This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Yg6VEmwfbbcDQ4GQWUEtnEwlw_s.roa
File:                     Yg6VEmwfbbcDQ4GQWUEtnEwlw_s.roa (raw, json)
Hash identifier:          Q7ZprmPn9UYTC3Ky/1wZ9d1DcK9H/+ekHMB5suAeIi4=
Subject key identifier:   62:0E:95:12:6C:1F:6D:B7:03:43:81:90:59:41:2D:9C:4C:25:C3:FB
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14C2F006189FD147D3346888FB1940
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Yg6VEmwfbbcDQ4GQWUEtnEwlw_s.roa
Signing time:             Fri 02 Jan 2026 14:20:25 +0000
ROA not before:           Fri 02 Jan 2026 14:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209554
IP address blocks:        194.231.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:c2:f0:06:18:9f:d1:47:d3:34:68:88:fb:19:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=620e95126c1f6db70343819059412d9c4c25c3fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2b:64:7f:c2:7b:4f:39:89:2a:69:0c:13:98:
                    61:73:ea:58:3f:ea:12:13:94:9e:c4:00:58:5a:91:
                    b1:4a:d7:54:2c:71:67:44:98:08:56:bf:09:f5:ce:
                    42:d4:22:0b:2e:3d:b1:dc:15:91:10:e9:23:52:2d:
                    1e:c6:9a:e9:0e:6f:48:0b:cc:9f:9c:a1:3a:32:1a:
                    fe:ea:0a:53:cb:9f:99:e1:7b:79:f0:a0:6f:85:a4:
                    bf:df:81:c4:bc:53:1f:83:2a:75:49:ad:ac:ae:7d:
                    1e:95:8a:3a:00:14:97:7c:92:50:de:1d:ab:91:86:
                    4b:32:e1:76:c5:2b:c0:40:e7:76:dc:20:ef:ed:3f:
                    33:11:c6:7c:49:fa:20:3d:11:4e:a7:0a:a1:a7:ea:
                    ad:80:4f:28:45:86:57:b4:4c:54:f4:4e:29:4e:28:
                    71:83:1f:d4:c8:0a:fc:06:70:31:70:4b:d2:99:75:
                    b1:d9:ff:ed:5c:43:87:f8:49:e8:d2:cd:15:50:c6:
                    80:79:36:09:50:ef:a4:7f:47:c0:e4:44:a4:98:38:
                    6e:6f:3a:ca:e8:90:62:67:ec:8e:c4:b0:8b:49:49:
                    5f:a2:65:e2:14:ab:fe:06:ff:78:03:83:1f:a2:07:
                    35:5e:53:69:71:fd:a9:bc:14:e3:b0:e4:50:44:2c:
                    c1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0E:95:12:6C:1F:6D:B7:03:43:81:90:59:41:2D:9C:4C:25:C3:FB
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Yg6VEmwfbbcDQ4GQWUEtnEwlw_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:40:93:b0:36:4b:cf:36:6b:ba:8e:c3:7a:04:39:44:f0:e5:
         15:3e:46:bb:80:7b:46:e0:fb:b4:8b:79:52:dd:04:3f:ec:ef:
         91:a1:6d:b6:d8:37:46:57:2d:41:8d:23:29:75:d2:fc:06:fd:
         3a:91:be:79:ca:2f:9f:9b:34:54:32:7e:a9:ca:94:84:07:56:
         36:09:40:b5:b0:23:2e:5c:5e:ef:61:6d:a2:f0:3f:e5:fe:42:
         04:b6:2c:b5:3e:7a:a6:20:7a:4c:5f:17:2f:24:2d:68:d9:91:
         31:67:e6:2f:ea:ae:4d:85:b1:f8:b3:d8:9d:d4:e8:ae:1d:e6:
         21:c8:e6:10:dc:4e:4c:72:aa:56:e0:d7:01:6c:05:b3:53:af:
         d7:2a:88:b5:34:26:60:5c:d6:44:c9:e5:6e:80:aa:e1:80:ad:
         a3:2c:17:c8:96:c6:1c:11:d0:dc:b5:f0:c1:40:f4:82:d8:4b:
         5c:db:fc:0f:ff:b7:04:4a:6d:71:9f:94:b2:53:0a:d2:ab:fe:
         45:97:fd:6d:c4:b0:e7:17:7f:b0:18:81:b1:d0:8c:13:89:b9:
         fe:50:59:77:97:04:cc:b5:5b:61:cc:89:31:91:61:08:ff:f0:
         b7:4c:b1:ce:58:38:38:30:72:d4:f8:74:f4:7f:bc:87:c2:4c:
         e9:b3:ed:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FMLwBhif0UfTNGiI+xlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBlOTUxMjZjMWY2ZGI3MDM0MzgxOTA1OTQxMmQ5YzRjMjVjM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCtkf8J7TzmJKmkME5hhc+pYP+oS
E5SexABYWpGxStdULHFnRJgIVr8J9c5C1CILLj2x3BWREOkjUi0exprpDm9IC8yf
nKE6Mhr+6gpTy5+Z4Xt58KBvhaS/34HEvFMfgyp1Sa2srn0elYo6ABSXfJJQ3h2r
kYZLMuF2xSvAQOd23CDv7T8zEcZ8SfogPRFOpwqhp+qtgE8oRYZXtExU9E4pTihx
gx/UyAr8BnAxcEvSmXWx2f/tXEOH+Eno0s0VUMaAeTYJUO+kf0fA5ESkmDhubzrK
6JBiZ+yOxLCLSUlfomXiFKv+Bv94A4Mfogc1XlNpcf2pvBTjsORQRCzBEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIOlRJsH223A0OBkFlBLZxMJcP7MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvWWc2VkVtd2ZiYmNEUTRHUVdVRXRuRXdsd19zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueVMA0G
CSqGSIb3DQEBCwUAA4IBAQBZQJOwNkvPNmu6jsN6BDlE8OUVPka7gHtG4Pu0i3lS
3QQ/7O+RoW222DdGVy1BjSMpddL8Bv06kb55yi+fmzRUMn6pypSEB1Y2CUC1sCMu
XF7vYW2i8D/l/kIEtiy1PnqmIHpMXxcvJC1o2ZExZ+Yv6q5NhbH4s9id1OiuHeYh
yOYQ3E5McqpW4NcBbAWzU6/XKoi1NCZgXNZEyeVugKrhgK2jLBfIlsYcEdDctfDB
QPSC2Etc2/wP/7cESm1xn5SyUwrSq/5Fl/1txLDnF3+wGIGx0IwTibn+UFl3lwTM
tVthzIkxkWEI//C3TLHOWDg4MHLU+HT0f7yHwkzps+2D
-----END CERTIFICATE-----