This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jypXh21hN7YdEpy4dXX0h1grdhA.roa
File:                     jypXh21hN7YdEpy4dXX0h1grdhA.roa (raw, json)
Hash identifier:          2PCWogNS3NDeaLLtCqO6S4RyV1g0zZ01LBa4NOA2iZI=
Subject key identifier:   8F:2A:57:87:6D:61:37:B6:1D:12:9C:B8:75:75:F4:87:58:2B:76:10
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019B7D5CCE518B4B8022956238EED3E86B8F
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jypXh21hN7YdEpy4dXX0h1grdhA.roa
Signing time:             Fri 02 Jan 2026 06:19:52 +0000
ROA not before:           Fri 02 Jan 2026 06:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56694
IP address blocks:        89.23.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:ce:51:8b:4b:80:22:95:62:38:ee:d3:e8:6b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 06:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f2a57876d6137b61d129cb87575f487582b7610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:b8:74:a1:b4:d8:cf:3e:8a:b2:fd:b8:05:
                    fb:89:81:0a:00:db:97:bf:65:35:68:3a:ce:8f:f9:
                    34:89:0a:2a:0f:97:4b:f4:00:fc:3e:55:6c:01:b9:
                    3c:f1:fd:53:58:df:5f:47:b2:59:fe:85:ea:26:ba:
                    91:fa:13:b2:ac:22:9f:ba:78:a7:88:49:23:f8:79:
                    c2:3e:73:08:33:a5:51:0f:ea:72:b9:a0:7c:6e:a0:
                    06:37:1a:db:4d:b9:31:8a:8b:48:d2:16:cf:c4:1a:
                    0e:62:4d:74:2f:72:24:84:48:51:ad:8a:cd:94:25:
                    c3:ce:ef:22:19:a7:6e:88:fc:24:99:b1:1f:6d:39:
                    22:20:c3:5e:ec:ef:e3:4c:47:db:0d:65:d9:6c:ba:
                    a0:c9:45:ad:53:23:3e:ee:ab:bb:d9:e5:2a:a7:df:
                    62:21:2b:3b:39:6a:a0:f4:db:21:e3:76:1d:a1:a2:
                    2a:c0:8e:05:ee:d2:47:4d:00:cf:9c:12:36:39:85:
                    90:b4:10:76:20:8a:cf:db:11:3c:6a:41:6c:3e:53:
                    d0:99:bf:d3:51:2c:46:b1:94:62:1b:49:4e:c1:e7:
                    cf:d7:a8:9a:34:d0:40:bf:4f:6b:d6:86:4c:e3:e1:
                    c2:44:a8:d1:1f:d3:48:1f:6b:5f:3a:ed:e4:f0:7b:
                    a5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2A:57:87:6D:61:37:B6:1D:12:9C:B8:75:75:F4:87:58:2B:76:10
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/jypXh21hN7YdEpy4dXX0h1grdhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:dd:64:f8:eb:e5:6a:a3:d5:ec:cf:22:f5:86:8f:c4:1a:78:
         64:1d:3c:95:5b:81:f1:10:8b:7f:1a:c6:9f:72:8c:76:b1:75:
         93:d7:0c:8f:68:6c:6d:f7:29:4c:2f:9e:d7:4c:37:99:41:98:
         ad:80:74:2c:f1:ca:54:90:1c:ec:2e:ab:92:ee:20:d7:51:0e:
         65:70:a1:f1:fb:8f:27:ac:89:90:7d:31:a4:bd:d9:68:18:f8:
         5f:58:68:ea:fd:e5:6f:77:e3:d1:3d:b6:2b:68:c4:f3:c1:6e:
         4b:d6:ea:c3:37:82:0e:19:d9:35:66:29:d4:d0:ac:a1:02:48:
         e7:2a:28:7d:38:88:60:12:a3:2d:62:47:42:ab:f3:41:df:62:
         46:61:b9:b8:da:4f:0b:63:92:a6:7f:d9:f6:1e:0c:51:0a:a6:
         82:a7:d4:17:38:d6:33:59:75:22:fc:01:fc:84:12:89:81:87:
         15:6c:2e:f9:5f:28:21:fb:6e:ac:24:a6:56:c2:c8:99:2a:9b:
         80:f0:da:33:7f:1d:28:91:95:c1:2c:8c:0e:9e:85:73:9e:62:
         7b:36:83:9f:1c:2e:4d:be:88:25:4c:06:ae:a3:21:b8:dd:a5:
         1c:f4:18:1c:73:ad:d6:c8:5e:8d:15:b5:ad:77:69:ab:ef:4c:
         04:a9:8a:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XM5Ri0uAIpViOO7T6GuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjYwMTAyMDYxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJhNTc4NzZkNjEzN2I2MWQxMjljYjg3NTc1ZjQ4NzU4MmI3NjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArki4dKG02M8+irL9uAX7iYEKANuX
v2U1aDrOj/k0iQoqD5dL9AD8PlVsAbk88f1TWN9fR7JZ/oXqJrqR+hOyrCKfunin
iEkj+HnCPnMIM6VRD+pyuaB8bqAGNxrbTbkxiotI0hbPxBoOYk10L3IkhEhRrYrN
lCXDzu8iGaduiPwkmbEfbTkiIMNe7O/jTEfbDWXZbLqgyUWtUyM+7qu72eUqp99i
ISs7OWqg9Nsh43YdoaIqwI4F7tJHTQDPnBI2OYWQtBB2IIrP2xE8akFsPlPQmb/T
USxGsZRiG0lOwefP16iaNNBAv09r1oZM4+HCRKjRH9NIH2tfOu3k8HulAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8qV4dtYTe2HRKcuHV19IdYK3YQMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvanlwWGgyMWhON1lkRXB5NGRYWDBoMWdyZGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdmMA0G
CSqGSIb3DQEBCwUAA4IBAQAr3WT46+Vqo9XszyL1ho/EGnhkHTyVW4HxEIt/Gsaf
cox2sXWT1wyPaGxt9ylML57XTDeZQZitgHQs8cpUkBzsLquS7iDXUQ5lcKHx+48n
rImQfTGkvdloGPhfWGjq/eVvd+PRPbYraMTzwW5L1urDN4IOGdk1ZinU0KyhAkjn
Kih9OIhgEqMtYkdCq/NB32JGYbm42k8LY5Kmf9n2HgxRCqaCp9QXONYzWXUi/AH8
hBKJgYcVbC75Xygh+26sJKZWwsiZKpuA8Nozfx0okZXBLIwOnoVznmJ7NoOfHC5N
voglTAauoyG43aUc9Bgcc63WyF6NFbWtd2mr70wEqYoH
-----END CERTIFICATE-----