This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/yk-DGGnoKxjDOyVJDYCP2Dq6RkY.roa
File:                     yk-DGGnoKxjDOyVJDYCP2Dq6RkY.roa (raw, json)
Hash identifier:          vb19X8WJPy7+RYVMmtMqPzkvfdcm+Fk9dFoJfJFBMp8=
Subject key identifier:   CA:4F:83:18:69:E8:2B:18:C3:3B:25:49:0D:80:8F:D8:3A:BA:46:46
Certificate issuer:       /CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
Certificate serial:       019B7F82A7223C386ADF213167768669682B
Authority key identifier: 86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/yk-DGGnoKxjDOyVJDYCP2Dq6RkY.roa
Signing time:             Fri 02 Jan 2026 16:20:27 +0000
ROA not before:           Fri 02 Jan 2026 16:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206515
IP address blocks:        45.82.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:a7:22:3c:38:6a:df:21:31:67:76:86:69:68:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
        Validity
            Not Before: Jan  2 16:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca4f831869e82b18c33b25490d808fd83aba4646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fb:e5:b7:4e:49:b5:5e:e7:8f:48:f1:f1:f2:
                    64:eb:64:f2:03:70:68:e3:c0:c4:53:28:03:29:2d:
                    35:d4:6c:cd:53:94:22:b2:47:ac:aa:9b:a3:e8:94:
                    35:d8:37:48:b8:81:00:7c:95:52:e7:79:26:de:f9:
                    68:ff:e7:52:b9:84:0c:14:bd:9d:7c:be:da:42:6c:
                    51:82:f4:9f:b6:8d:d1:bb:e0:65:62:84:fa:c0:7b:
                    fa:8e:a2:c4:c4:a9:ea:ce:a4:17:df:6d:1f:a5:d0:
                    38:a0:37:cd:c9:48:95:2f:28:ca:fa:2c:46:70:83:
                    0a:26:a4:70:c2:30:d5:e5:93:e5:ef:5e:3f:a1:5f:
                    15:1a:af:fb:93:9c:1c:68:05:ee:6a:6b:8d:7e:fb:
                    2b:d5:5d:a5:a4:ee:59:9b:07:f4:2b:b7:f6:0d:f9:
                    f5:ee:de:bd:78:48:98:6a:e3:3c:90:93:55:e8:53:
                    43:d8:e2:99:68:23:d4:82:9c:3c:da:e2:b2:35:d6:
                    cf:7c:f5:25:42:eb:17:43:e4:ae:58:7d:31:d3:06:
                    ad:a1:1c:ef:6c:1c:0d:c9:fd:e8:50:83:b0:85:c5:
                    4d:aa:cb:3d:6f:a8:37:d3:74:1c:1b:63:45:92:a8:
                    17:a9:ad:6e:47:a9:27:78:80:16:69:a9:4b:9d:f9:
                    bb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4F:83:18:69:E8:2B:18:C3:3B:25:49:0D:80:8F:D8:3A:BA:46:46
            X509v3 Authority Key Identifier:
                keyid:86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/yk-DGGnoKxjDOyVJDYCP2Dq6RkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:02:a5:ad:9f:e6:fa:8c:fe:ef:a7:32:37:1e:ba:60:99:8d:
         ba:4f:61:74:4c:59:53:ad:ef:42:11:82:e2:30:c7:32:0d:6b:
         4d:b7:6b:5e:8b:81:96:a7:a6:fd:9c:dd:37:f1:bc:a6:9d:a5:
         b8:04:65:23:c6:d8:47:b3:bf:df:3c:72:88:7f:a6:05:b1:ff:
         42:9f:16:01:a4:a0:2a:14:a2:66:a4:9b:45:34:2d:23:0a:71:
         b3:e3:af:3b:97:86:fc:b8:ef:b3:34:23:c5:9b:12:21:68:28:
         53:43:ff:cc:fc:26:61:6c:ec:b4:34:28:ae:ad:4f:ee:d2:60:
         c3:78:e1:5b:4e:13:7a:15:7a:ba:e6:fd:89:82:ff:2f:a9:97:
         9e:fa:60:55:23:22:48:6f:0b:03:c4:ec:47:eb:9d:87:d7:f5:
         ba:25:65:fc:a2:0a:47:57:d3:3c:17:10:83:86:ef:00:86:e7:
         e8:85:53:0a:02:0b:1a:34:8b:b6:16:d6:03:16:d3:8b:64:dd:
         85:05:cb:3b:9c:a7:da:34:d1:43:b1:66:d3:d7:55:8c:ad:b3:
         97:7c:69:8a:38:85:3f:26:54:66:58:aa:e1:9a:f4:3a:ac:8d:
         1e:66:ba:c2:63:f3:c4:17:45:25:c1:b6:60:1a:a9:52:5e:4a:
         f2:16:34:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gqciPDhq3yExZ3aGaWgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZmE1NjRjZjk3NTc3YzA3NjMzYmE0ZTY0MGVhNzhjNzZm
YzE3ZGQwHhcNMjYwMTAyMTYyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRmODMxODY5ZTgyYjE4YzMzYjI1NDkwZDgwOGZkODNhYmE0NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfvlt05JtV7nj0jx8fJk62TyA3Bo
48DEUygDKS011GzNU5Qiskesqpuj6JQ12DdIuIEAfJVS53km3vlo/+dSuYQMFL2d
fL7aQmxRgvSfto3Ru+BlYoT6wHv6jqLExKnqzqQX320fpdA4oDfNyUiVLyjK+ixG
cIMKJqRwwjDV5ZPl714/oV8VGq/7k5wcaAXuamuNfvsr1V2lpO5Zmwf0K7f2Dfn1
7t69eEiYauM8kJNV6FND2OKZaCPUgpw82uKyNdbPfPUlQusXQ+SuWH0x0watoRzv
bBwNyf3oUIOwhcVNqss9b6g303QcG2NFkqgXqa1uR6kneIAWaalLnfm77wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpPgxhp6CsYwzslSQ2Aj9g6ukZGMB8GA1UdIwQY
MBaAFIb6Vkz5dXfAdjO6TmQOp4x2/BfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDkt
MDczZDBkMTRkZGRlLzEveWstREdHbm9LeGpET3lWSkRZQ1AyRHE2UmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDktMDczZDBkMTRkZGRl
LzEvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLZMA0G
CSqGSIb3DQEBCwUAA4IBAQB8AqWtn+b6jP7vpzI3HrpgmY26T2F0TFlTre9CEYLi
MMcyDWtNt2tei4GWp6b9nN038bymnaW4BGUjxthHs7/fPHKIf6YFsf9CnxYBpKAq
FKJmpJtFNC0jCnGz4687l4b8uO+zNCPFmxIhaChTQ//M/CZhbOy0NCiurU/u0mDD
eOFbThN6FXq65v2Jgv8vqZee+mBVIyJIbwsDxOxH652H1/W6JWX8ogpHV9M8FxCD
hu8AhufohVMKAgsaNIu2FtYDFtOLZN2FBcs7nKfaNNFDsWbT11WMrbOXfGmKOIU/
JlRmWKrhmvQ6rI0eZrrCY/PEF0UlwbZgGqlSXkryFjRn
-----END CERTIFICATE-----