This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/ryiFWbpMuqXbHhTaiUR9Bmksn3I.roa
File:                     ryiFWbpMuqXbHhTaiUR9Bmksn3I.roa (raw, json)
Hash identifier:          4enRDEIE99ZnVUOrH1uVQZLMyVdi+VhTW5RGUgkPXEs=
Subject key identifier:   AF:28:85:59:BA:4C:BA:A5:DB:1E:14:DA:89:44:7D:06:69:2C:9F:72
Certificate issuer:       /CN=079d9053717a16a76c10ae838f5625055be0481f
Certificate serial:       019B783554FBB4EAA5F8A8BE1917CD1019E1
Authority key identifier: 07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/ryiFWbpMuqXbHhTaiUR9Bmksn3I.roa
Signing time:             Thu 01 Jan 2026 06:18:39 +0000
ROA not before:           Thu 01 Jan 2026 06:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        185.93.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:54:fb:b4:ea:a5:f8:a8:be:19:17:cd:10:19:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=079d9053717a16a76c10ae838f5625055be0481f
        Validity
            Not Before: Jan  1 06:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af288559ba4cbaa5db1e14da89447d06692c9f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:ca:ce:10:21:32:c7:6f:05:49:08:18:a3:
                    d1:72:ab:17:94:4a:c4:9c:28:dd:5c:bf:db:42:a1:
                    36:a1:cd:06:c4:50:e6:4e:92:0b:67:a4:c3:ca:71:
                    28:01:16:89:6f:39:8f:3f:28:85:64:c6:30:5d:e4:
                    52:b9:67:5b:6f:5e:6a:31:18:d7:e8:09:87:86:85:
                    1a:2f:56:8c:be:dd:0f:fe:65:8c:aa:00:ef:16:9e:
                    42:da:90:b4:17:96:03:ec:14:ef:44:69:e7:52:a3:
                    5a:06:66:28:6d:03:a4:0e:67:d7:10:c8:f4:ff:a1:
                    25:e5:c0:66:ec:0a:2d:ab:29:45:59:1d:59:88:78:
                    0e:92:8f:bb:5b:35:ee:bf:ac:9d:56:1b:2d:1b:61:
                    ab:84:4b:38:33:14:f4:fb:c7:96:fa:1d:55:51:9d:
                    39:2b:ea:96:89:b3:0c:5f:92:22:15:05:70:4b:1f:
                    11:9f:77:6a:a4:59:e5:c6:22:a4:12:16:6b:32:05:
                    fe:0b:0b:7b:d1:46:60:af:5a:b2:36:6f:2f:b4:be:
                    21:cd:48:ab:98:92:34:15:55:18:ea:79:d8:66:34:
                    1b:13:19:ba:f1:7d:a3:36:4d:5b:c4:6e:74:ed:fb:
                    b8:ed:ec:3e:a4:7f:6b:6f:b6:b4:7c:22:08:7b:02:
                    f5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:28:85:59:BA:4C:BA:A5:DB:1E:14:DA:89:44:7D:06:69:2C:9F:72
            X509v3 Authority Key Identifier:
                keyid:07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/ryiFWbpMuqXbHhTaiUR9Bmksn3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:a4:8e:6f:68:20:9e:19:33:ad:18:58:b3:ca:bf:72:ee:89:
         77:91:fc:a1:9f:c2:d7:7c:38:9e:38:0e:de:cb:ec:92:26:b1:
         18:dd:eb:a9:62:3a:4d:62:4a:f7:3c:91:b0:d6:97:4b:6e:42:
         3d:4f:aa:c5:e7:91:0e:58:04:af:b2:a0:c5:79:04:0d:f6:7c:
         0d:74:17:09:96:34:a5:02:ad:cd:9a:55:d1:f6:cc:94:97:78:
         13:d1:71:90:15:16:39:5b:45:c7:c5:ec:a8:14:92:87:a4:b5:
         70:86:fe:29:f6:21:13:d6:cb:fa:91:a2:75:ef:81:75:d9:5c:
         41:19:1f:7f:69:40:84:70:57:d3:18:6f:9c:f3:f6:72:34:a4:
         38:87:96:e3:2a:a2:28:77:36:c3:83:74:5a:92:94:4a:34:d7:
         e5:18:11:95:f3:94:7a:4d:74:f7:82:e1:e4:17:5c:e4:2a:1e:
         75:43:83:f5:d1:63:e9:3b:07:09:d1:24:a5:69:04:35:0f:99:
         50:09:27:6b:9e:9e:fe:91:06:49:68:72:37:0f:c5:f2:2c:fd:
         af:66:bc:00:3f:55:04:99:59:77:84:40:af:30:6e:49:96:c9:
         5f:a0:70:29:e6:6b:f2:ef:da:0a:50:1a:af:23:b0:31:5a:d2:
         47:4a:f0:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NVT7tOql+Ki+GRfNEBnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OWQ5MDUzNzE3YTE2YTc2YzEwYWU4MzhmNTYyNTA1NWJl
MDQ4MWYwHhcNMjYwMTAxMDYxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjI4ODU1OWJhNGNiYWE1ZGIxZTE0ZGE4OTQ0N2QwNjY5MmM5ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY3KzhAhMsdvBUkIGKPRcqsXlErE
nCjdXL/bQqE2oc0GxFDmTpILZ6TDynEoARaJbzmPPyiFZMYwXeRSuWdbb15qMRjX
6AmHhoUaL1aMvt0P/mWMqgDvFp5C2pC0F5YD7BTvRGnnUqNaBmYobQOkDmfXEMj0
/6El5cBm7AotqylFWR1ZiHgOko+7WzXuv6ydVhstG2GrhEs4MxT0+8eW+h1VUZ05
K+qWibMMX5IiFQVwSx8Rn3dqpFnlxiKkEhZrMgX+Cwt70UZgr1qyNm8vtL4hzUir
mJI0FVUY6nnYZjQbExm68X2jNk1bxG507fu47ew+pH9rb7a0fCIIewL10wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8ohVm6TLql2x4U2olEfQZpLJ9yMB8GA1UdIwQY
MBaAFAedkFNxehanbBCug49WJQVb4EgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAt
MjdkMDNlMzkzZmI3LzEvcnlpRldicE11cVhiSGhUYWlVUjlCbWtzbjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAtMjdkMDNlMzkzZmI3
LzEvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV35MA0G
CSqGSIb3DQEBCwUAA4IBAQBdpI5vaCCeGTOtGFizyr9y7ol3kfyhn8LXfDieOA7e
y+ySJrEY3eupYjpNYkr3PJGw1pdLbkI9T6rF55EOWASvsqDFeQQN9nwNdBcJljSl
Aq3NmlXR9syUl3gT0XGQFRY5W0XHxeyoFJKHpLVwhv4p9iET1sv6kaJ174F12VxB
GR9/aUCEcFfTGG+c8/ZyNKQ4h5bjKqIodzbDg3RakpRKNNflGBGV85R6TXT3guHk
F1zkKh51Q4P10WPpOwcJ0SSlaQQ1D5lQCSdrnp7+kQZJaHI3D8XyLP2vZrwAP1UE
mVl3hECvMG5JlslfoHAp5mvy79oKUBqvI7AxWtJHSvDI
-----END CERTIFICATE-----