This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YDaDiXNwUi-PcohorC6hSMqqx8w.roa
File:                     YDaDiXNwUi-PcohorC6hSMqqx8w.roa (raw, json)
Hash identifier:          bvh7gMt3n/6TIfrl6SGMDcq2MjZzZKL+Pw2+fwYwwFc=
Subject key identifier:   60:36:83:89:73:70:52:2F:8F:72:88:68:AC:2E:A1:48:CA:AA:C7:CC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B11B62BED8995F4C33A3E5CCDFF848939
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YDaDiXNwUi-PcohorC6hSMqqx8w.roa
Signing time:             Fri 12 Dec 2025 08:38:30 +0000
ROA not before:           Fri 12 Dec 2025 08:38:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        212.193.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Dec 2025 07:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:11:b6:2b:ed:89:95:f4:c3:3a:3e:5c:cd:ff:84:89:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec 12 08:38:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=603683897370522f8f728868ac2ea148caaac7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6f:7e:dc:5f:96:de:e0:b3:b6:2f:a1:a7:dd:
                    97:de:fd:45:84:6b:64:fe:04:f3:30:9d:05:eb:1c:
                    02:22:a7:0a:8d:2f:f2:81:48:4c:05:fc:38:d3:7e:
                    b4:3b:45:81:00:57:22:20:ea:6a:16:92:62:38:f3:
                    55:83:64:0b:68:04:37:62:aa:0d:fb:fb:90:40:94:
                    77:83:38:55:aa:d9:2c:29:35:24:fa:62:2f:33:62:
                    f4:0d:ac:16:70:85:05:44:ee:5f:39:81:f8:01:fd:
                    31:c2:7e:cd:e7:f4:11:ad:bd:02:d4:20:a3:12:4f:
                    63:24:8a:de:fc:70:da:62:76:48:b1:b2:1a:21:c4:
                    a5:c7:01:26:5e:be:28:ba:be:36:7a:1b:61:d6:90:
                    b3:80:52:81:f5:9f:0f:30:6a:b4:af:e7:18:50:7b:
                    b1:0a:59:b5:70:2c:5c:57:c4:1d:32:4b:38:df:72:
                    49:88:bf:20:a8:1a:dd:ef:98:c5:eb:01:b6:5a:30:
                    b0:22:e2:74:df:ba:34:11:18:ad:a7:69:d5:aa:35:
                    23:52:20:74:04:44:f2:10:ba:84:72:3d:d2:40:bc:
                    2b:6c:d5:9a:87:d4:da:21:b6:cf:0a:c1:2e:82:1a:
                    16:99:c9:dc:20:dd:a8:88:44:fa:2e:79:3d:d1:7c:
                    9d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:36:83:89:73:70:52:2F:8F:72:88:68:AC:2E:A1:48:CA:AA:C7:CC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YDaDiXNwUi-PcohorC6hSMqqx8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c4:48:6b:c8:2a:63:06:48:88:d5:08:71:8e:71:c2:2a:df:
         18:ba:90:91:bd:58:38:bf:2e:f2:6d:6c:8c:cf:96:e0:95:6f:
         66:43:a0:f5:44:fd:a5:d5:80:95:d4:87:fe:05:a2:c5:8f:cd:
         44:b6:81:64:18:e5:01:01:0b:07:48:a7:15:fc:a9:76:19:bf:
         1f:41:cd:e5:98:cd:46:d9:0d:3e:b1:18:a0:1c:db:c6:a7:b4:
         5f:83:ef:b5:ac:05:fa:ae:fd:0a:3a:13:75:f9:b7:77:36:fc:
         fe:45:7e:cd:a3:7b:5d:56:0b:12:70:4d:41:f1:3a:d3:e5:65:
         15:5e:06:6b:8d:98:4f:83:f0:f8:5f:dc:c7:db:69:8a:62:d3:
         46:96:f0:14:31:b6:de:91:76:aa:4d:80:aa:a7:d1:97:6a:fb:
         cd:c4:8b:32:84:b6:22:9d:18:3c:4d:7c:68:0e:c8:1d:5f:55:
         87:2c:49:6b:de:59:d8:e8:1c:11:a1:f5:95:98:eb:cb:02:87:
         27:8e:d3:c7:96:4c:55:60:b4:b3:d6:19:b7:91:81:fb:1b:ee:
         92:26:33:43:09:97:6f:30:31:35:bb:f7:5a:13:d4:cd:d7:69:
         e9:0c:13:7c:22:db:b9:04:62:71:5e:8e:b3:72:eb:d4:8b:27:
         aa:9f:f2:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsRtivtiZX0wzo+XM3/hIk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUxMjEyMDgzODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM2ODM4OTczNzA1MjJmOGY3Mjg4NjhhYzJlYTE0OGNhYWFjN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW9+3F+W3uCzti+hp92X3v1FhGtk
/gTzMJ0F6xwCIqcKjS/ygUhMBfw40360O0WBAFciIOpqFpJiOPNVg2QLaAQ3YqoN
+/uQQJR3gzhVqtksKTUk+mIvM2L0DawWcIUFRO5fOYH4Af0xwn7N5/QRrb0C1CCj
Ek9jJIre/HDaYnZIsbIaIcSlxwEmXr4our42ehth1pCzgFKB9Z8PMGq0r+cYUHux
Clm1cCxcV8QdMks433JJiL8gqBrd75jF6wG2WjCwIuJ037o0ERitp2nVqjUjUiB0
BETyELqEcj3SQLwrbNWah9TaIbbPCsEughoWmcncIN2oiET6Lnk90XydtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGA2g4lzcFIvj3KIaKwuoUjKqsfMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWURhRGlYTndVaS1QY29ob3JDNmhTTXFxeDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEIMA0G
CSqGSIb3DQEBCwUAA4IBAQA8xEhryCpjBkiI1QhxjnHCKt8YupCRvVg4vy7ybWyM
z5bglW9mQ6D1RP2l1YCV1If+BaLFj81EtoFkGOUBAQsHSKcV/Kl2Gb8fQc3lmM1G
2Q0+sRigHNvGp7Rfg++1rAX6rv0KOhN1+bd3Nvz+RX7No3tdVgsScE1B8TrT5WUV
XgZrjZhPg/D4X9zH22mKYtNGlvAUMbbekXaqTYCqp9GXavvNxIsyhLYinRg8TXxo
DsgdX1WHLElr3lnY6BwRofWVmOvLAocnjtPHlkxVYLSz1hm3kYH7G+6SJjNDCZdv
MDE1u/daE9TN12npDBN8Itu5BGJxXo6zcuvUiyeqn/IU
-----END CERTIFICATE-----