This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yflRQXgc3sRXtlMhgbPQejPgA54.roa
File:                     yflRQXgc3sRXtlMhgbPQejPgA54.roa (raw, json)
Hash identifier:          ELCJ/0UNTdR4XmPGdTDQGIRX33BsOogxgdA0Xu5bAP0=
Subject key identifier:   C9:F9:51:41:78:1C:DE:C4:57:B6:53:21:81:B3:D0:7A:33:E0:03:9E
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019B7F841614CB3AF9AD0B569EF3CB17C8D5
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yflRQXgc3sRXtlMhgbPQejPgA54.roa
Signing time:             Fri 02 Jan 2026 16:22:01 +0000
ROA not before:           Fri 02 Jan 2026 16:22:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397513
IP address blocks:        2a01:488:bb0e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:16:14:cb:3a:f9:ad:0b:56:9e:f3:cb:17:c8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 16:22:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9f95141781cdec457b6532181b3d07a33e0039e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:48:b1:4a:50:aa:61:93:79:83:67:3e:16:eb:
                    eb:31:6d:de:29:85:87:42:ea:b2:32:7b:ea:70:6e:
                    6a:f2:fb:98:d9:17:54:56:05:8f:1c:dd:a9:08:b6:
                    e2:9d:4d:76:69:04:19:c7:f5:e0:f6:d6:f4:b6:8f:
                    87:68:d4:95:10:95:52:04:01:ab:92:88:4a:ac:7b:
                    25:d7:33:ad:6b:fe:0c:f7:29:d5:ca:34:26:78:4a:
                    9d:ae:cb:24:60:a1:05:73:1d:a3:51:a8:a2:c0:4a:
                    89:35:a9:cf:e0:27:de:c4:e5:c8:91:49:ab:79:2a:
                    ab:8d:40:1a:15:9d:56:72:80:a1:2a:37:b0:cc:5f:
                    90:f7:c8:73:be:7d:a7:7f:40:13:c2:75:01:b2:9c:
                    ae:56:c9:e2:b8:36:d3:32:18:a2:d1:6d:c0:04:0d:
                    ae:e0:41:f3:91:54:3c:3a:28:d3:8b:ec:f0:59:4e:
                    55:ed:89:df:b5:6a:99:aa:6a:d3:63:48:b8:e6:e9:
                    7f:94:a1:eb:51:c2:ff:27:f1:cd:99:44:33:e5:59:
                    f6:bb:78:1d:4f:dc:9e:6e:f6:d3:12:b5:71:2c:f5:
                    19:3f:e0:41:44:c8:f9:82:16:e5:de:24:b9:52:9b:
                    96:21:05:69:c1:51:31:ba:29:b4:ce:0f:a9:3b:bd:
                    a2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F9:51:41:78:1C:DE:C4:57:B6:53:21:81:B3:D0:7A:33:E0:03:9E
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yflRQXgc3sRXtlMhgbPQejPgA54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb0e::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:77:bc:59:56:03:88:60:df:d0:b8:97:b6:0f:19:6c:d1:b6:
         5d:30:87:3e:f8:15:7f:d6:dd:9b:e4:16:87:29:08:80:fb:34:
         b4:e0:cb:b8:ce:43:61:70:a0:04:01:81:40:e1:eb:ab:1b:54:
         92:e1:56:2b:73:b9:22:ef:50:42:57:e7:97:bd:77:ff:d5:52:
         7a:3c:92:30:a4:72:00:47:40:48:2d:1c:e0:c7:26:1e:c8:74:
         c4:62:c4:c9:4c:f3:9d:de:ae:02:f3:73:06:a5:e5:89:04:21:
         09:d5:be:6b:c0:bc:d6:c2:24:81:f0:25:05:98:91:a6:1c:63:
         00:24:37:fe:f2:2b:e0:2c:d1:63:7c:21:6b:0f:c7:b4:c9:ed:
         1a:e8:76:e0:d7:69:8d:05:4c:cf:50:76:c9:ad:1d:83:25:b9:
         bc:dc:76:68:68:ee:3d:a5:f7:a0:94:c7:22:6f:ef:41:bc:07:
         aa:25:05:80:97:68:97:81:d4:6c:33:4d:8a:e9:3b:72:a4:58:
         5f:68:46:ff:78:71:44:80:bf:36:72:20:7d:e3:42:36:ee:7c:
         e2:c5:70:da:5a:57:b0:09:dd:e9:07:35:2a:67:f1:26:db:a4:
         af:eb:f6:2b:c3:b0:6f:9f:1c:5a:04:8c:eb:22:d3:27:19:de:
         1d:07:67:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hBYUyzr5rQtWnvPLF8jVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMTAyMTYyMjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY5NTE0MTc4MWNkZWM0NTdiNjUzMjE4MWIzZDA3YTMzZTAwMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kixSlCqYZN5g2c+FuvrMW3eKYWH
QuqyMnvqcG5q8vuY2RdUVgWPHN2pCLbinU12aQQZx/Xg9tb0to+HaNSVEJVSBAGr
kohKrHsl1zOta/4M9ynVyjQmeEqdrsskYKEFcx2jUaiiwEqJNanP4CfexOXIkUmr
eSqrjUAaFZ1WcoChKjewzF+Q98hzvn2nf0ATwnUBspyuVsniuDbTMhii0W3ABA2u
4EHzkVQ8OijTi+zwWU5V7YnftWqZqmrTY0i45ul/lKHrUcL/J/HNmUQz5Vn2u3gd
T9yebvbTErVxLPUZP+BBRMj5ghbl3iS5UpuWIQVpwVExuim0zg+pO72iyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMn5UUF4HN7EV7ZTIYGz0Hoz4AOeMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEveWZsUlFYZ2Mzc1JYdGxNaGdiUFFlalBnQTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsO
MA0GCSqGSIb3DQEBCwUAA4IBAQCsd7xZVgOIYN/QuJe2Dxls0bZdMIc++BV/1t2b
5BaHKQiA+zS04Mu4zkNhcKAEAYFA4eurG1SS4VYrc7ki71BCV+eXvXf/1VJ6PJIw
pHIAR0BILRzgxyYeyHTEYsTJTPOd3q4C83MGpeWJBCEJ1b5rwLzWwiSB8CUFmJGm
HGMAJDf+8ivgLNFjfCFrD8e0ye0a6Hbg12mNBUzPUHbJrR2DJbm83HZoaO49pfeg
lMcib+9BvAeqJQWAl2iXgdRsM02K6TtypFhfaEb/eHFEgL82ciB940I27nzixXDa
WlewCd3pBzUqZ/Em26Sv6/Yrw7BvnxxaBIzrItMnGd4dB2dl
-----END CERTIFICATE-----