This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YdYpOBQqLwBHtT0JwTyCH_9SVHA.roa
File:                     YdYpOBQqLwBHtT0JwTyCH_9SVHA.roa (raw, json)
Hash identifier:          qPLjsC8Ucc0/6JpKYTjlC/Q1XumFZEGyoaX4oV/VOWY=
Subject key identifier:   61:D6:29:38:14:2A:2F:00:47:B5:3D:09:C1:3C:82:1F:FF:52:54:70
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019B7C8089E36C7973C5FA8416BD5AA9F02C
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YdYpOBQqLwBHtT0JwTyCH_9SVHA.roa
Signing time:             Fri 02 Jan 2026 02:19:17 +0000
ROA not before:           Fri 02 Jan 2026 02:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213220
IP address blocks:        194.31.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:89:e3:6c:79:73:c5:fa:84:16:bd:5a:a9:f0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  2 02:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61d62938142a2f0047b53d09c13c821fff525470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:91:f8:a5:ab:61:4c:56:a5:3a:87:5b:be:e1:
                    ca:00:71:50:e6:04:31:43:d0:c2:64:c4:a3:45:5a:
                    52:64:8e:21:02:52:2b:3a:b7:7e:c5:56:87:fa:b0:
                    20:3f:3f:5e:52:57:2c:42:6a:c8:22:c6:fb:99:32:
                    e9:3c:f5:45:ac:c2:d4:b8:d8:8d:52:64:b1:33:89:
                    5c:9a:a2:5e:8a:04:6a:1f:e9:23:ec:6f:b1:c3:e4:
                    c7:1d:67:f0:02:a5:38:f1:00:fc:b2:13:ae:4c:14:
                    2d:90:ce:2a:6e:97:f0:6e:df:32:1b:b3:48:21:f3:
                    56:97:6b:a1:29:e7:b4:d5:de:fc:7d:1a:7c:80:d0:
                    d1:f1:2d:0a:45:af:dc:cc:d7:a0:77:1a:7a:34:6a:
                    19:2c:eb:50:67:8f:05:1f:d2:38:e8:b9:f0:62:d0:
                    68:44:23:27:f5:29:2e:c3:a7:6d:9a:15:82:53:1a:
                    72:98:0a:08:f6:20:f0:0c:db:ac:fb:e2:83:85:39:
                    c6:fd:91:a6:28:95:d0:0a:c7:16:6c:8b:c2:54:a4:
                    ea:e2:23:79:4c:a0:85:e4:a0:17:49:d0:df:fa:75:
                    c3:48:52:cd:f5:dd:27:70:9f:83:28:2d:e3:12:71:
                    74:14:94:f9:df:d9:3b:dd:1c:6c:32:8f:0d:51:7b:
                    fa:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D6:29:38:14:2A:2F:00:47:B5:3D:09:C1:3C:82:1F:FF:52:54:70
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/YdYpOBQqLwBHtT0JwTyCH_9SVHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:7e:cf:22:b4:b8:34:e8:e6:14:91:04:f7:81:c9:86:d8:68:
         76:8d:9b:83:4c:7f:cb:5d:9a:2d:8f:61:11:28:08:b1:dc:46:
         b1:8d:33:da:c3:94:ed:3c:df:5c:2b:4c:e5:2d:f4:02:87:61:
         b4:41:e6:1b:29:2b:ad:6d:50:d0:85:04:95:13:ac:f9:e9:47:
         bc:bf:d3:40:e3:47:fe:16:4e:d4:c8:ea:f2:6a:d3:ae:3e:31:
         c3:01:c5:66:de:c6:c4:db:0d:07:83:69:99:10:a9:b0:b8:2c:
         45:25:ee:15:94:4c:f8:29:8d:7e:fb:79:b1:d8:6d:cf:e3:ee:
         0d:db:de:2a:10:ec:e9:4c:ac:03:a4:e3:12:1e:8d:22:12:7c:
         1e:37:b3:95:04:5c:50:a3:3b:7d:b6:cf:6c:46:24:57:57:73:
         0a:bb:b5:fc:f6:ca:7f:c9:04:0d:c9:5c:80:58:5a:f0:09:14:
         8b:8e:c9:26:cb:55:20:94:07:1d:8d:62:dd:fc:be:1a:bc:09:
         f7:5a:b2:a4:d3:4d:25:1e:c4:60:6e:bf:54:67:6a:9b:8b:66:
         f5:25:16:84:13:aa:a7:d0:66:99:43:78:9e:f1:5d:bb:a9:a5:
         82:1f:79:5a:ed:dc:85:44:ac:86:63:5a:ce:fd:ad:ca:87:4b:
         39:c9:f2:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gInjbHlzxfqEFr1aqfAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMTAyMDIxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWQ2MjkzODE0MmEyZjAwNDdiNTNkMDljMTNjODIxZmZmNTI1NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pH4pathTFalOodbvuHKAHFQ5gQx
Q9DCZMSjRVpSZI4hAlIrOrd+xVaH+rAgPz9eUlcsQmrIIsb7mTLpPPVFrMLUuNiN
UmSxM4lcmqJeigRqH+kj7G+xw+THHWfwAqU48QD8shOuTBQtkM4qbpfwbt8yG7NI
IfNWl2uhKee01d78fRp8gNDR8S0KRa/czNegdxp6NGoZLOtQZ48FH9I46LnwYtBo
RCMn9Skuw6dtmhWCUxpymAoI9iDwDNus++KDhTnG/ZGmKJXQCscWbIvCVKTq4iN5
TKCF5KAXSdDf+nXDSFLN9d0ncJ+DKC3jEnF0FJT539k73RxsMo8NUXv6CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHWKTgUKi8AR7U9CcE8gh//UlRwMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvWWRZcE9CUXFMd0JIdFQwSndUeUNIXzlTVkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9IMA0G
CSqGSIb3DQEBCwUAA4IBAQAofs8itLg06OYUkQT3gcmG2Gh2jZuDTH/LXZotj2ER
KAix3EaxjTPaw5TtPN9cK0zlLfQCh2G0QeYbKSutbVDQhQSVE6z56Ue8v9NA40f+
Fk7UyOryatOuPjHDAcVm3sbE2w0Hg2mZEKmwuCxFJe4VlEz4KY1++3mx2G3P4+4N
294qEOzpTKwDpOMSHo0iEnweN7OVBFxQozt9ts9sRiRXV3MKu7X89sp/yQQNyVyA
WFrwCRSLjskmy1UglAcdjWLd/L4avAn3WrKk000lHsRgbr9UZ2qbi2b1JRaEE6qn
0GaZQ3ie8V27qaWCH3la7dyFRKyGY1rO/a3Kh0s5yfKU
-----END CERTIFICATE-----