This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/RrLny5U_ijBVCGnLCvuUJJ18m5s.roa
File:                     RrLny5U_ijBVCGnLCvuUJJ18m5s.roa (raw, json)
Hash identifier:          bpv8Zff7lwgvln+/BYJURzEncDhJwqT1vkhDlSV1O1g=
Subject key identifier:   46:B2:E7:CB:95:3F:8A:30:55:08:69:CB:0A:FB:94:24:9D:7C:9B:9B
Certificate issuer:       /CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
Certificate serial:       019B7F1570F02FF54EB92468469DED2929D0
Authority key identifier: C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/RrLny5U_ijBVCGnLCvuUJJ18m5s.roa
Signing time:             Fri 02 Jan 2026 14:21:10 +0000
ROA not before:           Fri 02 Jan 2026 14:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12301
IP address blocks:        85.119.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:70:f0:2f:f5:4e:b9:24:68:46:9d:ed:29:29:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
        Validity
            Not Before: Jan  2 14:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46b2e7cb953f8a30550869cb0afb94249d7c9b9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:eb:2b:9d:28:1d:c0:73:f5:1b:7f:97:34:44:
                    69:7c:b4:11:10:ae:bf:78:6c:13:e5:e8:41:d6:fc:
                    be:7c:d4:cb:b2:48:4c:b1:d5:c0:2a:c1:7b:2f:7d:
                    5e:91:26:c3:9a:3a:9f:75:82:41:36:88:a0:ec:b1:
                    4b:7c:16:07:81:bc:18:4d:63:fd:4c:f5:f0:16:60:
                    74:37:34:95:ab:f1:3a:34:5b:75:dd:45:c8:ff:2e:
                    ac:a6:44:ef:1b:8d:3e:83:77:4e:eb:b5:ef:27:d6:
                    65:89:8d:db:a3:99:f3:f7:5b:a3:5d:f6:e6:fc:ca:
                    7c:cc:15:8f:1b:a9:cb:f6:59:0f:99:b2:e1:34:58:
                    a3:a4:11:37:50:81:ed:72:36:a3:7e:8c:5f:55:20:
                    07:07:4b:6f:88:22:85:3d:22:2a:4d:86:7a:02:84:
                    23:f8:34:c6:ea:82:3d:a7:9b:c1:12:2d:72:80:0e:
                    3b:02:86:d3:86:7d:7d:8c:34:b4:90:2e:34:62:9d:
                    f0:1b:4a:91:1f:e7:d4:2f:38:62:af:2a:ff:57:dc:
                    53:45:e4:24:0f:76:63:35:07:5d:90:f7:a0:90:a3:
                    66:db:5c:44:ec:59:61:cb:65:21:fd:e0:b8:6c:2d:
                    e5:d4:d4:b5:89:72:02:0f:37:24:7a:38:18:ea:b3:
                    52:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:B2:E7:CB:95:3F:8A:30:55:08:69:CB:0A:FB:94:24:9D:7C:9B:9B
            X509v3 Authority Key Identifier:
                keyid:C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/RrLny5U_ijBVCGnLCvuUJJ18m5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b7:8e:97:a2:11:23:70:04:f2:96:f1:ba:6a:4d:f6:d9:78:97:
         6b:38:99:69:34:51:f1:db:ca:48:26:f9:4d:f2:01:d6:e9:ec:
         02:22:5d:0c:f4:f0:0a:44:26:8b:d5:d7:74:c0:ed:45:d3:cb:
         f4:9c:a8:ad:a0:a4:a9:48:a1:16:d3:eb:21:9f:51:5c:f6:8d:
         36:5d:f1:92:61:85:32:32:e6:ce:6b:21:22:e3:9e:c5:58:ab:
         1d:bb:82:05:b7:52:05:f0:00:8e:8e:4d:1a:6b:a5:d8:59:04:
         04:d8:7e:28:bf:51:e3:0d:af:4a:bd:89:8d:e1:3c:10:c6:04:
         3a:09:21:3a:21:69:e6:c6:7a:d7:71:5b:6c:51:18:da:23:10:
         d2:d1:1e:23:e1:4a:d9:74:33:97:38:ca:71:4f:82:50:a4:66:
         5a:e0:4d:fa:48:67:41:d2:44:4e:0e:83:0a:a5:87:c2:70:1d:
         49:48:dd:bd:81:a4:4c:94:d6:75:ea:5b:b0:00:ec:b2:2e:dc:
         58:e8:9d:e0:c7:ce:2d:2f:a4:41:36:a0:0a:f1:a9:fa:d7:f4:
         1c:9d:ac:62:fe:f6:ba:fb:71:80:8d:af:01:94:9c:97:ef:ea:
         2f:9a:a6:2a:07:c1:de:03:09:71:18:89:66:4e:b0:1d:37:9e:
         9b:16:69:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXDwL/VOuSRoRp3tKSnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVhYTcwMzQyNTBhYjFhODc4OWFjODZjYzBlZWYzYmZj
OWRiNWYwHhcNMjYwMTAyMTQyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmIyZTdjYjk1M2Y4YTMwNTUwODY5Y2IwYWZiOTQyNDlkN2M5YjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+srnSgdwHP1G3+XNERpfLQREK6/
eGwT5ehB1vy+fNTLskhMsdXAKsF7L31ekSbDmjqfdYJBNoig7LFLfBYHgbwYTWP9
TPXwFmB0NzSVq/E6NFt13UXI/y6spkTvG40+g3dO67XvJ9ZliY3bo5nz91ujXfbm
/Mp8zBWPG6nL9lkPmbLhNFijpBE3UIHtcjajfoxfVSAHB0tviCKFPSIqTYZ6AoQj
+DTG6oI9p5vBEi1ygA47AobThn19jDS0kC40Yp3wG0qRH+fULzhiryr/V9xTReQk
D3ZjNQddkPegkKNm21xE7Flhy2Uh/eC4bC3l1NS1iXICDzckejgY6rNSQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEay58uVP4owVQhpywr7lCSdfJubMB8GA1UdIwQY
MBaAFMjVqnA0JQqxqHiayGzA7vO/ydtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDIt
MmQ3MmYyMzE5M2RiLzEvUnJMbnk1VV9pakJWQ0duTEN2dVVKSjE4bTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDItMmQ3MmYyMzE5M2Ri
LzEveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVXcIMA0G
CSqGSIb3DQEBCwUAA4IBAQC3jpeiESNwBPKW8bpqTfbZeJdrOJlpNFHx28pIJvlN
8gHW6ewCIl0M9PAKRCaL1dd0wO1F08v0nKitoKSpSKEW0+shn1Fc9o02XfGSYYUy
MubOayEi457FWKsdu4IFt1IF8ACOjk0aa6XYWQQE2H4ov1HjDa9KvYmN4TwQxgQ6
CSE6IWnmxnrXcVtsURjaIxDS0R4j4UrZdDOXOMpxT4JQpGZa4E36SGdB0kRODoMK
pYfCcB1JSN29gaRMlNZ16luwAOyyLtxY6J3gx84tL6RBNqAK8an61/Qcnaxi/va6
+3GAja8BlJyX7+ovmqYqB8HeAwlxGIlmTrAdN56bFmnf
-----END CERTIFICATE-----