This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/YTZnwgX1fpqLaA8u7GzOIk6ue1k.roa
File:                     YTZnwgX1fpqLaA8u7GzOIk6ue1k.roa (raw, json)
Hash identifier:          mBjPd/UyUtpVQP57vDWgcX+PhPNfMg70eOHjoJqEsnc=
Subject key identifier:   61:36:67:C2:05:F5:7E:9A:8B:68:0F:2E:EC:6C:CE:22:4E:AE:7B:59
Certificate issuer:       /CN=50b0e7157147a90ce37460b719cb760694ab5414
Certificate serial:       019B7CEE2B7899B1220A2DF3FB1049B13850
Authority key identifier: 50:B0:E7:15:71:47:A9:0C:E3:74:60:B7:19:CB:76:06:94:AB:54:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/YTZnwgX1fpqLaA8u7GzOIk6ue1k.roa
Signing time:             Fri 02 Jan 2026 04:19:01 +0000
ROA not before:           Fri 02 Jan 2026 04:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203613
IP address blocks:        194.117.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:2b:78:99:b1:22:0a:2d:f3:fb:10:49:b1:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50b0e7157147a90ce37460b719cb760694ab5414
        Validity
            Not Before: Jan  2 04:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=613667c205f57e9a8b680f2eec6cce224eae7b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:32:e3:23:8f:88:35:d7:7e:2a:29:47:18:
                    95:1f:41:7d:cf:73:de:c0:52:a0:da:33:09:19:7a:
                    20:63:e4:ec:5f:b3:30:51:a3:63:fb:86:e1:4a:8f:
                    f7:45:e1:84:ae:61:f6:29:04:e4:a1:1b:2f:5b:63:
                    d1:56:df:ec:89:46:76:1c:7a:7c:b5:af:09:3f:48:
                    46:43:a6:3e:9f:c5:af:12:54:f1:cb:a9:e4:a9:ce:
                    47:99:a7:97:a5:28:cf:56:9c:89:5d:e6:cc:36:31:
                    e2:4b:36:e5:c6:14:ba:17:ed:97:f5:1c:20:83:13:
                    00:24:5c:51:18:85:a9:70:3f:bf:11:18:4e:7b:0d:
                    af:5d:54:fa:b3:aa:0d:64:f2:f1:09:a8:f4:1a:7b:
                    e7:82:31:98:c8:d7:07:e9:ce:5e:11:57:79:bd:25:
                    96:db:ee:f0:e0:ea:32:ca:38:42:1a:89:f3:51:5a:
                    dd:85:57:42:28:de:e1:35:23:fc:d2:3e:62:fe:50:
                    77:2f:bb:88:48:e3:18:79:eb:f0:32:82:78:f8:3b:
                    ff:14:da:2e:e3:dd:48:01:9b:78:aa:c0:3b:1f:b2:
                    43:9d:b9:ca:92:f6:f6:7d:2c:7d:88:41:06:88:52:
                    83:3b:d8:eb:9f:06:84:52:92:7e:10:2c:05:57:03:
                    4e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:36:67:C2:05:F5:7E:9A:8B:68:0F:2E:EC:6C:CE:22:4E:AE:7B:59
            X509v3 Authority Key Identifier:
                keyid:50:B0:E7:15:71:47:A9:0C:E3:74:60:B7:19:CB:76:06:94:AB:54:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/YTZnwgX1fpqLaA8u7GzOIk6ue1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f4c96e-521d-44b9-9cef-14c919ad8768/1/ULDnFXFHqQzjdGC3Gct2BpSrVBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:4f:71:08:d1:f7:5f:99:8b:b7:1c:b6:2b:ee:06:d7:33:1b:
         01:92:b7:78:1e:07:2b:66:8a:09:ca:d0:19:1a:85:a4:e6:88:
         b8:20:a9:bc:70:31:fd:87:50:c0:d0:d3:72:0f:8a:16:68:c3:
         5b:cb:af:f9:52:66:74:00:ea:4b:bb:69:0d:fe:20:df:ff:73:
         e8:88:b3:a8:9e:61:6a:6d:46:a1:52:3b:ad:97:11:22:6d:ca:
         1d:1c:3e:a2:e2:0d:22:9d:a9:f1:c6:37:18:3f:e4:da:98:d3:
         b3:d7:51:1f:45:3c:9e:7b:f6:bc:ac:73:8a:b1:98:0c:36:fd:
         9d:e9:9f:11:2c:39:cc:80:9b:fe:0b:80:17:ac:2a:2f:a1:4f:
         cc:13:41:f5:29:3e:88:6d:36:66:9f:8f:c6:f4:67:25:3f:58:
         b1:b8:c8:c8:21:e1:49:e4:e7:d5:7a:4c:08:c2:48:0a:b1:cd:
         75:60:be:3f:83:bc:1e:11:b6:c7:40:f0:cf:43:01:5a:73:b7:
         96:6c:c9:9b:7d:40:74:1d:9e:45:35:1d:8d:ce:e9:62:14:ed:
         a7:fb:0d:e4:56:b2:f1:6a:04:24:c8:44:17:03:58:dc:5f:f1:
         91:a3:60:68:65:38:db:40:ca:0c:93:d1:52:69:34:45:19:0b:
         3c:2b:f8:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87it4mbEiCi3z+xBJsThQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYjBlNzE1NzE0N2E5MGNlMzc0NjBiNzE5Y2I3NjA2OTRh
YjU0MTQwHhcNMjYwMTAyMDQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTM2NjdjMjA1ZjU3ZTlhOGI2ODBmMmVlYzZjY2UyMjRlYWU3YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVoy4yOPiDXXfiopRxiVH0F9z3Pe
wFKg2jMJGXogY+TsX7MwUaNj+4bhSo/3ReGErmH2KQTkoRsvW2PRVt/siUZ2HHp8
ta8JP0hGQ6Y+n8WvElTxy6nkqc5HmaeXpSjPVpyJXebMNjHiSzblxhS6F+2X9Rwg
gxMAJFxRGIWpcD+/ERhOew2vXVT6s6oNZPLxCaj0GnvngjGYyNcH6c5eEVd5vSWW
2+7w4OoyyjhCGonzUVrdhVdCKN7hNSP80j5i/lB3L7uISOMYeevwMoJ4+Dv/FNou
491IAZt4qsA7H7JDnbnKkvb2fSx9iEEGiFKDO9jrnwaEUpJ+ECwFVwNOkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGE2Z8IF9X6ai2gPLuxsziJOrntZMB8GA1UdIwQY
MBaAFFCw5xVxR6kM43RgtxnLdgaUq1QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUxEbkZYRkhxUXpqZEdDM0djdDJCcFNyVkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mNGM5NmUtNTIxZC00NGI5LTljZWYt
MTRjOTE5YWQ4NzY4LzEvWVRabndnWDFmcHFMYUE4dTdHek9JazZ1ZTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mNGM5NmUtNTIxZC00NGI5LTljZWYtMTRjOTE5YWQ4NzY4
LzEvVUxEbkZYRkhxUXpqZEdDM0djdDJCcFNyVkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnVWMA0G
CSqGSIb3DQEBCwUAA4IBAQBgT3EI0fdfmYu3HLYr7gbXMxsBkrd4HgcrZooJytAZ
GoWk5oi4IKm8cDH9h1DA0NNyD4oWaMNby6/5UmZ0AOpLu2kN/iDf/3PoiLOonmFq
bUahUjutlxEibcodHD6i4g0inanxxjcYP+TamNOz11EfRTyee/a8rHOKsZgMNv2d
6Z8RLDnMgJv+C4AXrCovoU/ME0H1KT6IbTZmn4/G9GclP1ixuMjIIeFJ5OfVekwI
wkgKsc11YL4/g7weEbbHQPDPQwFac7eWbMmbfUB0HZ5FNR2NzuliFO2n+w3kVrLx
agQkyEQXA1jcX/GRo2BoZTjbQMoMk9FSaTRFGQs8K/hN
-----END CERTIFICATE-----