This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/YklH_vepZzEkc4R0x2RBX8IDDUk.roa
File:                     YklH_vepZzEkc4R0x2RBX8IDDUk.roa (raw, json)
Hash identifier:          pv6n+2hKIVBO6+P4Pldjs2VXfAy2gbQUsUHIIXPpa8Q=
Subject key identifier:   62:49:47:FE:F7:A9:67:31:24:73:84:74:C7:64:41:5F:C2:03:0D:49
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       019B7A5AE4B49DEFFDD0F08F97FB0891B744
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/YklH_vepZzEkc4R0x2RBX8IDDUk.roa
Signing time:             Thu 01 Jan 2026 16:18:55 +0000
ROA not before:           Thu 01 Jan 2026 16:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215974
IP address blocks:        86.107.6.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e4:b4:9d:ef:fd:d0:f0:8f:97:fb:08:91:b7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Jan  1 16:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=624947fef7a9673124738474c764415fc2030d49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a1:a5:9c:e2:ad:ee:80:53:f4:f4:39:6c:69:
                    4e:2c:fa:36:a2:b6:d5:a1:3f:6d:7a:2f:de:7a:53:
                    1b:58:22:16:74:3f:f3:0c:d1:f5:51:0a:28:76:33:
                    87:70:7d:20:09:df:90:aa:ac:1f:62:0e:ec:5c:90:
                    0c:34:ef:6d:72:81:1d:b1:8b:7a:c4:a9:08:c8:1a:
                    92:ed:30:95:ab:ec:17:e9:66:08:c0:46:df:90:99:
                    00:97:29:dc:90:29:cb:a6:cc:9d:f8:20:c9:2c:76:
                    1b:70:52:b7:fb:c3:c0:13:48:ac:0b:ef:53:ec:f2:
                    37:e4:87:63:cf:9e:ca:c7:16:9c:9d:a2:7e:9b:d9:
                    08:74:2a:9e:a4:44:4a:ea:8e:72:e0:9e:01:bd:28:
                    e1:75:2d:2b:50:8d:76:e0:0b:e6:75:da:3d:09:d3:
                    82:7d:6b:0f:71:f8:2d:79:cf:80:d2:dc:34:16:f5:
                    05:27:57:d9:47:db:07:a2:ea:d5:a1:d8:09:aa:b3:
                    4a:96:4d:d3:9a:3c:43:74:91:4f:68:f7:ae:2a:18:
                    fe:bf:2c:a3:93:c9:61:5d:a3:f0:8f:c0:fc:4d:27:
                    fe:3f:84:2c:25:a3:c1:e2:fd:52:29:64:d7:bf:b8:
                    48:f1:25:26:dc:c9:d6:17:d3:47:45:f4:0f:57:16:
                    1f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:49:47:FE:F7:A9:67:31:24:73:84:74:C7:64:41:5F:C2:03:0D:49
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/YklH_vepZzEkc4R0x2RBX8IDDUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:49:a2:99:3b:7d:b6:93:44:67:3f:44:2d:8d:16:9d:fd:06:
         49:d2:a2:73:ed:43:6e:71:aa:1e:e2:fd:3f:3e:0c:bd:81:86:
         18:8d:a7:30:91:42:24:22:1f:82:e3:27:eb:5a:e5:56:bb:6d:
         14:51:55:bd:5c:82:96:bd:86:9a:a1:4a:f5:7e:65:a7:de:8c:
         c3:d3:3f:38:23:e5:d9:8b:4d:dd:84:93:40:c6:99:10:75:ac:
         68:13:2f:e8:3f:a9:6e:05:5d:f0:63:8d:83:04:bc:cf:fc:5e:
         b6:fa:b3:91:98:15:0a:b6:d4:da:08:a7:a2:48:78:6b:4c:1b:
         83:17:94:2b:95:87:9d:3d:b1:f6:f6:4d:08:0e:18:bf:fc:99:
         b7:59:36:d3:32:cb:05:60:2c:e5:02:2e:36:14:0b:c9:e1:4e:
         f2:7e:61:5c:c4:61:94:9f:90:9f:c1:6a:49:34:6d:25:00:c1:
         d0:46:98:ef:82:0e:8c:26:13:13:c1:ab:c4:a1:f8:6e:47:fb:
         cd:38:28:b2:93:9a:cb:c4:60:0d:18:d2:0b:9e:55:ac:06:1f:
         87:93:73:04:d5:b8:bc:0d:0e:90:20:44:5a:fd:08:0d:80:0e:
         f4:6a:b8:9a:86:73:be:50:b2:30:7f:aa:bc:f4:77:55:03:77:
         75:c6:03:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuS0ne/90PCPl/sIkbdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjYwMTAxMTYxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQ5NDdmZWY3YTk2NzMxMjQ3Mzg0NzRjNzY0NDE1ZmMyMDMwZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaGlnOKt7oBT9PQ5bGlOLPo2orbV
oT9tei/eelMbWCIWdD/zDNH1UQoodjOHcH0gCd+QqqwfYg7sXJAMNO9tcoEdsYt6
xKkIyBqS7TCVq+wX6WYIwEbfkJkAlynckCnLpsyd+CDJLHYbcFK3+8PAE0isC+9T
7PI35Idjz57KxxacnaJ+m9kIdCqepERK6o5y4J4BvSjhdS0rUI124Avmddo9CdOC
fWsPcfgtec+A0tw0FvUFJ1fZR9sHourVodgJqrNKlk3TmjxDdJFPaPeuKhj+vyyj
k8lhXaPwj8D8TSf+P4QsJaPB4v1SKWTXv7hI8SUm3MnWF9NHRfQPVxYf7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJJR/73qWcxJHOEdMdkQV/CAw1JMB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvWWtsSF92ZXBaekVrYzRSMHgyUkJYOElERFVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVmsGMA0G
CSqGSIb3DQEBCwUAA4IBAQBUSaKZO322k0RnP0QtjRad/QZJ0qJz7UNucaoe4v0/
Pgy9gYYYjacwkUIkIh+C4yfrWuVWu20UUVW9XIKWvYaaoUr1fmWn3ozD0z84I+XZ
i03dhJNAxpkQdaxoEy/oP6luBV3wY42DBLzP/F62+rORmBUKttTaCKeiSHhrTBuD
F5QrlYedPbH29k0IDhi//Jm3WTbTMssFYCzlAi42FAvJ4U7yfmFcxGGUn5CfwWpJ
NG0lAMHQRpjvgg6MJhMTwavEofhuR/vNOCiyk5rLxGANGNILnlWsBh+Hk3ME1bi8
DQ6QIERa/QgNgA70ariahnO+ULIwf6q89HdVA3d1xgMk
-----END CERTIFICATE-----