This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YPJDYVYIDjteAJ95vKZaIRYGL3g.roa
File:                     YPJDYVYIDjteAJ95vKZaIRYGL3g.roa (raw, json)
Hash identifier:          sNPPgLJqMfMVLlDzJAa40Y0v1iOlKeP2KYVSWomo16Y=
Subject key identifier:   60:F2:43:61:56:08:0E:3B:5E:00:9F:79:BC:A6:5A:21:16:06:2F:78
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019B7B36BFF3F3807AA125831FD53CD4AAEC
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YPJDYVYIDjteAJ95vKZaIRYGL3g.roa
Signing time:             Thu 01 Jan 2026 20:19:04 +0000
ROA not before:           Thu 01 Jan 2026 20:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        185.250.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:bf:f3:f3:80:7a:a1:25:83:1f:d5:3c:d4:aa:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 20:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60f2436156080e3b5e009f79bca65a2116062f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6e:f6:99:46:fa:92:5b:ab:32:7f:8e:4c:39:
                    eb:f7:f4:4f:46:14:87:7c:40:ca:f4:53:21:49:0b:
                    80:a2:d7:9f:c8:ea:3f:51:4a:2b:b5:63:57:a4:02:
                    7e:89:3c:69:f1:37:a7:6b:8b:91:46:f5:e8:c4:04:
                    4c:c6:02:82:2e:1b:35:15:6b:bc:8a:ae:a2:10:10:
                    17:b8:b9:c5:05:32:b7:1e:7b:7c:22:15:01:65:b2:
                    c0:b5:1c:99:b2:0b:94:9a:7c:f4:b2:24:dd:1f:a2:
                    9e:c8:22:8b:52:62:b2:c1:49:f9:73:78:6c:af:14:
                    48:f4:70:1b:03:fa:43:cb:a3:55:10:89:e8:0a:00:
                    ba:13:26:88:a1:1e:b5:54:3e:a8:9e:95:03:85:48:
                    8e:2b:db:e6:65:ef:fc:af:0c:29:58:ca:52:87:08:
                    d0:11:9f:79:34:bc:c6:9c:c9:06:96:19:46:99:30:
                    89:4f:6a:9f:ac:6e:6e:8b:3d:1d:40:af:64:eb:18:
                    c2:bb:f6:c4:61:af:aa:01:08:ae:9a:37:08:4d:ea:
                    db:b0:a8:70:e5:47:fa:b2:58:d8:dc:e0:58:3d:36:
                    78:cd:2c:96:a7:c5:81:3c:26:c8:c4:fa:68:89:f1:
                    85:1c:22:33:da:eb:e5:f3:8f:5a:47:60:ef:7c:d2:
                    84:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F2:43:61:56:08:0E:3B:5E:00:9F:79:BC:A6:5A:21:16:06:2F:78
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/YPJDYVYIDjteAJ95vKZaIRYGL3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d1:7f:34:43:e5:7e:56:70:01:8c:2d:9e:1d:3a:10:9a:b2:
         ae:9c:2c:67:51:23:59:06:31:a6:9d:29:a6:6b:d0:34:20:7e:
         47:38:8a:3f:eb:f6:8c:ad:cd:06:62:4a:8f:a4:f6:65:f2:be:
         b7:94:90:1d:07:c9:6c:9c:72:7a:43:ba:70:e7:cb:ee:5b:b6:
         13:9c:c4:3d:bb:e1:42:22:cf:f5:3e:f9:ee:ab:8b:a9:1e:0c:
         ce:1f:6e:88:8e:2f:da:a2:63:80:6e:8d:d1:64:4c:45:78:c7:
         6c:77:13:fd:35:ce:27:66:94:9f:dd:c0:bb:02:94:c6:2e:a1:
         dd:49:ca:d6:aa:2f:31:e3:c4:8a:62:f7:7e:61:66:89:f6:2b:
         e3:93:f8:7d:ef:78:e1:ac:15:45:75:ac:97:6f:24:f0:b0:11:
         f0:18:b5:6c:c0:e3:d6:90:4f:4e:ff:55:26:85:ab:ba:99:73:
         43:d8:0c:a8:0c:71:12:a0:30:81:dc:89:3f:20:16:e3:ea:44:
         8b:30:80:ad:c6:09:94:2c:59:39:39:1a:61:cd:8e:b6:56:0c:
         d4:ff:85:68:60:18:ca:f2:cb:6e:a2:cd:cc:82:01:41:f6:58:
         ac:ce:4f:4e:30:76:75:ea:9c:05:be:95:14:85:0a:75:40:b9:
         f1:6e:fd:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nr/z84B6oSWDH9U81KrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjYwMTAxMjAxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGYyNDM2MTU2MDgwZTNiNWUwMDlmNzliY2E2NWEyMTE2MDYyZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG72mUb6klurMn+OTDnr9/RPRhSH
fEDK9FMhSQuAotefyOo/UUortWNXpAJ+iTxp8Tena4uRRvXoxARMxgKCLhs1FWu8
iq6iEBAXuLnFBTK3Hnt8IhUBZbLAtRyZsguUmnz0siTdH6KeyCKLUmKywUn5c3hs
rxRI9HAbA/pDy6NVEInoCgC6EyaIoR61VD6onpUDhUiOK9vmZe/8rwwpWMpShwjQ
EZ95NLzGnMkGlhlGmTCJT2qfrG5uiz0dQK9k6xjCu/bEYa+qAQiumjcITerbsKhw
5Uf6sljY3OBYPTZ4zSyWp8WBPCbIxPpoifGFHCIz2uvl849aR2DvfNKE7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDyQ2FWCA47XgCfebymWiEWBi94MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvWVBKRFlWWUlEanRlQUo5NXZLWmFJUllHTDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufobMA0G
CSqGSIb3DQEBCwUAA4IBAQBO0X80Q+V+VnABjC2eHToQmrKunCxnUSNZBjGmnSmm
a9A0IH5HOIo/6/aMrc0GYkqPpPZl8r63lJAdB8lsnHJ6Q7pw58vuW7YTnMQ9u+FC
Is/1Pvnuq4upHgzOH26Iji/aomOAbo3RZExFeMdsdxP9Nc4nZpSf3cC7ApTGLqHd
ScrWqi8x48SKYvd+YWaJ9ivjk/h973jhrBVFdayXbyTwsBHwGLVswOPWkE9O/1Um
hau6mXND2AyoDHESoDCB3Ik/IBbj6kSLMICtxgmULFk5ORphzY62VgzU/4VoYBjK
8stuos3MggFB9liszk9OMHZ16pwFvpUUhQp1QLnxbv14
-----END CERTIFICATE-----