This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Yu2UNzFXadVppGrSZly_22KgDyE.roa
File:                     Yu2UNzFXadVppGrSZly_22KgDyE.roa (raw, json)
Hash identifier:          ihpZQiGVxWFYpWmmR5xxSafGPWsvZb3GibHH/ewhlKw=
Subject key identifier:   62:ED:94:37:31:57:69:D5:69:A4:6A:D2:66:5C:BF:DB:62:A0:0F:21
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54A198FFBC91F3A0EA267FF083252
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Yu2UNzFXadVppGrSZly_22KgDyE.roa
Signing time:             Thu 01 Jan 2026 22:19:48 +0000
ROA not before:           Thu 01 Jan 2026 22:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203390
IP address blocks:        77.85.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:4a:19:8f:fb:c9:1f:3a:0e:a2:67:ff:08:32:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62ed9437315769d569a46ad2665cbfdb62a00f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:19:ee:b7:a4:8a:ce:95:e9:78:6f:4c:bd:
                    3c:fc:3a:d0:9e:a9:90:4a:bb:8e:15:a7:5c:e8:9b:
                    2e:51:c2:88:89:4b:66:e8:29:1a:c4:36:b8:9a:c6:
                    4d:a3:4a:08:fa:1a:0d:f0:b4:47:e6:59:69:98:ad:
                    94:ae:c0:40:b7:1d:12:66:6a:5c:9a:70:24:26:dd:
                    9d:13:63:ba:8e:66:4e:a6:7b:01:95:10:72:da:96:
                    90:6b:29:75:8f:b9:9b:18:cc:cb:59:88:9c:0d:1d:
                    c1:dd:49:f2:e9:b0:83:86:4e:53:b0:e9:2d:cc:a2:
                    bd:10:6e:d3:48:f0:56:fd:ef:dd:dc:73:02:17:ad:
                    b1:23:f5:b5:a0:98:ba:2e:bc:19:2c:ae:83:40:2a:
                    a2:04:21:93:b5:ab:56:17:54:fc:0c:ff:08:dc:93:
                    75:f2:90:16:f7:2e:e3:2b:de:7d:47:55:f1:92:ef:
                    4f:ef:e2:63:22:89:44:9b:cb:4c:f9:79:6e:3c:5b:
                    40:8b:87:34:86:31:1e:d3:48:7a:35:49:6b:73:59:
                    dc:0c:2e:b2:52:e3:19:a5:02:55:e1:7d:b6:01:33:
                    b7:93:d6:ff:9a:98:98:4e:2e:80:0c:95:f7:eb:fd:
                    89:2e:02:fd:62:f8:6c:e7:b2:f1:b7:69:07:06:08:
                    93:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:ED:94:37:31:57:69:D5:69:A4:6A:D2:66:5C:BF:DB:62:A0:0F:21
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Yu2UNzFXadVppGrSZly_22KgDyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.85.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:de:23:24:37:10:c6:87:4c:33:c9:fc:a1:d5:10:0c:8c:10:
         a0:30:39:6f:09:75:a0:ba:5d:4a:f0:4c:99:c9:58:f2:2f:b8:
         05:98:cc:30:bf:bc:44:a8:1c:85:1d:b5:95:61:7f:ee:20:c6:
         0f:d7:a7:92:92:83:8e:bc:b3:19:a1:11:f8:d0:07:bb:ff:f8:
         d6:86:ed:43:51:70:36:6d:9f:dd:8a:b5:16:ba:19:09:9b:dd:
         c5:cb:9f:64:fc:f2:32:c2:3d:07:c0:46:fb:cf:f1:e5:a8:2a:
         1f:a2:f0:89:6a:ba:ac:23:26:74:2d:81:e9:62:bc:c1:45:23:
         ef:46:14:b6:05:56:dd:91:2e:41:31:e7:b4:fe:ee:bb:f0:88:
         d2:74:e2:dd:33:ba:8d:56:2c:49:2c:0e:e5:1a:bc:62:10:70:
         33:a4:56:f9:8e:e9:e6:66:28:50:e0:04:63:93:8a:8a:af:94:
         f8:a5:bf:6c:45:20:fd:d8:e7:1f:94:b0:41:d0:70:23:94:dc:
         ee:d0:f8:24:f5:a3:d1:b3:48:d2:cc:74:b6:a0:ca:57:b3:53:
         4a:f6:4b:0a:50:52:d3:e8:8f:14:b4:e5:fc:86:a5:4a:44:c0:
         f9:07:aa:f2:7e:6a:b2:15:a9:80:0f:a4:30:81:75:6f:f3:ad:
         10:3a:1a:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUoZj/vJHzoOomf/CDJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmVkOTQzNzMxNTc2OWQ1NjlhNDZhZDI2NjVjYmZkYjYyYTAwZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+YZ7rekis6V6XhvTL08/DrQnqmQ
SruOFadc6JsuUcKIiUtm6CkaxDa4msZNo0oI+hoN8LRH5llpmK2UrsBAtx0SZmpc
mnAkJt2dE2O6jmZOpnsBlRBy2paQayl1j7mbGMzLWYicDR3B3Uny6bCDhk5TsOkt
zKK9EG7TSPBW/e/d3HMCF62xI/W1oJi6LrwZLK6DQCqiBCGTtatWF1T8DP8I3JN1
8pAW9y7jK959R1Xxku9P7+JjIolEm8tM+XluPFtAi4c0hjEe00h6NUlrc1ncDC6y
UuMZpQJV4X22ATO3k9b/mpiYTi6ADJX36/2JLgL9Yvhs57Lxt2kHBgiTzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLtlDcxV2nVaaRq0mZcv9tioA8hMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvWXUyVU56RlhhZFZwcEdyU1pseV8yMktnRHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVXeMA0G
CSqGSIb3DQEBCwUAA4IBAQAT3iMkNxDGh0wzyfyh1RAMjBCgMDlvCXWgul1K8EyZ
yVjyL7gFmMwwv7xEqByFHbWVYX/uIMYP16eSkoOOvLMZoRH40Ae7//jWhu1DUXA2
bZ/dirUWuhkJm93Fy59k/PIywj0HwEb7z/HlqCofovCJarqsIyZ0LYHpYrzBRSPv
RhS2BVbdkS5BMee0/u678IjSdOLdM7qNVixJLA7lGrxiEHAzpFb5junmZihQ4ARj
k4qKr5T4pb9sRSD92OcflLBB0HAjlNzu0Pgk9aPRs0jSzHS2oMpXs1NK9ksKUFLT
6I8UtOX8hqVKRMD5B6ryfmqyFamAD6QwgXVv860QOho2
-----END CERTIFICATE-----