:ad:9b:26:1b:50:4b:a4:e0:cd:36:
                    2b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D9:F4:DD:BB:4A:30:8E:3A:B8:6A:BE:56:7E:63:39:4A:EB:37:DD
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ydn03btKMI46uGq-Vn5jOUrrN90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:a0:56:cb:2a:13:24:8d:a9:0c:b7:08:de:53:f7:bf:34:0d:
         28:b7:7e:66:00:f9:49:7d:39:d4:d6:37:f9:69:1e:76:7a:69:
         46:8b:8d:a4:6e:00:f6:5e:78:e3:28:3c:e5:bb:a7:68:63:40:
         23:88:6e:f0:a3:06:e6:a4:a4:bc:5d:8f:75:16:3f:f2:80:b6:
         6d:02:98:1d:41:3a:1c:51:28:d6:ad:bc:dc:0d:91:66:8e:b1:
         21:42:2e:5c:3c:ce:2b:e0:09:c7:a0:af:e3:18:2c:73:6e:32:
         80:e3:3b:d1:83:06:d1:c0:4a:3b:f8:b7:1b:42:95:83:ef:8f:
         23:0a:ca:69:5d:5d:5e:0b:c9:29:f4:38:0d:1b:92:51:a9:20:
         ed:a6:12:01:3d:ca:3c:b2:98:bf:ea:7b:64:cd:68:40:d3:0b:
         f8:75:48:5e:b4:84:37:9d:33:fc:79:a1:87:80:f6:a1:a8:f9:
         b5:c2:6e:e2:08:eb:4f:5e:90:2d:44:26:35:c9:e3:77:33:11:
         ad:e5:40:da:2b:52:22:64:ea:dc:94:6f:6b:9c:8d:9d:78:d0:
         b5:80:b0:b0:24:ec:d2:f0:81:28:ff:e6:42:1f:53:3d:8b:93:
         64:39:e3:4e:ea:e2:7c:1a:5a:f4:8a:9a:52:a1:cc:a8:cc:62:
         fe:43:7a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87f8LmI+/6erl952TkwZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwMTAyMDQxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ5ZjRkZGJiNGEzMDhlM2FiODZhYmU1NjdlNjMzOTRhZWIzN2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBvRSj0iurRy+3LZr22PZVg6qWxG
eSiZ7FB5WCjEZjMR1GHe3Kkfb66/E2rRt7wZYv++SA0axrkpV05S8k1/2VxgRYGL
5q7GPznBNqI/DeE7Vrfe9sBw8fQiKnf8CKOEdxM3eBNCi07X3jJhFpPpsg8/K9ax
V+per6Fg5o6ET6Hw8ia6yEDP/MFyfXzLX/bHKSSWr26Mqak5ncDrVzXEc12JHxWG
ScZBRhBbfcmfoIhm0KorxbnsBtY3/iE8qd380mhThoOQqAA6x3vjD6IGGz08uGck
cdcwccQ6uUnXlV1eahjJkh9htTnd65okG3Wy1LYNG62bJhtQS6TgzTYr0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnZ9N27SjCOOrhqvlZ+YzlK6zfdMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEveWRuMDNidEtNSTQ2dUdxLVZuNWpPVXJyTjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfnMA0G
CSqGSIb3DQEBCwUAA4IBAQB0oFbLKhMkjakMtwjeU/e/NA0ot35mAPlJfTnU1jf5
aR52emlGi42kbgD2XnjjKDzlu6doY0AjiG7wowbmpKS8XY91Fj/ygLZtApgdQToc
USjWrbzcDZFmjrEhQi5cPM4r4AnHoK/jGCxzbjKA4zvRgwbRwEo7+LcbQpWD748j
CsppXV1eC8kp9DgNG5JRqSDtphIBPco8spi/6ntkzWhA0wv4dUhetIQ3nTP8eaGH
gPahqPm1wm7iCOtPXpAtRCY1yeN3MxGt5UDaK1IiZOrclG9rnI2deNC1gLCwJOzS
8IEo/+ZCH1M9i5NkOeNO6uJ8Glr0ippSocyozGL+Q3oa
-----END CERTIFICATE-----