This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/YKYYd-HmDONZzhNy7AZPruAczLQ.roa
File:                     YKYYd-HmDONZzhNy7AZPruAczLQ.roa (raw, json)
Hash identifier:          vW22etpUmfQZNAgNwW3NzuTrwiYhU9D/ujqkIZK/8ZM=
Subject key identifier:   60:A6:18:77:E1:E6:0C:E3:59:CE:13:72:EC:06:4F:AE:E0:1C:CC:B4
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019B7E389D7507B6C696945A0AA1123254B0
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/YKYYd-HmDONZzhNy7AZPruAczLQ.roa
Signing time:             Fri 02 Jan 2026 10:19:58 +0000
ROA not before:           Fri 02 Jan 2026 10:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41397
IP address blocks:        213.220.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:9d:75:07:b6:c6:96:94:5a:0a:a1:12:32:54:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan  2 10:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60a61877e1e60ce359ce1372ec064faee01cccb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f9:61:ab:ad:b6:69:97:c2:ce:da:50:58:99:
                    f1:d2:6a:92:3e:82:fa:5d:33:0d:22:c2:f5:fe:07:
                    48:56:c3:7a:49:ca:f9:ca:d3:bb:ad:3f:dc:8e:29:
                    41:6e:c8:3e:7b:00:56:84:aa:ad:f6:35:7b:58:9b:
                    e0:03:d3:ce:57:9e:33:10:ac:b9:a3:1f:40:aa:a9:
                    41:61:a5:9e:7c:81:0a:f3:c4:f3:83:da:82:c1:b5:
                    f2:7e:a5:2d:2d:d7:bd:5e:0d:ec:0a:c5:3a:be:b0:
                    b1:76:5b:65:72:5b:c8:6e:6b:46:c9:57:d4:0d:75:
                    11:20:14:64:6b:a4:ec:ed:b9:be:b4:69:0c:7f:88:
                    ff:84:75:d6:98:76:91:27:0b:18:6b:71:a0:9f:af:
                    2b:49:58:28:4a:bb:6d:49:0c:d4:22:71:24:34:ad:
                    b9:d5:eb:4e:88:43:c2:2e:a1:7a:f9:9b:d7:ae:50:
                    70:c9:9d:e0:bf:af:fb:29:df:ad:a3:e0:64:7a:58:
                    45:82:51:37:b8:9c:6c:14:bc:49:04:c2:39:5a:23:
                    e6:ed:72:ba:7c:6a:5d:aa:37:e8:ff:d1:17:30:e1:
                    22:45:b3:96:46:52:18:4f:f6:59:5f:3c:fb:81:01:
                    af:94:a4:29:3e:74:47:d7:d8:d9:fe:45:35:a2:dc:
                    16:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A6:18:77:E1:E6:0C:E3:59:CE:13:72:EC:06:4F:AE:E0:1C:CC:B4
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/YKYYd-HmDONZzhNy7AZPruAczLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:b6:f5:ab:eb:3c:43:cb:4d:aa:d4:df:a2:eb:ae:14:43:d7:
         23:9a:bd:54:c1:68:b7:d0:13:cb:dd:56:1b:b0:25:65:fe:db:
         9f:b7:72:4d:5d:17:8c:42:19:8c:32:ab:5b:c5:84:8e:1e:ad:
         28:b8:e5:ad:d4:32:1c:46:94:5d:e9:ce:30:55:e3:41:aa:eb:
         40:53:99:25:01:45:01:41:71:ef:fa:5d:50:85:b7:b7:72:8d:
         d3:2a:94:b0:91:07:3e:89:ca:4f:cc:8a:59:d0:8b:fa:b7:f2:
         01:a5:54:cb:0f:ed:92:e8:a7:17:be:f7:9a:6f:0d:a2:c9:15:
         13:67:7b:99:c4:84:c2:5f:81:9f:ca:d8:9c:99:c1:57:e9:9b:
         71:ce:9d:2b:eb:5a:57:2b:b6:67:c3:15:88:71:62:0e:79:0d:
         9c:b2:c9:a7:86:ce:d8:8d:62:15:c3:11:e3:c9:ae:58:ce:10:
         78:c0:5f:7b:fe:05:10:54:5a:de:14:bf:b0:bd:47:58:a1:14:
         8f:f2:18:4f:3e:08:15:88:40:94:31:82:c3:9b:80:4c:bf:52:
         68:09:97:99:bd:77:44:13:37:22:f0:c1:21:33:7d:63:2f:ef:
         de:96:d6:67:8f:82:c4:d8:7b:98:cf:49:da:be:99:a5:cf:0e:
         9d:7c:7d:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJ11B7bGlpRaCqESMlSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMTAyMTAxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE2MTg3N2UxZTYwY2UzNTljZTEzNzJlYzA2NGZhZWUwMWNjY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvlhq622aZfCztpQWJnx0mqSPoL6
XTMNIsL1/gdIVsN6Scr5ytO7rT/cjilBbsg+ewBWhKqt9jV7WJvgA9POV54zEKy5
ox9AqqlBYaWefIEK88Tzg9qCwbXyfqUtLde9Xg3sCsU6vrCxdltlclvIbmtGyVfU
DXURIBRka6Ts7bm+tGkMf4j/hHXWmHaRJwsYa3Ggn68rSVgoSrttSQzUInEkNK25
1etOiEPCLqF6+ZvXrlBwyZ3gv6/7Kd+to+BkelhFglE3uJxsFLxJBMI5WiPm7XK6
fGpdqjfo/9EXMOEiRbOWRlIYT/ZZXzz7gQGvlKQpPnRH19jZ/kU1otwWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCmGHfh5gzjWc4TcuwGT67gHMy0MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvWUtZWWQtSG1ET05aemhOeTdBWlBydUFjekxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1dwYMA0G
CSqGSIb3DQEBCwUAA4IBAQAltvWr6zxDy02q1N+i664UQ9cjmr1UwWi30BPL3VYb
sCVl/tuft3JNXReMQhmMMqtbxYSOHq0ouOWt1DIcRpRd6c4wVeNBqutAU5klAUUB
QXHv+l1Qhbe3co3TKpSwkQc+icpPzIpZ0Iv6t/IBpVTLD+2S6KcXvveabw2iyRUT
Z3uZxITCX4GfyticmcFX6Ztxzp0r61pXK7ZnwxWIcWIOeQ2cssmnhs7YjWIVwxHj
ya5YzhB4wF97/gUQVFreFL+wvUdYoRSP8hhPPggViECUMYLDm4BMv1JoCZeZvXdE
Ezci8MEhM31jL+/eltZnj4LE2HuYz0navpmlzw6dfH1D
-----END CERTIFICATE-----