This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/YuNHL3MqPtQ65KdhByule-7rY3k.roa
File:                     YuNHL3MqPtQ65KdhByule-7rY3k.roa (raw, json)
Hash identifier:          K6EYndGp2dSRo54l3DqwEf+r694uIZecjw+hjG0dzt8=
Subject key identifier:   62:E3:47:2F:73:2A:3E:D4:3A:E4:A7:61:07:2B:A5:7B:EE:EB:63:79
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       019B7CED7F22F669A85A9BDEBEDDDB91C067
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/YuNHL3MqPtQ65KdhByule-7rY3k.roa
Signing time:             Fri 02 Jan 2026 04:18:17 +0000
ROA not before:           Fri 02 Jan 2026 04:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35621
IP address blocks:        151.237.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:7f:22:f6:69:a8:5a:9b:de:be:dd:db:91:c0:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 04:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62e3472f732a3ed43ae4a761072ba57beeeb6379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ff:c7:f7:4b:3f:90:4a:7c:ae:87:bc:5c:35:
                    76:a5:24:a2:38:f7:88:d7:e1:a9:d7:d7:e9:51:1a:
                    99:a1:2f:09:81:bb:b5:f8:38:8e:4d:e8:41:2a:ab:
                    fd:19:5b:2f:47:f4:2f:f5:d5:9a:25:07:3e:09:59:
                    56:a8:ac:e0:5b:de:ca:9d:6b:0c:89:46:23:0e:bb:
                    f7:23:f3:f2:06:c8:e2:58:c2:bb:02:98:23:ea:bf:
                    02:a5:73:9a:a7:ca:f7:b1:04:de:41:69:23:84:ea:
                    69:c0:94:02:7b:87:87:07:5c:2c:a2:47:1f:b1:0f:
                    ba:0f:34:ab:f9:a2:02:f6:be:82:2b:33:01:9a:65:
                    45:1b:b3:dd:81:c6:90:8c:e7:ae:9a:d1:7f:c9:1a:
                    fb:f9:cb:73:3f:08:d8:1b:40:a1:ab:d9:5e:51:3f:
                    02:a0:2a:8e:d4:c8:46:16:ae:01:cb:25:3d:87:0a:
                    71:1e:eb:3d:e3:5e:ee:8c:f1:b8:d9:f5:c6:c3:5c:
                    16:ff:7a:7d:75:1a:eb:df:2e:b8:c8:31:15:13:e2:
                    ec:dc:e4:fe:a1:80:af:3b:0f:69:43:1c:f2:d3:f6:
                    a5:ed:17:87:49:be:ec:f6:59:3b:26:24:d1:30:a0:
                    d2:1a:5d:df:ba:e2:9c:3b:79:27:c0:21:2b:2e:91:
                    72:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E3:47:2F:73:2A:3E:D4:3A:E4:A7:61:07:2B:A5:7B:EE:EB:63:79
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/YuNHL3MqPtQ65KdhByule-7rY3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e6:93:9c:85:fa:b5:75:c4:40:22:dd:b4:fb:cd:c5:5a:46:
         6d:41:cb:47:08:f4:7c:81:4f:ea:04:8b:5f:1b:6d:86:eb:c6:
         ff:1d:dd:06:74:57:e0:ac:cd:0c:a5:88:83:c3:fa:b5:eb:64:
         6b:37:05:6b:33:27:c1:d7:55:41:83:3e:2b:db:64:53:77:ac:
         6e:e0:a4:25:4e:28:59:3d:60:a4:4b:33:0e:1b:d5:c8:13:d0:
         68:e6:f2:3e:08:7f:dc:57:88:bd:96:c0:ca:42:58:0f:9c:ba:
         a6:d6:df:21:be:16:2c:7f:e7:38:1a:43:12:b4:28:6a:78:29:
         09:0a:e6:e8:57:55:fa:7f:b3:b7:03:99:2f:69:7a:82:5f:92:
         52:f6:c1:08:42:b1:e4:23:d0:c1:99:99:34:aa:5d:1f:00:18:
         a8:a5:b8:a7:29:b5:ed:5b:ef:75:f8:95:7a:b1:35:67:62:ae:
         03:c7:34:17:0f:a7:62:94:95:40:dc:b2:a3:09:3d:76:4e:8f:
         57:7b:c8:a6:5c:27:5a:5d:72:d6:15:27:96:5c:c9:5d:ac:c5:
         43:a8:cf:d5:31:da:f5:0f:c4:65:43:57:de:00:e2:c1:1e:31:
         91:7d:7d:4a:fc:c4:71:4a:4a:cf:5c:ba:23:55:07:af:cb:19:
         cd:91:00:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87X8i9mmoWpvevt3bkcBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjYwMTAyMDQxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmUzNDcyZjczMmEzZWQ0M2FlNGE3NjEwNzJiYTU3YmVlZWI2Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP/H90s/kEp8roe8XDV2pSSiOPeI
1+Gp19fpURqZoS8Jgbu1+DiOTehBKqv9GVsvR/Qv9dWaJQc+CVlWqKzgW97KnWsM
iUYjDrv3I/PyBsjiWMK7Apgj6r8CpXOap8r3sQTeQWkjhOppwJQCe4eHB1wsokcf
sQ+6DzSr+aIC9r6CKzMBmmVFG7PdgcaQjOeumtF/yRr7+ctzPwjYG0Chq9leUT8C
oCqO1MhGFq4ByyU9hwpxHus9417ujPG42fXGw1wW/3p9dRrr3y64yDEVE+Ls3OT+
oYCvOw9pQxzy0/al7ReHSb7s9lk7JiTRMKDSGl3fuuKcO3knwCErLpFyWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLjRy9zKj7UOuSnYQcrpXvu62N5MB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvWXVOSEwzTXFQdFE2NUtkaEJ5dWxlLTdyWTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+2OMA0G
CSqGSIb3DQEBCwUAA4IBAQBS5pOchfq1dcRAIt20+83FWkZtQctHCPR8gU/qBItf
G22G68b/Hd0GdFfgrM0MpYiDw/q162RrNwVrMyfB11VBgz4r22RTd6xu4KQlTihZ
PWCkSzMOG9XIE9Bo5vI+CH/cV4i9lsDKQlgPnLqm1t8hvhYsf+c4GkMStChqeCkJ
CuboV1X6f7O3A5kvaXqCX5JS9sEIQrHkI9DBmZk0ql0fABiopbinKbXtW+91+JV6
sTVnYq4DxzQXD6dilJVA3LKjCT12To9Xe8imXCdaXXLWFSeWXMldrMVDqM/VMdr1
D8RlQ1feAOLBHjGRfX1K/MRxSkrPXLojVQevyxnNkQB7
-----END CERTIFICATE-----