This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/Yo0ULWlGFniFl0kRIQzZJN8mg9o.roa
File:                     Yo0ULWlGFniFl0kRIQzZJN8mg9o.roa (raw, json)
Hash identifier:          j8hGB111jdt0RcgrUrjkuMAFRhv/pdlUdsj0AvFMkmM=
Subject key identifier:   62:8D:14:2D:69:46:16:78:85:97:49:11:21:0C:D9:24:DF:26:83:DA
Certificate issuer:       /CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
Certificate serial:       019B7F1527D8D65BD5751325B5F84D03B938
Authority key identifier: CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/Yo0ULWlGFniFl0kRIQzZJN8mg9o.roa
Signing time:             Fri 02 Jan 2026 14:20:51 +0000
ROA not before:           Fri 02 Jan 2026 14:20:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15924
IP address blocks:        185.114.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:27:d8:d6:5b:d5:75:13:25:b5:f8:4d:03:b9:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5e3ec5a90623ccb97784d3cef24212a31cbaf1
        Validity
            Not Before: Jan  2 14:20:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=628d142d6946167885974911210cd924df2683da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:64:df:a3:ab:f8:ae:a9:19:eb:c2:67:5b:
                    e1:2c:27:50:74:16:2d:0f:3e:62:af:df:d2:22:41:
                    94:d9:66:32:38:ac:2c:9d:fb:cc:f0:96:0d:c8:ad:
                    5c:6b:92:12:c3:94:d4:ac:ba:40:be:bf:a3:c6:8f:
                    b0:12:17:b0:78:00:ce:03:eb:6c:84:0c:b5:f1:c3:
                    a3:a4:2d:bf:25:5a:09:18:eb:04:4d:24:73:84:63:
                    a3:75:da:1d:9c:3f:b1:b4:dd:a8:e9:df:70:32:ca:
                    81:1e:ce:7f:34:ea:fe:c7:d0:f4:0e:13:08:b4:99:
                    89:e8:1a:cd:d4:36:75:c4:6d:56:46:ba:cf:d1:1f:
                    47:b2:65:23:a5:32:d0:d9:3a:55:0e:fe:0e:a4:4b:
                    6c:d3:a2:0b:5a:7e:b2:14:df:a4:16:aa:34:ba:04:
                    9f:14:df:bf:c2:8d:dd:78:83:87:57:5d:4d:b4:ae:
                    3e:77:d7:18:25:31:08:91:6f:e9:54:39:16:bb:0e:
                    ec:29:a8:0e:c4:db:b0:23:06:78:3f:39:52:87:64:
                    1a:08:7f:ff:8e:87:96:6f:86:10:27:df:bf:c6:e0:
                    e6:0d:0c:df:42:27:7d:06:24:ef:bb:4f:e3:a4:d0:
                    0b:13:b3:50:69:9a:1a:6c:2a:f3:3f:66:4b:df:62:
                    a7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:8D:14:2D:69:46:16:78:85:97:49:11:21:0C:D9:24:DF:26:83:DA
            X509v3 Authority Key Identifier:
                keyid:CA:5E:3E:C5:A9:06:23:CC:B9:77:84:D3:CE:F2:42:12:A3:1C:BA:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yl4-xakGI8y5d4TTzvJCEqMcuvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/Yo0ULWlGFniFl0kRIQzZJN8mg9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/0f92bd-35d0-4570-b5d3-6f31f6f7f16b/1/yl4-xakGI8y5d4TTzvJCEqMcuvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:3f:5d:0c:f9:b4:ec:f6:f3:d2:5d:ae:aa:9f:82:7e:be:0e:
         d6:25:a5:21:75:78:ca:e3:b7:27:f9:09:21:78:cb:61:b8:b5:
         ea:62:ad:d7:95:db:6b:8b:16:24:40:87:c3:73:b9:40:58:a6:
         46:06:81:d1:bd:e8:f2:de:04:41:ac:61:c3:54:3d:12:3e:0f:
         2b:ba:5e:73:9c:eb:8b:3f:f4:82:b3:17:99:dc:cf:45:07:da:
         6d:77:e8:bb:a1:74:38:4e:8f:6d:52:8f:91:30:20:7d:a6:0a:
         5e:1d:88:5b:e2:78:e4:8a:24:b2:3e:39:2a:3a:b5:a4:eb:7c:
         dd:2b:c0:d5:f9:65:b1:bb:d4:41:bc:31:ad:ee:16:22:bd:68:
         f8:83:b0:4b:49:d2:d2:df:e8:46:34:2c:f5:08:f2:2e:bf:04:
         9c:2d:ee:d6:34:d1:53:e0:87:92:24:55:bf:35:fb:ba:91:29:
         ce:4d:cf:56:0a:94:95:5f:09:82:78:8c:91:26:4b:69:73:e0:
         6d:b5:37:19:6d:35:97:16:16:2f:a0:da:cd:43:bf:21:55:87:
         03:d0:f4:88:6e:26:71:81:cc:b1:0a:5f:5b:80:5c:56:b9:65:
         c9:00:7d:66:77:a0:14:3f:fb:0a:49:d4:58:0f:9c:62:8c:3e:
         de:14:95:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FSfY1lvVdRMltfhNA7k4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNWUzZWM1YTkwNjIzY2NiOTc3ODRkM2NlZjI0MjEyYTMx
Y2JhZjEwHhcNMjYwMTAyMTQyMDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjhkMTQyZDY5NDYxNjc4ODU5NzQ5MTEyMTBjZDkyNGRmMjY4M2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOVk36Or+K6pGevCZ1vhLCdQdBYt
Dz5ir9/SIkGU2WYyOKwsnfvM8JYNyK1ca5ISw5TUrLpAvr+jxo+wEheweADOA+ts
hAy18cOjpC2/JVoJGOsETSRzhGOjddodnD+xtN2o6d9wMsqBHs5/NOr+x9D0DhMI
tJmJ6BrN1DZ1xG1WRrrP0R9HsmUjpTLQ2TpVDv4OpEts06ILWn6yFN+kFqo0ugSf
FN+/wo3deIOHV11NtK4+d9cYJTEIkW/pVDkWuw7sKagOxNuwIwZ4PzlSh2QaCH//
joeWb4YQJ9+/xuDmDQzfQid9BiTvu0/jpNALE7NQaZoabCrzP2ZL32KnfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKNFC1pRhZ4hZdJESEM2STfJoPaMB8GA1UdIwQY
MBaAFMpePsWpBiPMuXeE087yQhKjHLrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMt
NmYzMWY2ZjdmMTZiLzEvWW8wVUxXbEdGbmlGbDBrUklRelpKTjhtZzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8wZjkyYmQtMzVkMC00NTcwLWI1ZDMtNmYzMWY2ZjdmMTZi
LzEveWw0LXhha0dJOHk1ZDRUVHp2SkNFcU1jdXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXLYMA0G
CSqGSIb3DQEBCwUAA4IBAQA8P10M+bTs9vPSXa6qn4J+vg7WJaUhdXjK47cn+Qkh
eMthuLXqYq3XldtrixYkQIfDc7lAWKZGBoHRvejy3gRBrGHDVD0SPg8rul5znOuL
P/SCsxeZ3M9FB9ptd+i7oXQ4To9tUo+RMCB9pgpeHYhb4njkiiSyPjkqOrWk63zd
K8DV+WWxu9RBvDGt7hYivWj4g7BLSdLS3+hGNCz1CPIuvwScLe7WNNFT4IeSJFW/
Nfu6kSnOTc9WCpSVXwmCeIyRJktpc+BttTcZbTWXFhYvoNrNQ78hVYcD0PSIbiZx
gcyxCl9bgFxWuWXJAH1md6AUP/sKSdRYD5xijD7eFJVr
-----END CERTIFICATE-----