This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/YHt9YKkoQObFkpk4bFMfaZH83j0.roa
File:                     YHt9YKkoQObFkpk4bFMfaZH83j0.roa (raw, json)
Hash identifier:          4fsNZayDAjiJa4ZZH0ABpTRn6fHRN9+IikwCGEjvWBc=
Subject key identifier:   60:7B:7D:60:A9:28:40:E6:C5:92:99:38:6C:53:1F:69:91:FC:DE:3D
Certificate issuer:       /CN=adfff1bd771287ced4c4dd6d8a851d2ad770661d
Certificate serial:       019B7C1229B7BC562ECD56E0AFDD892D7C7D
Authority key identifier: AD:FF:F1:BD:77:12:87:CE:D4:C4:DD:6D:8A:85:1D:2A:D7:70:66:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/YHt9YKkoQObFkpk4bFMfaZH83j0.roa
Signing time:             Fri 02 Jan 2026 00:18:43 +0000
ROA not before:           Fri 02 Jan 2026 00:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1103
IP address blocks:        194.13.16.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:29:b7:bc:56:2e:cd:56:e0:af:dd:89:2d:7c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adfff1bd771287ced4c4dd6d8a851d2ad770661d
        Validity
            Not Before: Jan  2 00:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=607b7d60a92840e6c59299386c531f6991fcde3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ed:74:88:61:d7:71:ca:b6:ad:f8:b3:6b:79:
                    ff:92:34:3f:6e:8a:95:d9:87:8b:eb:95:c2:b9:c7:
                    a1:ca:33:59:46:e0:00:1f:52:ad:a8:92:c3:8e:6e:
                    44:86:47:b6:9f:cc:6c:06:1b:8e:26:f6:aa:e4:8d:
                    4c:ad:61:23:d0:d5:63:f6:53:17:65:a4:d2:5b:bd:
                    5b:27:29:d8:92:43:99:8c:c9:6f:b9:91:51:50:17:
                    2e:8f:4f:26:ce:88:b6:72:65:d5:a5:23:b0:7b:21:
                    39:90:33:8e:56:e9:e2:0d:5b:12:8e:b0:5b:73:1c:
                    43:d6:f8:bd:39:a5:ae:52:77:ae:11:3f:27:f0:fb:
                    90:5c:39:7a:b8:6a:5b:81:0e:0d:01:80:9a:db:3a:
                    f1:0c:7b:cb:ed:98:54:65:fb:b6:d8:a5:c0:af:43:
                    9c:d9:cf:c4:0c:26:59:15:3f:05:ba:69:d3:43:ba:
                    dc:c8:83:a5:40:88:26:d2:05:74:13:50:67:f7:74:
                    96:04:e6:b3:a0:cf:ee:40:67:a9:92:a2:63:00:a5:
                    c9:b9:91:21:50:ff:da:3f:78:b7:7f:78:73:76:36:
                    32:b8:66:70:3a:db:46:2a:b5:5b:c1:31:70:31:38:
                    41:0d:93:79:85:fc:0e:8f:a7:1c:dc:14:9a:a4:62:
                    06:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7B:7D:60:A9:28:40:E6:C5:92:99:38:6C:53:1F:69:91:FC:DE:3D
            X509v3 Authority Key Identifier:
                keyid:AD:FF:F1:BD:77:12:87:CE:D4:C4:DD:6D:8A:85:1D:2A:D7:70:66:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rf_xvXcSh87UxN1tioUdKtdwZh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/YHt9YKkoQObFkpk4bFMfaZH83j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/623e11-e70c-4f5b-852c-4943b4b42ebb/1/rf_xvXcSh87UxN1tioUdKtdwZh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:02:2d:e7:cc:3f:e1:b7:19:33:49:5d:02:f3:ab:ff:70:
         ca:3d:79:1f:14:fb:97:21:a9:5a:fe:4d:95:d0:50:e2:1f:1b:
         6f:15:c1:1d:72:96:6c:86:18:74:a3:37:f0:47:7c:36:02:67:
         ba:d7:8b:b9:9f:b1:f5:f3:5d:f7:09:03:8c:b3:3c:57:db:a2:
         87:37:97:3f:cc:4d:d6:ed:25:b6:52:cc:2e:e7:33:1a:6f:6c:
         19:0f:06:df:ed:a1:65:ad:7b:74:eb:d1:77:8d:f7:72:9c:de:
         99:c4:4f:b2:d2:2f:b6:f7:60:5f:cd:53:b0:ab:30:56:58:fc:
         f5:65:f0:00:b7:ab:bf:ae:5b:2e:aa:3b:b2:9a:aa:da:5f:55:
         65:06:5b:31:c4:a5:09:13:e5:a7:af:e9:60:30:88:c3:18:1e:
         12:54:a6:3e:8c:bc:2a:7f:a4:de:d3:e9:f9:2c:f3:4b:24:2f:
         fd:86:1e:2a:60:c1:61:46:c5:ef:8d:7f:eb:37:60:67:3c:0e:
         88:72:d2:cb:29:41:8a:ad:de:b2:9f:9d:3b:4f:1c:59:ff:ca:
         d1:b8:7b:d7:93:58:88:e2:79:3e:7c:89:f9:b2:68:9a:d0:5f:
         cf:f5:5e:f0:2c:0c:f7:ec:92:c8:26:d3:11:8b:6e:b6:7f:82:
         e9:19:39:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eim3vFYuzVbgr92JLXx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZmZmMWJkNzcxMjg3Y2VkNGM0ZGQ2ZDhhODUxZDJhZDc3
MDY2MWQwHhcNMjYwMTAyMDAxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdiN2Q2MGE5Mjg0MGU2YzU5Mjk5Mzg2YzUzMWY2OTkxZmNkZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO10iGHXccq2rfiza3n/kjQ/boqV
2YeL65XCucehyjNZRuAAH1KtqJLDjm5Ehke2n8xsBhuOJvaq5I1MrWEj0NVj9lMX
ZaTSW71bJynYkkOZjMlvuZFRUBcuj08mzoi2cmXVpSOweyE5kDOOVuniDVsSjrBb
cxxD1vi9OaWuUneuET8n8PuQXDl6uGpbgQ4NAYCa2zrxDHvL7ZhUZfu22KXAr0Oc
2c/EDCZZFT8FumnTQ7rcyIOlQIgm0gV0E1Bn93SWBOazoM/uQGepkqJjAKXJuZEh
UP/aP3i3f3hzdjYyuGZwOttGKrVbwTFwMThBDZN5hfwOj6cc3BSapGIGDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB7fWCpKEDmxZKZOGxTH2mR/N49MB8GA1UdIwQY
MBaAFK3/8b13EofO1MTdbYqFHSrXcGYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZfeHZYY1NoODdVeE4xdGlvVWRLdGR3WmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82MjNlMTEtZTcwYy00ZjViLTg1MmMt
NDk0M2I0YjQyZWJiLzEvWUh0OVlLa29RT2JGa3BrNGJGTWZhWkg4M2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82MjNlMTEtZTcwYy00ZjViLTg1MmMtNDk0M2I0YjQyZWJi
LzEvcmZfeHZYY1NoODdVeE4xdGlvVWRLdGR3WmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwg0QMA0G
CSqGSIb3DQEBCwUAA4IBAQBc0wIt58w/4bcZM0ldAvOr/3DKPXkfFPuXIala/k2V
0FDiHxtvFcEdcpZshhh0ozfwR3w2Ame614u5n7H18133CQOMszxX26KHN5c/zE3W
7SW2Uswu5zMab2wZDwbf7aFlrXt069F3jfdynN6ZxE+y0i+292BfzVOwqzBWWPz1
ZfAAt6u/rlsuqjuymqraX1VlBlsxxKUJE+Wnr+lgMIjDGB4SVKY+jLwqf6Te0+n5
LPNLJC/9hh4qYMFhRsXvjX/rN2BnPA6IctLLKUGKrd6yn507TxxZ/8rRuHvXk1iI
4nk+fIn5smia0F/P9V7wLAz37JLIJtMRi262f4LpGTlB
-----END CERTIFICATE-----