This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/YYgzCJR0-0gXgfzyBpOEkQ4pXkc.roa
File:                     YYgzCJR0-0gXgfzyBpOEkQ4pXkc.roa (raw, json)
Hash identifier:          DEoGAyI9/dVWa6pEX3QAslv+mwYbksED/2fQOt0a8aI=
Subject key identifier:   61:88:33:08:94:74:FB:48:17:81:FC:F2:06:93:84:91:0E:29:5E:47
Certificate issuer:       /CN=89a041670001660a3720b77d764d836852190138
Certificate serial:       019A9D5D6FB88D20C339413188006A0D55CF
Authority key identifier: 89:A0:41:67:00:01:66:0A:37:20:B7:7D:76:4D:83:68:52:19:01:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/YYgzCJR0-0gXgfzyBpOEkQ4pXkc.roa
Signing time:             Wed 19 Nov 2025 18:25:37 +0000
ROA not before:           Wed 19 Nov 2025 18:25:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        95.128.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:5d:6f:b8:8d:20:c3:39:41:31:88:00:6a:0d:55:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a041670001660a3720b77d764d836852190138
        Validity
            Not Before: Nov 19 18:25:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=618833089474fb481781fcf2069384910e295e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3d:69:98:51:4d:b7:17:2a:82:5f:41:c3:62:
                    79:51:20:5e:a9:42:8f:bc:f8:a2:83:87:b6:06:24:
                    cf:cb:37:e0:c5:d9:f7:e1:8e:a9:d1:96:dd:f3:d4:
                    e6:dd:e1:1e:59:dc:32:d9:e2:4f:cb:77:e4:9e:bf:
                    ca:80:3a:36:ae:bd:b1:f8:1b:ce:6b:8a:aa:fb:9b:
                    6d:e3:34:e2:24:b5:75:5d:76:b8:4b:cb:9c:ee:ce:
                    60:22:6b:57:14:2a:e9:73:6f:68:e2:a6:44:05:d6:
                    da:0e:33:2f:d6:ce:75:d7:db:61:84:ff:3f:4a:d2:
                    c6:e6:be:7f:cb:db:71:63:fa:d1:72:58:10:b6:d7:
                    a3:3d:a2:75:ac:66:fd:e5:f5:47:3f:36:0b:32:4a:
                    c1:7f:96:53:ab:36:f2:5e:00:13:8f:e0:a9:c0:0c:
                    0f:c2:e7:c0:36:d2:a6:aa:ef:f4:9e:8a:57:da:73:
                    8a:b9:cd:6d:10:5c:cd:c5:28:6d:49:2e:7d:a0:f2:
                    65:d5:f9:bc:4d:e2:63:f7:f6:d7:6b:46:59:96:fa:
                    8b:ea:ae:da:30:fc:ff:b8:6a:51:f7:a0:21:af:8d:
                    5d:3d:9c:0f:38:5a:df:00:8e:8d:d5:a0:e0:af:4f:
                    a2:50:a3:fc:f3:10:8e:2a:91:5c:34:de:fa:67:ea:
                    3b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:88:33:08:94:74:FB:48:17:81:FC:F2:06:93:84:91:0E:29:5E:47
            X509v3 Authority Key Identifier:
                keyid:89:A0:41:67:00:01:66:0A:37:20:B7:7D:76:4D:83:68:52:19:01:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iaBBZwABZgo3ILd9dk2DaFIZATg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/YYgzCJR0-0gXgfzyBpOEkQ4pXkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d4469a-13a8-472c-b46f-4bb414623a14/1/iaBBZwABZgo3ILd9dk2DaFIZATg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:87:84:ec:91:3e:c7:e0:01:09:c7:94:08:95:88:c5:ae:29:
         d1:f5:83:63:79:3a:2b:68:83:b0:a0:c7:44:75:26:d8:ec:ba:
         f6:af:53:0a:4a:26:db:51:e5:20:86:a9:87:3f:06:f8:a7:c1:
         da:c4:44:75:49:2a:fd:37:4e:47:57:5b:3e:82:64:c3:66:c1:
         6c:b2:1b:11:b2:10:3d:d3:09:22:a5:04:30:62:cd:84:7a:8b:
         9b:0b:5a:e9:50:25:00:fd:91:52:43:2f:7a:cf:1b:dc:de:f0:
         a4:c5:98:94:3b:44:c8:8a:66:f3:fd:a6:50:ff:0b:95:8d:7e:
         ff:b2:99:f6:99:34:df:41:2e:89:94:9e:d0:72:72:ac:fe:06:
         bd:76:f9:3e:64:4d:46:bf:d3:72:8c:4e:21:6f:09:c4:e5:82:
         20:1e:6e:cd:80:56:ef:7b:31:46:d4:25:39:f8:95:75:e3:05:
         0d:86:de:cc:71:81:fd:78:76:3d:3a:93:ac:75:48:67:f8:71:
         5f:3b:3a:8a:60:0b:26:67:ba:14:9c:d5:0f:c6:a4:b3:55:29:
         45:d4:b0:9b:c6:51:9e:85:0f:f2:f6:d4:a0:bf:45:71:d3:c1:
         62:0c:a8:3f:56:3e:9a:f4:5a:19:27:76:c6:1a:b8:16:f4:7e:
         39:2c:3a:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqdXW+4jSDDOUExiABqDVXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTA0MTY3MDAwMTY2MGEzNzIwYjc3ZDc2NGQ4MzY4NTIx
OTAxMzgwHhcNMjUxMTE5MTgyNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTg4MzMwODk0NzRmYjQ4MTc4MWZjZjIwNjkzODQ5MTBlMjk1ZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqj1pmFFNtxcqgl9Bw2J5USBeqUKP
vPiig4e2BiTPyzfgxdn34Y6p0Zbd89Tm3eEeWdwy2eJPy3fknr/KgDo2rr2x+BvO
a4qq+5tt4zTiJLV1XXa4S8uc7s5gImtXFCrpc29o4qZEBdbaDjMv1s5119thhP8/
StLG5r5/y9txY/rRclgQttejPaJ1rGb95fVHPzYLMkrBf5ZTqzbyXgATj+CpwAwP
wufANtKmqu/0nopX2nOKuc1tEFzNxShtSS59oPJl1fm8TeJj9/bXa0ZZlvqL6q7a
MPz/uGpR96Ahr41dPZwPOFrfAI6N1aDgr0+iUKP88xCOKpFcNN76Z+o7qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGIMwiUdPtIF4H88gaThJEOKV5HMB8GA1UdIwQY
MBaAFImgQWcAAWYKNyC3fXZNg2hSGQE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFCQlp3QUJaZ28zSUxkOWRrMkRhRklaQVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9kNDQ2OWEtMTNhOC00NzJjLWI0NmYt
NGJiNDE0NjIzYTE0LzEvWVlnekNKUjAtMGdYZ2Z6eUJwT0VrUTRwWGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9kNDQ2OWEtMTNhOC00NzJjLWI0NmYtNGJiNDE0NjIzYTE0
LzEvaWFCQlp3QUJaZ28zSUxkOWRrMkRhRklaQVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CYMA0G
CSqGSIb3DQEBCwUAA4IBAQDBh4TskT7H4AEJx5QIlYjFrinR9YNjeToraIOwoMdE
dSbY7Lr2r1MKSibbUeUghqmHPwb4p8HaxER1SSr9N05HV1s+gmTDZsFsshsRshA9
0wkipQQwYs2EeoubC1rpUCUA/ZFSQy96zxvc3vCkxZiUO0TIimbz/aZQ/wuVjX7/
spn2mTTfQS6JlJ7QcnKs/ga9dvk+ZE1Gv9NyjE4hbwnE5YIgHm7NgFbvezFG1CU5
+JV14wUNht7McYH9eHY9OpOsdUhn+HFfOzqKYAsmZ7oUnNUPxqSzVSlF1LCbxlGe
hQ/y9tSgv0Vx08FiDKg/Vj6a9FoZJ3bGGrgW9H45LDq9
-----END CERTIFICATE-----