This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/cYQr8mZxfTfWuS06s4sagiHYiLM.roa
File:                     cYQr8mZxfTfWuS06s4sagiHYiLM.roa (raw, json)
Hash identifier:          SVbaCte8VedUXBHb3nBrjug9KE79VKK97iDf+VGMMog=
Subject key identifier:   71:84:2B:F2:66:71:7D:37:D6:B9:2D:3A:B3:8B:1A:82:21:D8:88:B3
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA5496B2A1EC2CAC1651D9E0E0C89F9
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/cYQr8mZxfTfWuS06s4sagiHYiLM.roa
Signing time:             Thu 01 Jan 2026 22:19:48 +0000
ROA not before:           Thu 01 Jan 2026 22:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202843
IP address blocks:        185.60.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:49:6b:2a:1e:c2:ca:c1:65:1d:9e:0e:0c:89:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71842bf266717d37d6b92d3ab38b1a8221d888b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:58:c2:0d:23:11:78:1c:26:5e:aa:67:e8:
                    75:6c:d3:95:bc:c0:ee:35:62:d2:21:a0:74:15:7b:
                    f8:05:49:9f:77:b6:ab:81:e6:47:74:5c:10:c8:32:
                    e0:ee:d7:38:0e:4e:fa:ee:50:e2:d5:ab:7d:f1:64:
                    1b:f3:7a:0b:a1:5a:c1:99:8b:32:b4:99:62:35:07:
                    57:49:42:7d:8c:1e:6a:43:11:90:d3:5c:80:2b:06:
                    fd:e1:63:48:98:70:80:ed:31:bd:f4:06:b7:a1:ea:
                    cc:12:fd:0a:8b:11:dd:a9:c9:88:a2:0c:4e:95:c4:
                    fd:c7:0f:a3:aa:07:74:c5:6f:89:37:84:81:a7:ce:
                    d3:8e:b5:0c:47:47:c7:61:86:a2:67:dc:76:8e:d6:
                    97:7d:e3:a7:8a:9e:a1:4c:0e:be:95:37:6e:a7:6d:
                    20:0a:08:b4:01:69:3a:6b:95:0c:21:ae:c1:a9:64:
                    20:2b:45:60:a5:02:b6:e8:e5:88:7b:3e:92:5a:98:
                    9b:4c:0c:44:65:14:66:a0:48:82:a6:4b:b0:0e:d7:
                    09:fb:a7:e0:c4:2b:56:03:d5:eb:4f:6d:72:25:60:
                    38:82:01:2f:c3:e8:09:e9:d3:1a:4e:d2:4b:4b:3e:
                    ef:c6:f2:a5:45:6d:da:48:1f:b1:33:c7:62:b5:da:
                    60:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:84:2B:F2:66:71:7D:37:D6:B9:2D:3A:B3:8B:1A:82:21:D8:88:B3
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/cYQr8mZxfTfWuS06s4sagiHYiLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:44:73:4f:2c:85:9b:05:ec:d2:82:5b:cf:49:89:23:96:e2:
         ed:ad:ac:8d:fc:c0:1c:8a:e5:30:ae:21:b0:a7:a8:6a:6b:1c:
         63:67:c3:1b:7d:a5:b2:d3:5a:4e:a6:1c:43:ee:1f:50:47:87:
         7d:43:b7:cb:78:56:99:2c:a1:ea:84:0c:58:fd:30:0f:7b:66:
         95:20:12:e5:49:64:fd:e4:a5:94:7d:9b:b1:cf:04:50:50:2a:
         91:d8:3d:b9:d8:22:c6:90:f6:bd:c2:1d:6f:b3:62:f8:fe:c4:
         ce:3d:63:23:ea:e3:bc:87:39:c7:a8:36:28:63:0c:0e:f5:8b:
         e6:ea:f1:cb:b2:25:aa:77:da:ac:98:0e:89:5b:2a:8a:1b:ff:
         81:b6:6e:21:f7:4a:33:82:dc:e4:f2:0d:70:9b:87:b2:9d:41:
         44:a0:cd:96:83:f4:de:b9:d8:f2:cb:d5:3d:0b:84:4b:58:64:
         d3:b6:3d:f4:69:0f:3d:5f:47:33:bc:01:5e:25:d6:ea:1a:37:
         44:dd:e8:91:04:40:f5:17:7c:0b:54:84:5d:c7:1e:b7:f4:49:
         04:ae:11:4e:d5:d9:5b:9a:60:ec:98:94:2d:2f:26:ce:cc:46:
         32:5d:ac:42:bf:51:b9:f5:5d:27:87:9f:d9:e4:26:9e:ba:d1:
         7d:b5:2a:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUlrKh7CysFlHZ4ODIn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTg0MmJmMjY2NzE3ZDM3ZDZiOTJkM2FiMzhiMWE4MjIxZDg4OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsilYwg0jEXgcJl6qZ+h1bNOVvMDu
NWLSIaB0FXv4BUmfd7argeZHdFwQyDLg7tc4Dk767lDi1at98WQb83oLoVrBmYsy
tJliNQdXSUJ9jB5qQxGQ01yAKwb94WNImHCA7TG99Aa3oerMEv0KixHdqcmIogxO
lcT9xw+jqgd0xW+JN4SBp87TjrUMR0fHYYaiZ9x2jtaXfeOnip6hTA6+lTdup20g
Cgi0AWk6a5UMIa7BqWQgK0VgpQK26OWIez6SWpibTAxEZRRmoEiCpkuwDtcJ+6fg
xCtWA9XrT21yJWA4ggEvw+gJ6dMaTtJLSz7vxvKlRW3aSB+xM8ditdpgywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGEK/JmcX031rktOrOLGoIh2IizMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvY1lRcjhtWnhmVGZXdVMwNnM0c2FnaUhZaUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTxAMA0G
CSqGSIb3DQEBCwUAA4IBAQAARHNPLIWbBezSglvPSYkjluLtrayN/MAciuUwriGw
p6hqaxxjZ8MbfaWy01pOphxD7h9QR4d9Q7fLeFaZLKHqhAxY/TAPe2aVIBLlSWT9
5KWUfZuxzwRQUCqR2D252CLGkPa9wh1vs2L4/sTOPWMj6uO8hznHqDYoYwwO9Yvm
6vHLsiWqd9qsmA6JWyqKG/+Btm4h90ozgtzk8g1wm4eynUFEoM2Wg/Teudjyy9U9
C4RLWGTTtj30aQ89X0czvAFeJdbqGjdE3eiRBED1F3wLVIRdxx639EkErhFO1dlb
mmDsmJQtLybOzEYyXaxCv1G59V0nh5/Z5CaeutF9tSq2
-----END CERTIFICATE-----