This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/YhV2RPOqPZXVdAMRyoGhsYcqg5o.roa
File:                     YhV2RPOqPZXVdAMRyoGhsYcqg5o.roa (raw, json)
Hash identifier:          +2OSyQukbn8Ac2KWdiYjJtwI1C2RFg/LbfJyv2kiAaQ=
Subject key identifier:   62:15:76:44:F3:AA:3D:95:D5:74:03:11:CA:81:A1:B1:87:2A:83:9A
Certificate issuer:       /CN=ad9afade4183ae80048d6b84818eec46f680fa26
Certificate serial:       019B7BA3826C575623B97E9A5D2EFE25615F
Authority key identifier: AD:9A:FA:DE:41:83:AE:80:04:8D:6B:84:81:8E:EC:46:F6:80:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/YhV2RPOqPZXVdAMRyoGhsYcqg5o.roa
Signing time:             Thu 01 Jan 2026 22:17:51 +0000
ROA not before:           Thu 01 Jan 2026 22:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31463
IP address blocks:        185.167.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:82:6c:57:56:23:b9:7e:9a:5d:2e:fe:25:61:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9afade4183ae80048d6b84818eec46f680fa26
        Validity
            Not Before: Jan  1 22:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62157644f3aa3d95d5740311ca81a1b1872a839a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:32:4a:74:0b:e9:3b:4f:8e:4d:b2:2a:63:e0:
                    49:04:a2:4a:ea:a0:7b:43:be:c8:68:ed:e4:8c:a8:
                    0d:05:3f:d9:fe:da:d9:fc:cb:ad:9f:0a:db:69:a7:
                    3b:ce:c7:bc:30:37:70:d1:d4:26:89:97:5a:88:2f:
                    72:0d:05:20:e7:6f:be:d8:22:46:5f:5f:85:29:f8:
                    2d:72:10:96:a2:90:39:3e:0a:00:a4:31:ec:52:7a:
                    8c:79:b6:5b:11:f5:24:bd:9f:96:77:e2:eb:e6:c6:
                    f8:87:fd:5b:de:fb:3f:bf:f9:b0:23:63:ce:e7:b1:
                    7a:e0:9d:07:97:7b:c5:62:c9:12:31:b9:fd:6a:f1:
                    40:b4:81:ad:0c:b7:83:ba:86:a3:9d:ce:b7:dd:8c:
                    9a:99:04:66:ac:26:ab:da:26:7d:78:93:e4:b0:71:
                    67:6d:9f:3e:f9:be:a7:d3:02:c6:eb:c6:cd:2d:58:
                    2e:c7:a3:4d:f9:ce:19:fa:cf:f8:fd:91:34:da:90:
                    ae:a0:d8:fe:d1:8c:d7:17:e5:0f:c0:0d:a7:94:0d:
                    88:65:a1:89:be:9f:e7:e8:26:b3:3f:fb:ca:d3:f3:
                    7f:db:ce:58:3d:4e:be:c4:d2:9e:74:d3:b8:dc:98:
                    57:12:b3:43:1c:bb:4b:fa:07:d4:45:9e:b0:e8:a2:
                    f7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:15:76:44:F3:AA:3D:95:D5:74:03:11:CA:81:A1:B1:87:2A:83:9A
            X509v3 Authority Key Identifier:
                keyid:AD:9A:FA:DE:41:83:AE:80:04:8D:6B:84:81:8E:EC:46:F6:80:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/YhV2RPOqPZXVdAMRyoGhsYcqg5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:27:81:09:69:c0:5f:ab:be:6d:5c:36:b7:70:dc:5a:1d:0d:
         fa:16:b3:d5:a6:06:55:5d:aa:19:47:b9:bf:f6:0a:94:b5:5b:
         2c:03:f4:eb:a9:a7:10:db:62:a9:4a:7c:85:8e:c5:8a:f6:63:
         9a:0e:12:b2:2b:45:a4:3f:7d:02:17:92:4b:68:56:0d:0e:fb:
         cf:4a:7f:f5:fe:15:dc:db:68:b9:5b:7c:ce:d2:22:4e:7f:d9:
         21:f1:a7:52:43:47:ad:35:7b:e6:db:d6:17:61:c9:f8:c4:ed:
         10:f4:da:08:51:fc:88:11:a3:97:30:1a:6c:02:1b:13:7d:59:
         26:19:f7:25:a0:8d:dd:40:79:77:8d:64:ce:41:c8:13:9a:ac:
         e5:e9:d8:58:f1:d3:c1:ca:14:6c:66:17:84:9a:a4:1d:6f:11:
         61:a7:d6:75:55:a5:e3:6a:d4:e3:d3:5d:af:75:c8:02:17:58:
         5e:d5:b5:b4:27:93:52:df:52:a9:68:3b:a9:f2:d7:d5:4f:a4:
         f9:6c:ab:fc:7b:b8:b5:02:15:0f:75:e6:2e:39:2e:5d:3a:b0:
         0c:8c:e8:58:30:26:52:7e:50:23:68:fd:6a:4e:e7:04:43:a6:
         48:ae:7b:87:43:82:49:0f:18:c1:29:1f:09:c6:a8:c6:e0:53:
         01:ac:92:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o4JsV1YjuX6aXS7+JWFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOWFmYWRlNDE4M2FlODAwNDhkNmI4NDgxOGVlYzQ2ZjY4
MGZhMjYwHhcNMjYwMTAxMjIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjE1NzY0NGYzYWEzZDk1ZDU3NDAzMTFjYTgxYTFiMTg3MmE4MzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TJKdAvpO0+OTbIqY+BJBKJK6qB7
Q77IaO3kjKgNBT/Z/trZ/Mutnwrbaac7zse8MDdw0dQmiZdaiC9yDQUg52++2CJG
X1+FKfgtchCWopA5PgoApDHsUnqMebZbEfUkvZ+Wd+Lr5sb4h/1b3vs/v/mwI2PO
57F64J0Hl3vFYskSMbn9avFAtIGtDLeDuoajnc633YyamQRmrCar2iZ9eJPksHFn
bZ8++b6n0wLG68bNLVgux6NN+c4Z+s/4/ZE02pCuoNj+0YzXF+UPwA2nlA2IZaGJ
vp/n6CazP/vK0/N/285YPU6+xNKedNO43JhXErNDHLtL+gfURZ6w6KL3+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIVdkTzqj2V1XQDEcqBobGHKoOaMB8GA1UdIwQY
MBaAFK2a+t5Bg66ABI1rhIGO7Eb2gPomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclpyNjNrR0Ryb0FFald1RWdZN3NSdmFBLWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kMzc3Y2QtZTM2Zi00Y2I5LTgyNWIt
YzAyMzM0YmUxMjhjLzEvWWhWMlJQT3FQWlhWZEFNUnlvR2hzWWNxZzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kMzc3Y2QtZTM2Zi00Y2I5LTgyNWItYzAyMzM0YmUxMjhj
LzEvclpyNjNrR0Ryb0FFald1RWdZN3NSdmFBLWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafYMA0G
CSqGSIb3DQEBCwUAA4IBAQDCJ4EJacBfq75tXDa3cNxaHQ36FrPVpgZVXaoZR7m/
9gqUtVssA/TrqacQ22KpSnyFjsWK9mOaDhKyK0WkP30CF5JLaFYNDvvPSn/1/hXc
22i5W3zO0iJOf9kh8adSQ0etNXvm29YXYcn4xO0Q9NoIUfyIEaOXMBpsAhsTfVkm
GfcloI3dQHl3jWTOQcgTmqzl6dhY8dPByhRsZheEmqQdbxFhp9Z1VaXjatTj012v
dcgCF1he1bW0J5NS31KpaDup8tfVT6T5bKv8e7i1AhUPdeYuOS5dOrAMjOhYMCZS
flAjaP1qTucEQ6ZIrnuHQ4JJDxjBKR8JxqjG4FMBrJL3
-----END CERTIFICATE-----