This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/y6XyUstS_SjZUuRcmwKI2O2hK4g.roa
File:                     y6XyUstS_SjZUuRcmwKI2O2hK4g.roa (raw, json)
Hash identifier:          6KaNgtch9hdulImqbKsvBI0tlfN0LaRnEF0phbzSwYg=
Subject key identifier:   CB:A5:F2:52:CB:52:FD:28:D9:52:E4:5C:9B:02:88:D8:ED:A1:2B:88
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       019B77C6F8D4C4B9390B92959A3592E2EAA6
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/y6XyUstS_SjZUuRcmwKI2O2hK4g.roa
Signing time:             Thu 01 Jan 2026 04:18:07 +0000
ROA not before:           Thu 01 Jan 2026 04:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205905
IP address blocks:        95.164.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f8:d4:c4:b9:39:0b:92:95:9a:35:92:e2:ea:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jan  1 04:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cba5f252cb52fd28d952e45c9b0288d8eda12b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:53:67:a0:e5:8a:32:91:22:50:7e:77:7e:87:
                    13:06:dc:72:ab:5e:d5:87:0a:16:ee:cf:56:c6:d3:
                    3b:04:2d:67:39:a9:ab:32:7b:b7:de:07:0f:98:cf:
                    cf:0a:47:58:6d:e8:e9:0e:42:fd:b4:35:1f:c6:2c:
                    ee:7a:2e:33:17:84:77:31:ff:2c:4d:e3:26:1b:d4:
                    f6:15:17:89:48:fe:e7:6d:bb:b5:a3:78:ac:8f:8a:
                    e5:dd:14:06:40:0e:02:d7:b3:f0:9a:b6:90:9c:c2:
                    81:32:7c:c8:50:96:5b:6c:bc:58:23:9c:bc:95:72:
                    53:2a:a5:9d:c0:bd:b1:ad:9e:70:6f:d1:52:b1:b7:
                    81:f3:94:9a:6b:6a:c6:b4:23:db:b2:66:e2:ef:fc:
                    16:fb:8b:67:92:a5:ba:f1:a4:20:60:57:15:6c:13:
                    c0:0b:01:48:5f:cb:97:6d:b8:02:16:15:94:29:ce:
                    ee:ff:d3:32:5c:fe:80:de:eb:8b:c7:09:cc:d7:ee:
                    12:e4:7b:e0:b9:67:58:1e:8d:d3:0c:1a:d1:5a:37:
                    da:fd:1d:77:48:ea:1e:28:25:83:74:0d:dc:ea:ee:
                    70:e6:bb:e0:cc:e4:ae:28:19:b4:30:39:49:49:9d:
                    2f:48:11:3d:4c:59:da:fb:79:80:b9:db:88:b1:27:
                    f9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A5:F2:52:CB:52:FD:28:D9:52:E4:5C:9B:02:88:D8:ED:A1:2B:88
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/y6XyUstS_SjZUuRcmwKI2O2hK4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:4a:cf:6d:ce:f3:3d:9c:69:8e:75:44:50:3b:0f:02:49:71:
         3a:4c:68:a6:cb:21:dd:b8:c0:ea:45:cf:c6:a3:51:cc:f6:41:
         74:e4:58:d8:2d:4e:84:c9:ca:53:af:86:8e:20:01:5c:4b:76:
         13:21:52:c1:fc:0a:18:4e:d0:97:c8:99:c8:28:c7:31:3e:12:
         18:b8:51:cf:40:94:e7:d5:e6:f1:fd:57:56:b5:cc:24:24:5f:
         4d:04:a2:b9:4a:28:62:47:75:16:24:77:09:f8:9e:d0:e0:b6:
         33:0f:3c:11:80:f9:bf:9c:06:20:56:90:f0:36:fc:3a:71:7a:
         57:a8:b2:6b:09:25:4d:51:dd:d8:61:05:6f:f8:b4:c8:cc:c3:
         23:f6:c1:e1:6e:bf:7f:0a:be:cd:ba:ef:ee:ca:4d:74:27:9c:
         83:36:d3:35:b1:e5:a9:4e:44:8b:57:3a:51:96:47:b4:ae:40:
         a2:5e:ef:13:49:89:6f:c3:89:9a:df:49:20:14:9e:18:c2:ec:
         41:4d:f6:93:93:aa:ef:25:61:af:39:fb:28:b8:49:75:50:4a:
         18:e0:27:81:c0:81:46:7c:50:d7:28:f7:5e:ff:01:0c:86:3e:
         07:b4:62:fc:0a:9d:94:1f:78:f4:38:86:fa:86:65:18:3a:38:
         e5:7e:4f:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvjUxLk5C5KVmjWS4uqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMTAxMDQxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE1ZjI1MmNiNTJmZDI4ZDk1MmU0NWM5YjAyODhkOGVkYTEyYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVNnoOWKMpEiUH53focTBtxyq17V
hwoW7s9WxtM7BC1nOamrMnu33gcPmM/PCkdYbejpDkL9tDUfxizuei4zF4R3Mf8s
TeMmG9T2FReJSP7nbbu1o3isj4rl3RQGQA4C17PwmraQnMKBMnzIUJZbbLxYI5y8
lXJTKqWdwL2xrZ5wb9FSsbeB85Saa2rGtCPbsmbi7/wW+4tnkqW68aQgYFcVbBPA
CwFIX8uXbbgCFhWUKc7u/9MyXP6A3uuLxwnM1+4S5HvguWdYHo3TDBrRWjfa/R13
SOoeKCWDdA3c6u5w5rvgzOSuKBm0MDlJSZ0vSBE9TFna+3mAuduIsSf5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMul8lLLUv0o2VLkXJsCiNjtoSuIMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEveTZYeVVzdFNfU2paVXVSY213S0kyTzJoSzRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6QUMA0G
CSqGSIb3DQEBCwUAA4IBAQCfSs9tzvM9nGmOdURQOw8CSXE6TGimyyHduMDqRc/G
o1HM9kF05FjYLU6EycpTr4aOIAFcS3YTIVLB/AoYTtCXyJnIKMcxPhIYuFHPQJTn
1ebx/VdWtcwkJF9NBKK5SihiR3UWJHcJ+J7Q4LYzDzwRgPm/nAYgVpDwNvw6cXpX
qLJrCSVNUd3YYQVv+LTIzMMj9sHhbr9/Cr7Nuu/uyk10J5yDNtM1seWpTkSLVzpR
lke0rkCiXu8TSYlvw4ma30kgFJ4YwuxBTfaTk6rvJWGvOfsouEl1UEoY4CeBwIFG
fFDXKPde/wEMhj4HtGL8Cp2UH3j0OIb6hmUYOjjlfk9r
-----END CERTIFICATE-----