This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/yqsy0Xz11f8jVjNNKQk2GCjWnPI.roa
File:                     yqsy0Xz11f8jVjNNKQk2GCjWnPI.roa (raw, json)
Hash identifier:          ci+2sOrUoN9O/HRwXnIdXT2mkytFRNcvyi7A2sMYwg0=
Subject key identifier:   CA:AB:32:D1:7C:F5:D5:FF:23:56:33:4D:29:09:36:18:28:D6:9C:F2
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       019B7F84251894C80B0DF9E07061ADB3D01F
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/yqsy0Xz11f8jVjNNKQk2GCjWnPI.roa
Signing time:             Fri 02 Jan 2026 16:22:05 +0000
ROA not before:           Fri 02 Jan 2026 16:22:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205888
IP address blocks:        188.85.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:25:18:94:c8:0b:0d:f9:e0:70:61:ad:b3:d0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 16:22:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caab32d17cf5d5ff2356334d2909361828d69cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:ce:cf:6f:e3:ed:4b:26:7e:93:fe:32:af:
                    16:65:07:85:2c:c9:7f:40:f5:f3:8c:3b:19:d8:e0:
                    7b:b9:bb:86:21:68:bf:eb:d4:67:01:fe:f7:a2:8e:
                    6a:21:2c:d0:d8:56:fd:44:57:5d:5f:70:5a:3a:6e:
                    cf:28:25:b6:ca:72:aa:1d:01:43:e1:bb:c3:5e:ae:
                    e0:16:51:3a:82:86:4b:39:97:ae:8d:c8:8e:2b:0d:
                    2a:0a:50:6f:5c:ac:a6:b1:9f:3b:96:01:78:cf:6f:
                    95:b3:ae:fc:bb:3d:db:9b:ce:35:d2:d2:2c:fc:48:
                    8c:17:74:07:c5:df:dd:76:90:f8:76:e1:81:13:60:
                    48:11:0d:ec:e3:6d:c6:1c:57:c6:56:ca:87:58:ea:
                    ea:f5:a6:96:5c:fa:00:0f:82:98:7c:34:81:63:a9:
                    bb:54:74:c7:09:f4:bf:18:ed:cb:1b:58:33:99:6e:
                    41:7a:ee:89:24:f3:2c:91:fb:4e:49:a8:44:2b:71:
                    8a:f1:04:11:0e:7a:b5:51:4f:2c:92:57:e0:e1:6f:
                    95:a9:ad:c7:85:44:ad:1a:bc:f0:c9:ab:ab:92:23:
                    c2:f3:89:bb:61:47:6c:9f:07:3d:d9:28:59:2c:38:
                    4f:8c:c6:40:22:bd:48:43:64:f6:1f:7b:e8:e0:c5:
                    86:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AB:32:D1:7C:F5:D5:FF:23:56:33:4D:29:09:36:18:28:D6:9C:F2
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/yqsy0Xz11f8jVjNNKQk2GCjWnPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.85.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f3:1c:dc:6b:3b:cf:1f:84:ca:11:1d:d8:62:f5:7a:d0:af:
         b5:d1:f6:bb:4d:f1:e9:70:5d:fd:40:17:3c:d1:88:b8:e6:b8:
         8f:d5:dd:18:90:67:8d:8c:aa:b6:25:87:61:1f:37:50:a3:43:
         2b:77:5a:77:68:c7:53:cb:66:6c:8b:44:6f:ca:33:eb:58:56:
         b5:31:ac:b9:6a:d2:5a:cb:93:c5:2a:c9:49:46:59:4b:80:f1:
         60:06:5f:88:c4:39:4d:d8:2f:fb:e2:d5:c1:2b:7b:54:d1:6b:
         7d:40:21:e9:d6:1b:0b:50:83:a0:f9:31:52:08:59:8f:22:e3:
         ce:06:b7:27:d9:fc:80:c4:70:03:24:4c:de:03:7d:51:7b:ac:
         1a:c0:2f:d6:89:5a:ad:f8:cc:87:47:b7:15:1d:bd:01:50:bb:
         9d:91:87:ea:f1:c1:c9:d8:be:21:31:d4:0e:d8:41:5e:8c:45:
         b5:7a:fd:3e:52:56:30:21:4d:1c:4c:45:76:4a:59:1e:1b:ba:
         af:e5:42:fd:d1:c6:69:d5:4d:5a:a4:9f:ed:23:68:64:2c:8e:
         96:cc:c4:ee:3e:21:9b:a3:14:14:9f:fd:7f:70:e4:37:5f:ff:
         44:67:9d:3d:3c:82:c4:3f:fd:62:ce:e9:d6:bd:23:91:8a:90:
         90:35:0c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hCUYlMgLDfngcGGts9AfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjYwMTAyMTYyMjA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFiMzJkMTdjZjVkNWZmMjM1NjMzNGQyOTA5MzYxODI4ZDY5Y2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBTOz2/j7UsmfpP+Mq8WZQeFLMl/
QPXzjDsZ2OB7ubuGIWi/69RnAf73oo5qISzQ2Fb9RFddX3BaOm7PKCW2ynKqHQFD
4bvDXq7gFlE6goZLOZeujciOKw0qClBvXKymsZ87lgF4z2+Vs678uz3bm8410tIs
/EiMF3QHxd/ddpD4duGBE2BIEQ3s423GHFfGVsqHWOrq9aaWXPoAD4KYfDSBY6m7
VHTHCfS/GO3LG1gzmW5Beu6JJPMskftOSahEK3GK8QQRDnq1UU8sklfg4W+Vqa3H
hUStGrzwyaurkiPC84m7YUdsnwc92ShZLDhPjMZAIr1IQ2T2H3vo4MWGmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqrMtF89dX/I1YzTSkJNhgo1pzyMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEveXFzeTBYejExZjhqVmpOTktRazJHQ2pXblBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFWMMA0G
CSqGSIb3DQEBCwUAA4IBAQCS8xzcazvPH4TKER3YYvV60K+10fa7TfHpcF39QBc8
0Yi45riP1d0YkGeNjKq2JYdhHzdQo0Mrd1p3aMdTy2Zsi0RvyjPrWFa1May5atJa
y5PFKslJRllLgPFgBl+IxDlN2C/74tXBK3tU0Wt9QCHp1hsLUIOg+TFSCFmPIuPO
Brcn2fyAxHADJEzeA31Re6wawC/WiVqt+MyHR7cVHb0BULudkYfq8cHJ2L4hMdQO
2EFejEW1ev0+UlYwIU0cTEV2SlkeG7qv5UL90cZp1U1apJ/tI2hkLI6WzMTuPiGb
oxQUn/1/cOQ3X/9EZ509PILEP/1izunWvSORipCQNQwl
-----END CERTIFICATE-----