This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/yjCLnJJ8rfNwGHfr7fltn7hoIlQ.roa
File:                     yjCLnJJ8rfNwGHfr7fltn7hoIlQ.roa (raw, json)
Hash identifier:          sVEkyMqocnGCuY3F7qrQ/BqtfyolEutJbhNrNKl2rbc=
Subject key identifier:   CA:30:8B:9C:92:7C:AD:F3:70:18:77:EB:ED:F9:6D:9F:B8:68:22:54
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54351C127DF7B9912F7EFF7B5E782
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/yjCLnJJ8rfNwGHfr7fltn7hoIlQ.roa
Signing time:             Thu 01 Jan 2026 22:19:46 +0000
ROA not before:           Thu 01 Jan 2026 22:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198202
IP address blocks:        46.249.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:43:51:c1:27:df:7b:99:12:f7:ef:f7:b5:e7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca308b9c927cadf3701877ebedf96d9fb8682254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:90:e4:e4:3c:93:64:76:f7:5f:1f:ea:15:
                    27:77:6e:77:88:b8:e4:7d:cc:c1:c2:08:1d:35:9b:
                    5a:6d:8d:78:4e:9a:ac:72:53:a3:6a:90:12:62:85:
                    35:2f:6b:7f:a8:ab:1c:3f:f9:88:77:75:06:e8:7b:
                    e4:70:10:b4:0b:c5:cc:63:a6:27:a0:cd:7e:27:90:
                    30:7b:b2:01:21:92:44:f0:c7:c5:81:41:c9:45:95:
                    31:46:bf:82:fb:4a:bb:e8:94:35:ba:f3:bc:3b:fe:
                    ab:ab:f6:6e:c0:2a:74:6e:1a:80:de:30:0a:11:06:
                    cf:d7:c5:66:3e:54:22:21:f9:f8:9a:77:e3:ea:68:
                    ac:68:d0:19:71:a8:b1:31:e7:07:8a:18:3b:5f:fd:
                    51:a8:67:e8:5f:e4:9d:56:b0:4a:58:c7:56:01:bf:
                    a4:2e:6b:6e:b7:ba:c0:f3:72:3e:c5:ea:78:59:00:
                    f6:d6:4f:d1:9d:f7:12:4b:c3:9e:11:56:59:20:43:
                    a3:d7:4e:eb:4b:6d:62:97:d0:a4:f9:61:9a:ab:d4:
                    b3:3e:05:58:22:da:22:63:66:af:84:ca:f6:c0:ad:
                    3b:aa:bb:05:a8:2d:e2:ad:1f:23:07:36:4d:ca:a9:
                    1e:a3:ed:13:93:f6:a8:79:ff:35:c1:58:0e:30:5b:
                    15:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:30:8B:9C:92:7C:AD:F3:70:18:77:EB:ED:F9:6D:9F:B8:68:22:54
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/yjCLnJJ8rfNwGHfr7fltn7hoIlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:14:92:85:99:5c:6e:06:c4:7c:5e:91:a2:05:66:05:68:57:
         8d:00:43:49:44:1a:33:95:a4:55:48:56:1c:fe:b6:8f:95:50:
         3f:06:de:9f:5b:47:44:75:b6:7d:af:4c:3f:ba:dc:06:4b:ab:
         66:87:57:17:5c:81:c5:6a:6b:06:f2:3a:bd:52:29:d5:18:c4:
         da:23:28:3c:43:e3:6a:71:0f:56:65:b7:e7:12:e4:89:a8:61:
         51:6c:45:6a:24:b4:69:61:e5:02:8d:4d:8c:3d:cb:49:49:9e:
         e7:d0:da:da:81:cf:a4:a9:a0:e9:40:dd:73:90:0a:a0:82:4b:
         55:62:2d:07:ca:d7:64:8b:04:47:4d:14:43:75:3e:76:1c:5d:
         d3:41:2d:66:8c:60:7e:a5:d6:79:87:b5:20:43:4a:e2:8b:e9:
         94:ce:09:76:be:34:bc:cf:11:70:53:40:af:4a:8f:0c:a1:6b:
         c4:88:d3:d9:4e:5d:49:f0:11:2f:0b:08:63:7a:4d:9a:48:fe:
         3b:6d:34:32:8c:e5:4b:b5:a9:51:72:95:db:17:a2:24:95:be:
         0c:d8:09:fd:90:a1:45:44:ea:0c:f4:7f:90:3f:20:90:aa:9e:
         27:14:41:3d:c7:54:af:ba:1b:d5:9c:b2:d1:c6:a0:0a:3f:d4:
         83:9e:bf:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUNRwSffe5kS9+/3teeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMwOGI5YzkyN2NhZGYzNzAxODc3ZWJlZGY5NmQ5ZmI4NjgyMjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7+Q5OQ8k2R2918f6hUnd253iLjk
fczBwggdNZtabY14TpqsclOjapASYoU1L2t/qKscP/mId3UG6HvkcBC0C8XMY6Yn
oM1+J5Awe7IBIZJE8MfFgUHJRZUxRr+C+0q76JQ1uvO8O/6rq/ZuwCp0bhqA3jAK
EQbP18VmPlQiIfn4mnfj6misaNAZcaixMecHihg7X/1RqGfoX+SdVrBKWMdWAb+k
Lmtut7rA83I+xep4WQD21k/RnfcSS8OeEVZZIEOj107rS21il9Ck+WGaq9SzPgVY
ItoiY2avhMr2wK07qrsFqC3irR8jBzZNyqkeo+0Tk/aoef81wVgOMFsVWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMowi5ySfK3zcBh36+35bZ+4aCJUMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEveWpDTG5KSjhyZk53R0hmcjdmbHRuN2hvSWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvleMA0G
CSqGSIb3DQEBCwUAA4IBAQCgFJKFmVxuBsR8XpGiBWYFaFeNAENJRBozlaRVSFYc
/raPlVA/Bt6fW0dEdbZ9r0w/utwGS6tmh1cXXIHFamsG8jq9UinVGMTaIyg8Q+Nq
cQ9WZbfnEuSJqGFRbEVqJLRpYeUCjU2MPctJSZ7n0Nragc+kqaDpQN1zkAqggktV
Yi0HytdkiwRHTRRDdT52HF3TQS1mjGB+pdZ5h7UgQ0rii+mUzgl2vjS8zxFwU0Cv
So8MoWvEiNPZTl1J8BEvCwhjek2aSP47bTQyjOVLtalRcpXbF6Iklb4M2An9kKFF
ROoM9H+QPyCQqp4nFEE9x1SvuhvVnLLRxqAKP9SDnr+q
-----END CERTIFICATE-----