This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yYSV7ArUz2eeeyeGWTIlApXAyb4.roa
File:                     yYSV7ArUz2eeeyeGWTIlApXAyb4.roa (raw, json)
Hash identifier:          RCob4hxElGbNRqEQwnnlTVQdFO6hOpRRWmqOLjnvBiE=
Subject key identifier:   C9:84:95:EC:0A:D4:CF:67:9E:7B:27:86:59:32:25:02:95:C0:C9:BE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D493D1B9EA8D979CF412F98680701
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yYSV7ArUz2eeeyeGWTIlApXAyb4.roa
Signing time:             Fri 02 Jan 2026 06:20:23 +0000
ROA not before:           Fri 02 Jan 2026 06:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133900
IP address blocks:        171.22.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:49:3d:1b:9e:a8:d9:79:cf:41:2f:98:68:07:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c98495ec0ad4cf679e7b27865932250295c0c9be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a5:de:5a:3e:11:7a:db:2e:77:7f:2b:51:8b:
                    98:b4:30:4d:51:a4:f7:4d:10:af:01:b1:5d:6d:1e:
                    41:5d:3e:ce:4e:21:78:bd:ee:7f:67:30:f3:1f:49:
                    9f:a3:3d:e9:97:e1:bf:3b:cf:d9:86:3b:3d:8e:ac:
                    15:41:84:d9:3b:8f:0a:6c:85:f7:4e:e5:d7:25:73:
                    76:c5:f9:66:0a:c5:06:9d:58:a8:7a:7c:37:3e:74:
                    55:7f:c8:bc:45:b5:3d:b5:56:20:a6:4f:da:e6:62:
                    44:58:b5:e4:05:d6:3e:a6:2e:be:64:74:d2:04:6a:
                    ee:2b:55:a3:a1:3b:ac:28:e0:90:77:a5:6e:7c:2b:
                    79:a8:13:ff:65:53:1f:7f:5a:15:15:de:ba:2a:8b:
                    08:c1:63:0b:d4:44:ce:a8:fc:1c:19:45:0f:89:e4:
                    39:e2:13:83:91:6c:09:f2:10:38:75:a9:fa:6b:ee:
                    57:16:2b:cf:05:eb:36:ce:2e:90:97:75:48:41:49:
                    6d:ed:95:e2:c4:3b:c4:07:2d:65:89:ad:92:7b:df:
                    41:8a:e0:a3:75:bc:66:8a:63:d5:80:cf:d3:87:af:
                    92:0f:c5:13:ba:22:0a:52:07:b1:ec:56:1a:49:90:
                    a4:e2:0d:f0:7b:36:0c:6b:7c:7b:82:57:68:3a:a6:
                    13:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:84:95:EC:0A:D4:CF:67:9E:7B:27:86:59:32:25:02:95:C0:C9:BE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yYSV7ArUz2eeeyeGWTIlApXAyb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:10:8e:51:b8:04:42:1d:9d:e8:36:ab:8b:d1:b4:7a:13:1d:
         09:4e:3b:cf:39:22:27:ff:13:fd:a3:ab:65:38:ac:af:c8:b8:
         54:39:c1:c8:c2:5b:4f:56:95:0b:57:9d:ee:d2:af:ba:15:84:
         8b:71:d8:a4:df:54:0e:93:94:ff:11:05:a2:ca:09:8d:37:1f:
         25:73:55:30:89:cd:fc:19:76:be:81:e6:ba:51:f9:a3:ec:3f:
         49:6d:91:29:e5:c2:36:be:0a:19:54:d4:cf:58:a5:73:22:95:
         e2:5e:ff:19:70:39:d0:13:3d:12:88:37:77:45:df:fc:16:83:
         d2:7c:be:4b:08:8d:b4:1f:05:2a:3d:62:33:bc:cb:32:cb:e0:
         19:f3:32:44:2e:4b:23:e1:9d:a0:c8:a2:d7:31:fe:48:7e:53:
         dd:f0:28:3e:fe:9e:0f:8c:e6:f4:17:f4:10:77:1b:60:06:a2:
         c1:00:2d:b6:0e:11:36:8a:ac:e4:85:a6:c0:54:c1:91:54:a4:
         23:8f:02:d9:00:cf:1c:10:0e:1c:8d:9f:22:b4:bb:9d:86:98:
         cb:24:ce:25:19:ed:f8:cb:9b:7a:f6:05:e9:60:3e:51:c9:40:
         5a:9f:8c:2d:3a:23:d6:02:2e:63:1a:b2:34:c5:d8:ee:47:6f:
         36:95:39:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XUk9G56o2XnPQS+YaAcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTg0OTVlYzBhZDRjZjY3OWU3YjI3ODY1OTMyMjUwMjk1YzBjOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaXeWj4Retsud38rUYuYtDBNUaT3
TRCvAbFdbR5BXT7OTiF4ve5/ZzDzH0mfoz3pl+G/O8/Zhjs9jqwVQYTZO48KbIX3
TuXXJXN2xflmCsUGnVioenw3PnRVf8i8RbU9tVYgpk/a5mJEWLXkBdY+pi6+ZHTS
BGruK1WjoTusKOCQd6VufCt5qBP/ZVMff1oVFd66KosIwWML1ETOqPwcGUUPieQ5
4hODkWwJ8hA4dan6a+5XFivPBes2zi6Ql3VIQUlt7ZXixDvEBy1lia2Se99BiuCj
dbxmimPVgM/Th6+SD8UTuiIKUgex7FYaSZCk4g3wezYMa3x7gldoOqYTDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmElewK1M9nnnsnhlkyJQKVwMm+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveVlTVjdBclV6MmVlZXllR1dUSWxBcFhBeWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxZkMA0G
CSqGSIb3DQEBCwUAA4IBAQCREI5RuARCHZ3oNquL0bR6Ex0JTjvPOSIn/xP9o6tl
OKyvyLhUOcHIwltPVpULV53u0q+6FYSLcdik31QOk5T/EQWiygmNNx8lc1Uwic38
GXa+gea6Ufmj7D9JbZEp5cI2vgoZVNTPWKVzIpXiXv8ZcDnQEz0SiDd3Rd/8FoPS
fL5LCI20HwUqPWIzvMsyy+AZ8zJELksj4Z2gyKLXMf5IflPd8Cg+/p4PjOb0F/QQ
dxtgBqLBAC22DhE2iqzkhabAVMGRVKQjjwLZAM8cEA4cjZ8itLudhpjLJM4lGe34
y5t69gXpYD5RyUBan4wtOiPWAi5jGrI0xdjuR282lTnL
-----END CERTIFICATE-----