This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/YsrfKZUom0hhdvtAbQlQ31S1LpI.roa
File:                     YsrfKZUom0hhdvtAbQlQ31S1LpI.roa (raw, json)
Hash identifier:          QER6EJFTVwn6uMFElRbueTl9ramohyi1r1R/wDUOkjQ=
Subject key identifier:   62:CA:DF:29:95:28:9B:48:61:76:FB:40:6D:09:50:DF:54:B5:2E:92
Certificate issuer:       /CN=d730a29941efbc7a7927f029481e2c725a1a6711
Certificate serial:       019B7758E10B5760B6E302FE057205C08B6C
Authority key identifier: D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/YsrfKZUom0hhdvtAbQlQ31S1LpI.roa
Signing time:             Thu 01 Jan 2026 02:17:51 +0000
ROA not before:           Thu 01 Jan 2026 02:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200069
IP address blocks:        185.250.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:e1:0b:57:60:b6:e3:02:fe:05:72:05:c0:8b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d730a29941efbc7a7927f029481e2c725a1a6711
        Validity
            Not Before: Jan  1 02:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62cadf2995289b486176fb406d0950df54b52e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c4:a6:eb:b6:71:ba:c4:1f:f8:fa:d7:00:7d:
                    46:83:49:30:58:a5:b7:ae:f7:66:d0:6b:9d:37:d5:
                    6d:ca:e1:96:5f:08:d7:21:f7:39:25:70:f9:57:67:
                    07:36:62:08:d6:6e:35:fc:ae:61:0f:36:2f:08:f7:
                    6a:f6:34:19:cc:41:dd:f2:a1:61:d3:13:24:97:91:
                    4e:dc:5e:a2:a9:01:21:5e:b5:c3:e2:b8:5c:a5:b8:
                    43:a9:05:c9:2c:66:23:28:79:a6:34:1a:d7:92:ab:
                    a0:74:95:8f:a0:62:be:14:35:ea:d0:a0:5e:7b:6f:
                    f4:64:69:a6:64:ae:36:29:0d:4a:e3:81:e6:2d:0a:
                    41:76:ef:76:27:d2:86:67:cb:68:47:e4:a0:f5:78:
                    a8:6a:e3:10:4d:fd:fa:8e:b5:d1:e7:f4:e0:e4:4c:
                    7c:9c:3a:53:00:18:78:ff:4b:53:cf:2b:e4:5a:61:
                    9b:c5:6f:57:c7:b4:3d:2d:18:94:dc:94:7a:05:3f:
                    09:8b:0d:3a:e6:07:8d:98:7a:42:2e:00:1c:f1:33:
                    38:a5:80:46:df:4e:c0:9f:ed:17:58:e0:86:0c:81:
                    e4:75:1a:39:ff:c1:76:de:49:c2:a9:d0:bc:09:0a:
                    0e:a6:c0:9d:b8:df:29:8e:09:4d:a9:78:b7:18:41:
                    93:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:CA:DF:29:95:28:9B:48:61:76:FB:40:6D:09:50:DF:54:B5:2E:92
            X509v3 Authority Key Identifier:
                keyid:D7:30:A2:99:41:EF:BC:7A:79:27:F0:29:48:1E:2C:72:5A:1A:67:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zCimUHvvHp5J_ApSB4scloaZxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/YsrfKZUom0hhdvtAbQlQ31S1LpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/64c5a9-b379-4999-af7a-3c0fa18c58cb/1/1zCimUHvvHp5J_ApSB4scloaZxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:dd:f1:0d:13:3a:ff:16:58:a2:b7:f5:05:1c:60:b0:fb:ba:
         09:f1:46:66:6e:5a:0a:f0:1a:6f:ed:ba:34:37:11:61:2b:1b:
         da:e2:84:83:df:6c:00:c1:fd:67:86:a7:9f:69:6d:f0:ef:80:
         18:3a:71:67:7d:7a:c1:58:2e:91:74:3a:81:69:4a:7d:87:9f:
         9c:f7:d9:e6:fb:60:c3:94:5e:d5:17:d6:8c:60:4f:ff:0f:06:
         87:af:f2:f8:0f:4e:3c:d2:13:1a:46:28:0f:d7:c7:ab:df:05:
         12:f0:1e:f4:f3:15:ee:5b:ac:8f:4b:a0:8e:0f:17:f0:96:90:
         b5:af:42:69:3d:72:31:6e:8b:8b:ea:5a:86:59:c3:c9:70:01:
         50:6a:cb:0a:4f:68:67:7e:4b:0c:3d:60:be:77:0f:b9:b5:f4:
         50:74:38:c3:38:67:22:69:46:40:69:0e:72:d3:d9:aa:5c:81:
         41:18:21:cd:60:32:54:ce:7d:15:19:f8:74:7b:ac:d3:a3:8a:
         ab:65:f7:0b:2c:89:4f:e0:8f:42:7b:73:99:f6:25:f1:55:de:
         19:0a:33:97:bc:f6:66:63:14:95:30:f4:8d:b6:b4:b4:24:e4:
         0b:d0:cc:af:28:54:35:95:cd:55:9e:c5:19:cd:73:86:a7:13:
         e6:f9:d6:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOELV2C24wL+BXIFwItsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MzBhMjk5NDFlZmJjN2E3OTI3ZjAyOTQ4MWUyYzcyNWEx
YTY3MTEwHhcNMjYwMTAxMDIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmNhZGYyOTk1Mjg5YjQ4NjE3NmZiNDA2ZDA5NTBkZjU0YjUyZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMSm67ZxusQf+PrXAH1Gg0kwWKW3
rvdm0GudN9VtyuGWXwjXIfc5JXD5V2cHNmII1m41/K5hDzYvCPdq9jQZzEHd8qFh
0xMkl5FO3F6iqQEhXrXD4rhcpbhDqQXJLGYjKHmmNBrXkqugdJWPoGK+FDXq0KBe
e2/0ZGmmZK42KQ1K44HmLQpBdu92J9KGZ8toR+Sg9XioauMQTf36jrXR5/Tg5Ex8
nDpTABh4/0tTzyvkWmGbxW9Xx7Q9LRiU3JR6BT8Jiw065geNmHpCLgAc8TM4pYBG
307An+0XWOCGDIHkdRo5/8F23knCqdC8CQoOpsCduN8pjglNqXi3GEGTswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLK3ymVKJtIYXb7QG0JUN9UtS6SMB8GA1UdIwQY
MBaAFNcwoplB77x6eSfwKUgeLHJaGmcRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2Et
M2MwZmExOGM1OGNiLzEvWXNyZktaVW9tMGhoZHZ0QWJRbFEzMVMxTHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82NGM1YTktYjM3OS00OTk5LWFmN2EtM2MwZmExOGM1OGNi
LzEvMXpDaW1VSHZ2SHA1Sl9BcFNCNHNjbG9hWnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufrsMA0G
CSqGSIb3DQEBCwUAA4IBAQAV3fENEzr/Fliit/UFHGCw+7oJ8UZmbloK8Bpv7bo0
NxFhKxva4oSD32wAwf1nhqefaW3w74AYOnFnfXrBWC6RdDqBaUp9h5+c99nm+2DD
lF7VF9aMYE//DwaHr/L4D0480hMaRigP18er3wUS8B708xXuW6yPS6CODxfwlpC1
r0JpPXIxbouL6lqGWcPJcAFQassKT2hnfksMPWC+dw+5tfRQdDjDOGciaUZAaQ5y
09mqXIFBGCHNYDJUzn0VGfh0e6zTo4qrZfcLLIlP4I9Ce3OZ9iXxVd4ZCjOXvPZm
YxSVMPSNtrS0JOQL0MyvKFQ1lc1VnsUZzXOGpxPm+dZ8
-----END CERTIFICATE-----