This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JYyyhky7I8A6z2rpicfWPmM7F2o.roa
File:                     JYyyhky7I8A6z2rpicfWPmM7F2o.roa (raw, json)
Hash identifier:          woFnnqruFVlLyMzEt9RWPCqV35yfbD9fri3kcpGyBzs=
Subject key identifier:   25:8C:B2:86:4C:BB:23:C0:3A:CF:6A:E9:89:C7:D6:3E:63:3B:17:6A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C138781959F176BF6A08F024577DCE4
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JYyyhky7I8A6z2rpicfWPmM7F2o.roa
Signing time:             Fri 02 Jan 2026 00:20:13 +0000
ROA not before:           Fri 02 Jan 2026 00:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205091
IP address blocks:        185.220.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:87:81:95:9f:17:6b:f6:a0:8f:02:45:77:dc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=258cb2864cbb23c03acf6ae989c7d63e633b176a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:57:2c:40:97:09:98:b3:20:ef:21:77:cc:
                    e0:df:57:61:04:e7:e0:06:0a:ec:7a:44:5d:0c:4e:
                    a9:a9:16:e5:ba:7c:f7:7f:fa:c2:58:1e:a5:7a:75:
                    08:33:94:68:ac:b0:82:60:6e:a6:9c:3a:a7:cc:a0:
                    a9:ff:54:83:62:ed:ab:c6:e0:c0:46:c8:43:8e:2e:
                    73:87:cb:17:1a:6d:48:f9:39:ae:f7:6a:e4:a5:26:
                    55:1f:3c:03:42:85:bf:4b:ba:e6:e8:2e:52:16:8a:
                    ef:b4:b1:d0:c7:18:ed:9e:58:a1:59:19:94:23:09:
                    38:2f:b9:0d:5a:5e:e6:d2:f4:9c:c2:9b:80:30:6c:
                    e6:29:48:85:df:df:2e:87:28:92:4a:88:07:eb:d3:
                    69:86:80:f6:73:25:20:17:2e:3a:a2:94:44:e0:e3:
                    24:a6:6c:ad:a8:c3:b1:7a:76:6e:08:f1:f3:04:44:
                    79:d7:fc:7d:3f:cd:2c:f2:e6:94:fb:07:75:82:4e:
                    b2:e9:ae:14:3d:42:cb:04:a4:02:e8:e6:ec:f1:fc:
                    7f:2a:11:03:32:b8:5d:df:2e:ef:b6:5e:3d:f1:7b:
                    fc:36:51:54:60:e5:74:ad:73:b0:40:ad:f7:92:ee:
                    62:4d:f0:15:be:2d:89:19:e0:88:79:db:f4:d1:c2:
                    65:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:8C:B2:86:4C:BB:23:C0:3A:CF:6A:E9:89:C7:D6:3E:63:3B:17:6A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/JYyyhky7I8A6z2rpicfWPmM7F2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:23:9f:44:a9:2b:3f:7a:47:fb:2a:91:29:ef:b1:32:0a:74:
         64:4c:06:68:5b:27:c2:ca:ff:0b:a0:d5:28:a5:3a:bf:72:e2:
         a9:15:a2:bb:53:5b:70:dc:85:57:9b:f5:b2:bc:b5:36:b8:44:
         e8:67:35:f2:f3:4b:58:ec:27:c2:61:e5:91:d4:4c:8d:57:24:
         91:6d:73:2b:d9:1b:5c:df:c6:2c:c9:1f:43:0d:81:74:ac:33:
         19:40:28:8f:f5:40:32:42:85:97:10:16:f2:56:68:0c:54:70:
         e6:45:93:9b:78:a6:e7:01:1d:d3:33:6d:52:d9:8b:fc:22:4f:
         a1:13:19:02:ff:8a:63:9d:9e:b5:a9:22:11:2b:91:a4:37:4c:
         1e:c4:de:af:ed:00:b3:da:39:ac:f8:c2:3c:5e:c5:0e:f7:21:
         ca:cb:13:2a:b7:e6:99:bd:28:28:01:30:44:e0:41:fe:5d:c9:
         dc:5a:de:3a:02:35:5a:eb:7b:5b:e5:78:01:9e:61:d8:d9:f2:
         1d:f6:9f:24:fe:8b:74:2a:e1:6e:f7:bc:56:02:12:99:3d:b4:
         13:96:7b:76:44:7f:bc:e4:46:eb:8c:8e:6e:41:00:f2:60:d1:
         9d:b0:20:09:9a:15:de:f9:97:9c:cc:5b:cc:4a:30:c1:01:43:
         93:1f:9c:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E4eBlZ8Xa/agjwJFd9zkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNThjYjI4NjRjYmIyM2MwM2FjZjZhZTk4OWM3ZDYzZTYzM2IxNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQZXLECXCZizIO8hd8zg31dhBOfg
BgrsekRdDE6pqRblunz3f/rCWB6lenUIM5RorLCCYG6mnDqnzKCp/1SDYu2rxuDA
RshDji5zh8sXGm1I+Tmu92rkpSZVHzwDQoW/S7rm6C5SForvtLHQxxjtnlihWRmU
Iwk4L7kNWl7m0vScwpuAMGzmKUiF398uhyiSSogH69NphoD2cyUgFy46opRE4OMk
pmytqMOxenZuCPHzBER51/x9P80s8uaU+wd1gk6y6a4UPULLBKQC6Obs8fx/KhED
Mrhd3y7vtl498Xv8NlFUYOV0rXOwQK33ku5iTfAVvi2JGeCIedv00cJlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWMsoZMuyPAOs9q6YnH1j5jOxdqMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSll5eWhreTdJOEE2ejJycGljZldQbU03RjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz6MA0G
CSqGSIb3DQEBCwUAA4IBAQC6I59EqSs/ekf7KpEp77EyCnRkTAZoWyfCyv8LoNUo
pTq/cuKpFaK7U1tw3IVXm/WyvLU2uEToZzXy80tY7CfCYeWR1EyNVySRbXMr2Rtc
38YsyR9DDYF0rDMZQCiP9UAyQoWXEBbyVmgMVHDmRZObeKbnAR3TM21S2Yv8Ik+h
ExkC/4pjnZ61qSIRK5GkN0wexN6v7QCz2jms+MI8XsUO9yHKyxMqt+aZvSgoATBE
4EH+XcncWt46AjVa63tb5XgBnmHY2fId9p8k/ot0KuFu97xWAhKZPbQTlnt2RH+8
5EbrjI5uQQDyYNGdsCAJmhXe+ZeczFvMSjDBAUOTH5z8
-----END CERTIFICATE-----