This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/ymQkqx6vad1BOcZP1A2ksCcXq8M.roa
File:                     ymQkqx6vad1BOcZP1A2ksCcXq8M.roa (raw, json)
Hash identifier:          Mkk7iKFq74kIN4TjOOrbxIdyK2vnb7PkhTT7pKGa0yU=
Subject key identifier:   CA:64:24:AB:1E:AF:69:DD:41:39:C6:4F:D4:0D:A4:B0:27:17:AB:C3
Certificate issuer:       /CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
Certificate serial:       019B7A5AC2C9E69B805A12283009E518EFB7
Authority key identifier: 9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/ymQkqx6vad1BOcZP1A2ksCcXq8M.roa
Signing time:             Thu 01 Jan 2026 16:18:47 +0000
ROA not before:           Thu 01 Jan 2026 16:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        217.8.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 01:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:c2:c9:e6:9b:80:5a:12:28:30:09:e5:18:ef:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
        Validity
            Not Before: Jan  1 16:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca6424ab1eaf69dd4139c64fd40da4b02717abc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1d:12:30:0d:e4:e6:3d:df:99:39:21:97:96:
                    da:f6:5f:7c:fc:41:f4:30:bf:78:e7:c7:99:29:5c:
                    da:62:69:8a:24:85:33:4b:02:d0:ef:7c:c5:02:b4:
                    c9:f8:d6:7b:d3:4e:dd:77:c1:c7:e6:a1:c4:64:51:
                    be:21:56:58:60:70:ca:69:f5:5a:65:68:e4:ca:ea:
                    91:93:fd:af:aa:55:60:8e:22:fb:e2:46:80:45:03:
                    fe:3e:5c:3b:0f:08:d6:3b:71:db:0e:b8:f3:12:53:
                    02:a1:7c:42:e8:e8:48:8e:88:6b:67:0d:e1:26:7f:
                    17:00:c5:70:fe:8b:e2:0f:41:bc:0c:c1:43:5e:2f:
                    a6:27:af:91:9f:f0:ad:20:4a:37:43:47:9e:55:d9:
                    ce:98:64:86:8a:73:7b:3d:68:9d:7e:1e:7b:0a:d7:
                    d2:09:fd:bc:9a:4d:83:7a:89:15:fa:63:cf:d8:0c:
                    d3:9a:e4:36:be:02:e1:3a:6c:f0:cf:c2:84:0b:c5:
                    1e:28:dd:00:5f:bf:e0:b6:50:49:63:73:f9:cc:f9:
                    77:9f:fe:df:9b:59:a0:11:0c:fc:8d:2d:dd:01:8d:
                    ae:83:e8:53:dd:98:a4:4b:ee:98:fe:30:d7:58:38:
                    94:87:26:99:3f:75:95:45:6e:31:8d:d7:48:fe:0a:
                    5d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:64:24:AB:1E:AF:69:DD:41:39:C6:4F:D4:0D:A4:B0:27:17:AB:C3
            X509v3 Authority Key Identifier:
                keyid:9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/ymQkqx6vad1BOcZP1A2ksCcXq8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.8.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:cd:d7:2f:da:92:69:83:d4:b0:e3:53:44:55:94:eb:3b:8d:
         c4:ca:75:13:5e:dc:cd:e9:51:8f:4f:c2:94:b6:ab:f7:bc:a3:
         d3:d6:a2:56:92:d9:21:1d:d8:e2:82:59:3f:7f:76:6e:a3:a4:
         b4:85:26:67:c5:2d:f0:34:ed:10:d8:71:0a:b1:5e:46:ec:0e:
         8a:73:fa:21:92:1c:51:6b:ab:8b:9a:40:7c:98:a1:55:c7:0a:
         00:66:c5:fe:d2:bd:d4:61:13:21:68:66:4d:46:43:ce:f5:85:
         e1:ed:90:12:3e:e1:bc:de:c4:c5:44:6c:b7:45:0f:94:8a:c2:
         34:90:fa:a6:ce:1c:52:08:19:fc:e4:dc:44:a7:37:85:44:99:
         1e:d2:e8:ed:61:ca:52:fd:39:86:17:3b:56:5c:fc:f2:c7:04:
         7f:e5:4f:85:ee:66:52:c2:ba:b1:d6:b2:03:31:13:e8:19:38:
         a0:be:af:43:1f:67:2e:97:15:8e:2a:26:93:04:83:ed:26:6b:
         1f:05:b4:74:d6:e8:11:1f:f0:94:4c:e3:a7:53:09:47:7c:c3:
         16:00:dc:8f:c8:ba:54:bc:08:e9:c1:16:cb:26:be:12:c1:d7:
         35:7f:9c:d8:0f:52:40:00:99:e4:24:7a:7d:51:a2:df:00:87:
         ab:35:a0:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WsLJ5puAWhIoMAnlGO+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNDdlZTFmMTdjOTg3ZGViYjJjMDIwZDhiNWYyZDhiZGFk
YmViNzcwHhcNMjYwMTAxMTYxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY0MjRhYjFlYWY2OWRkNDEzOWM2NGZkNDBkYTRiMDI3MTdhYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxB0SMA3k5j3fmTkhl5ba9l98/EH0
ML9458eZKVzaYmmKJIUzSwLQ73zFArTJ+NZ7007dd8HH5qHEZFG+IVZYYHDKafVa
ZWjkyuqRk/2vqlVgjiL74kaARQP+Plw7DwjWO3HbDrjzElMCoXxC6OhIjohrZw3h
Jn8XAMVw/oviD0G8DMFDXi+mJ6+Rn/CtIEo3Q0eeVdnOmGSGinN7PWidfh57CtfS
Cf28mk2DeokV+mPP2AzTmuQ2vgLhOmzwz8KEC8UeKN0AX7/gtlBJY3P5zPl3n/7f
m1mgEQz8jS3dAY2ug+hT3ZikS+6Y/jDXWDiUhyaZP3WVRW4xjddI/gpdOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpkJKser2ndQTnGT9QNpLAnF6vDMB8GA1UdIwQY
MBaAFJtH7h8XyYfeuywCDYtfLYva2+t3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzkt
ZTVlYzJjYzY0N2FhLzEveW1Ra3F4NnZhZDFCT2NaUDFBMmtzQ2NYcThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzktZTVlYzJjYzY0N2Fh
LzEvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qh2MA0G
CSqGSIb3DQEBCwUAA4IBAQB9zdcv2pJpg9Sw41NEVZTrO43EynUTXtzN6VGPT8KU
tqv3vKPT1qJWktkhHdjiglk/f3Zuo6S0hSZnxS3wNO0Q2HEKsV5G7A6Kc/ohkhxR
a6uLmkB8mKFVxwoAZsX+0r3UYRMhaGZNRkPO9YXh7ZASPuG83sTFRGy3RQ+UisI0
kPqmzhxSCBn85NxEpzeFRJke0ujtYcpS/TmGFztWXPzyxwR/5U+F7mZSwrqx1rID
MRPoGTigvq9DH2culxWOKiaTBIPtJmsfBbR01ugRH/CUTOOnUwlHfMMWANyPyLpU
vAjpwRbLJr4Swdc1f5zYD1JAAJnkJHp9UaLfAIerNaBX
-----END CERTIFICATE-----