This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/YHcAPnnmN5aNvs_vCn70-5ADp7o.roa
File:                     YHcAPnnmN5aNvs_vCn70-5ADp7o.roa (raw, json)
Hash identifier:          vNV0ZcdMku44UTdD6dPr7vSiwvW8JOUViBfx6AnLA3s=
Subject key identifier:   60:77:00:3E:79:E6:37:96:8D:BE:CF:EF:0A:7E:F4:FB:90:03:A7:BA
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019BC5BF7BC28409AB737818ABB6219A91C6
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/YHcAPnnmN5aNvs_vCn70-5ADp7o.roa
Signing time:             Fri 16 Jan 2026 07:40:19 +0000
ROA not before:           Fri 16 Jan 2026 07:40:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205268
IP address blocks:        212.91.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c5:bf:7b:c2:84:09:ab:73:78:18:ab:b6:21:9a:91:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan 16 07:40:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6077003e79e637968dbecfef0a7ef4fb9003a7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b7:e9:1f:00:21:b7:15:5c:b3:bd:22:4f:72:
                    8b:b7:4e:93:6c:37:2c:ed:8c:99:42:e6:34:21:76:
                    6a:5a:9e:25:bc:86:67:0b:d3:8d:53:52:00:48:f1:
                    6e:5a:49:32:f8:fb:6f:76:d7:10:a7:6d:1e:07:e6:
                    3b:4c:18:7c:38:16:55:8f:71:17:a8:42:67:de:40:
                    29:58:45:86:df:e4:a9:cd:ef:d8:19:8f:3f:1a:2c:
                    13:c9:b6:82:e4:da:b1:e6:28:9e:e2:a1:00:ba:f8:
                    7f:a8:57:2a:06:a2:69:f6:45:4e:6b:d4:2b:f1:78:
                    a4:44:38:d3:88:d9:92:f8:51:3e:39:a1:94:bb:6f:
                    1d:02:c2:ce:c8:a2:73:da:93:3c:4d:7d:dd:e0:9e:
                    20:1d:ce:24:b9:0b:d8:c0:58:33:6f:12:37:44:b6:
                    02:5a:24:56:0b:ed:08:9c:96:bf:b5:86:dd:2d:da:
                    ed:c6:df:bd:02:2a:ed:1d:6a:a2:98:0c:7f:f6:f1:
                    1b:f9:ee:0e:d4:92:78:fb:4b:5a:e2:35:9a:22:4c:
                    7f:8e:4a:a6:1c:05:c3:c9:e8:9f:98:f4:68:7e:0f:
                    56:87:ed:50:b9:48:4d:83:ee:09:db:6c:af:57:28:
                    74:04:8e:9d:7e:7c:91:f7:11:bf:5d:f2:7c:97:41:
                    84:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:77:00:3E:79:E6:37:96:8D:BE:CF:EF:0A:7E:F4:FB:90:03:A7:BA
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/YHcAPnnmN5aNvs_vCn70-5ADp7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.91.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:34:d8:bf:69:2f:67:48:15:08:fe:27:7c:49:df:e1:51:bc:
         02:10:18:4a:78:b1:41:6e:f0:66:b7:01:5f:6d:1e:d3:5a:f4:
         31:23:f9:b5:26:7e:da:15:56:f6:e1:30:a3:f5:89:05:52:c5:
         d8:c0:59:f8:fb:a9:29:db:60:84:0c:cc:ef:09:87:76:9c:59:
         7b:fa:23:d9:9f:f9:68:c1:99:6c:62:82:a7:6d:69:3f:d9:c4:
         b8:b3:54:57:85:a9:98:ec:20:d8:af:1a:e9:7d:89:67:58:ea:
         92:b6:d4:1d:4b:10:09:72:10:68:77:e7:c1:3b:93:c1:71:91:
         3f:cd:8b:e6:dc:c5:08:d1:ca:30:53:a1:da:46:79:c7:a0:e5:
         66:95:ab:4f:e3:a6:99:66:ef:dd:d9:a1:41:b7:43:df:85:24:
         46:32:01:3d:2b:c0:f7:b4:1f:10:6d:29:bb:90:73:07:ef:7a:
         2a:cc:bf:c2:51:a1:de:bd:90:56:fe:86:51:8c:ff:6b:e7:a1:
         13:b1:84:0b:74:f9:59:df:37:23:a2:8d:5f:48:e4:63:4e:c5:
         d8:4b:3b:70:55:62:94:ce:2e:df:c3:73:43:84:cd:15:80:a3:
         15:43:2c:94:2c:45:c9:14:db:38:22:20:33:6a:f4:89:45:4d:
         a2:a7:77:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvFv3vChAmrc3gYq7YhmpHGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjYwMTE2MDc0MDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc3MDAzZTc5ZTYzNzk2OGRiZWNmZWYwYTdlZjRmYjkwMDNhN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbfpHwAhtxVcs70iT3KLt06TbDcs
7YyZQuY0IXZqWp4lvIZnC9ONU1IASPFuWkky+PtvdtcQp20eB+Y7TBh8OBZVj3EX
qEJn3kApWEWG3+Spze/YGY8/GiwTybaC5Nqx5iie4qEAuvh/qFcqBqJp9kVOa9Qr
8XikRDjTiNmS+FE+OaGUu28dAsLOyKJz2pM8TX3d4J4gHc4kuQvYwFgzbxI3RLYC
WiRWC+0InJa/tYbdLdrtxt+9AirtHWqimAx/9vEb+e4O1JJ4+0ta4jWaIkx/jkqm
HAXDyeifmPRofg9Wh+1QuUhNg+4J22yvVyh0BI6dfnyR9xG/XfJ8l0GEMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB3AD555jeWjb7P7wp+9PuQA6e6MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvWUhjQVBubm1ONWFOdnNfdkNuNzAtNUFEcDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FsVMA0G
CSqGSIb3DQEBCwUAA4IBAQCSNNi/aS9nSBUI/id8Sd/hUbwCEBhKeLFBbvBmtwFf
bR7TWvQxI/m1Jn7aFVb24TCj9YkFUsXYwFn4+6kp22CEDMzvCYd2nFl7+iPZn/lo
wZlsYoKnbWk/2cS4s1RXhamY7CDYrxrpfYlnWOqSttQdSxAJchBod+fBO5PBcZE/
zYvm3MUI0cowU6HaRnnHoOVmlatP46aZZu/d2aFBt0PfhSRGMgE9K8D3tB8QbSm7
kHMH73oqzL/CUaHevZBW/oZRjP9r56ETsYQLdPlZ3zcjoo1fSORjTsXYSztwVWKU
zi7fw3NDhM0VgKMVQyyULEXJFNs4IiAzavSJRU2ip3fr
-----END CERTIFICATE-----