This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/YXwTm4AmXj7P3L-oHjQ9SCRkIB8.roa
File:                     YXwTm4AmXj7P3L-oHjQ9SCRkIB8.roa (raw, json)
Hash identifier:          BEZ8noNyxFYH9s7y6LdJlLx1xzBr+aJybJ/406MKOQM=
Subject key identifier:   61:7C:13:9B:80:26:5E:3E:CF:DC:BF:A8:1E:34:3D:48:24:64:20:1F
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       019B7EA6DAD6D826C71AA956709F4B726DC3
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/YXwTm4AmXj7P3L-oHjQ9SCRkIB8.roa
Signing time:             Fri 02 Jan 2026 12:20:22 +0000
ROA not before:           Fri 02 Jan 2026 12:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201486
IP address blocks:        84.47.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:da:d6:d8:26:c7:1a:a9:56:70:9f:4b:72:6d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  2 12:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=617c139b80265e3ecfdcbfa81e343d482464201f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:92:c7:79:bc:4d:29:c1:4d:41:c0:3e:bb:98:
                    6c:14:33:6e:a6:cc:62:e5:65:b5:2c:66:08:af:b4:
                    17:8a:ce:02:03:8b:6d:00:a2:f9:40:97:8d:c2:9d:
                    82:15:a0:2a:80:6e:27:d1:3b:ba:b1:da:64:3e:4b:
                    87:f1:c2:7d:d1:a6:19:04:81:9b:ea:d7:75:dd:45:
                    5c:38:a3:72:17:40:ae:55:e8:2a:a7:78:56:ff:c2:
                    23:e3:1a:b4:d0:a6:61:c0:50:5d:d5:8d:db:dc:92:
                    97:65:f3:a4:88:dc:da:02:87:f5:c5:7b:7a:1e:06:
                    0b:56:da:11:96:72:e1:29:78:e0:b1:b0:a5:3e:ab:
                    2c:e6:8d:45:47:2e:85:a6:f1:ad:56:db:bb:85:72:
                    62:ca:dc:9b:a5:f1:48:9e:a6:77:2e:df:89:1b:46:
                    5a:5a:a3:1f:f5:ff:a6:39:fa:88:4d:de:cc:9c:47:
                    6e:4e:0b:30:5e:91:70:2a:ba:6f:01:c4:66:14:c9:
                    bb:9f:51:5d:ae:5c:89:c0:e9:ab:35:da:29:46:da:
                    07:ec:a4:6d:ef:5c:ad:c6:ca:ac:90:32:a3:8c:45:
                    15:87:60:78:f4:1b:19:90:97:bc:43:e2:00:e2:d9:
                    0b:6d:c8:01:61:4f:f7:c5:4d:a2:2a:2d:1d:69:47:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:7C:13:9B:80:26:5E:3E:CF:DC:BF:A8:1E:34:3D:48:24:64:20:1F
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/YXwTm4AmXj7P3L-oHjQ9SCRkIB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:fe:57:15:26:69:9e:ce:68:9b:cf:a2:d6:55:00:78:37:62:
         49:82:52:64:57:c4:54:03:9e:bb:ea:cb:e1:29:8e:67:05:dc:
         28:8f:13:12:12:61:95:a5:ec:ef:28:5c:68:70:fc:17:de:6c:
         cf:3b:90:28:d4:8e:74:92:b3:a1:e3:60:d6:0d:ff:49:6f:a0:
         a5:84:d9:aa:46:df:c9:9c:96:6f:69:17:6c:1b:25:87:7e:3c:
         74:8a:4f:7a:69:84:45:5c:ab:92:7c:df:44:43:2a:be:d5:c9:
         a6:00:ce:18:40:4b:69:e5:26:25:87:e1:3a:4f:89:77:fe:bf:
         4d:b3:b2:43:df:73:17:a5:a4:16:75:b7:e5:41:27:41:cc:ce:
         cb:51:eb:59:d2:64:21:be:69:d6:c8:bf:6f:88:29:6f:1e:2b:
         53:7e:5e:95:22:c8:ca:a6:fd:de:ca:cf:1e:3d:15:fd:80:e4:
         95:dc:cd:30:90:1d:87:9c:c8:a0:8c:7e:53:41:bb:db:26:a4:
         23:8a:90:73:64:85:e9:d3:7e:c1:fb:84:77:3e:dd:0b:e3:de:
         c7:18:b4:4a:9c:d1:7d:7e:b3:56:26:b3:9c:fe:0d:57:6b:49:
         96:38:3c:ef:6f:3f:15:72:c4:67:6e:19:5d:d5:0e:63:f5:0e:
         e5:d9:a9:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ptrW2CbHGqlWcJ9Lcm3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjYwMTAyMTIyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTdjMTM5YjgwMjY1ZTNlY2ZkY2JmYTgxZTM0M2Q0ODI0NjQyMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypLHebxNKcFNQcA+u5hsFDNupsxi
5WW1LGYIr7QXis4CA4ttAKL5QJeNwp2CFaAqgG4n0Tu6sdpkPkuH8cJ90aYZBIGb
6td13UVcOKNyF0CuVegqp3hW/8Ij4xq00KZhwFBd1Y3b3JKXZfOkiNzaAof1xXt6
HgYLVtoRlnLhKXjgsbClPqss5o1FRy6FpvGtVtu7hXJiytybpfFInqZ3Lt+JG0Za
WqMf9f+mOfqITd7MnEduTgswXpFwKrpvAcRmFMm7n1FdrlyJwOmrNdopRtoH7KRt
71ytxsqskDKjjEUVh2B49BsZkJe8Q+IA4tkLbcgBYU/3xU2iKi0daUcizQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF8E5uAJl4+z9y/qB40PUgkZCAfMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvWVh3VG00QW1YajdQM0wtb0hqUTlTQ1JrSUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC+9MA0G
CSqGSIb3DQEBCwUAA4IBAQCO/lcVJmmezmibz6LWVQB4N2JJglJkV8RUA5676svh
KY5nBdwojxMSEmGVpezvKFxocPwX3mzPO5Ao1I50krOh42DWDf9Jb6ClhNmqRt/J
nJZvaRdsGyWHfjx0ik96aYRFXKuSfN9EQyq+1cmmAM4YQEtp5SYlh+E6T4l3/r9N
s7JD33MXpaQWdbflQSdBzM7LUetZ0mQhvmnWyL9viClvHitTfl6VIsjKpv3eys8e
PRX9gOSV3M0wkB2HnMigjH5TQbvbJqQjipBzZIXp037B+4R3Pt0L497HGLRKnNF9
frNWJrOc/g1Xa0mWODzvbz8VcsRnbhld1Q5j9Q7l2amA
-----END CERTIFICATE-----