This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/YB8uK3pVluHiYzZPZMIZIoTnMfI.roa
File:                     YB8uK3pVluHiYzZPZMIZIoTnMfI.roa (raw, json)
Hash identifier:          7tVqBE7ngonAMrRLqWAl1nUrhE0O3jGUi08m3ADIJNY=
Subject key identifier:   60:1F:2E:2B:7A:55:96:E1:E2:63:36:4F:64:C2:19:22:84:E7:31:F2
Certificate issuer:       /CN=a6c6fca75269c6b010a6fa7109e4315e06a083dc
Certificate serial:       019B78A36A8A5D1A6F21CE120FF46F59DEA6
Authority key identifier: A6:C6:FC:A7:52:69:C6:B0:10:A6:FA:71:09:E4:31:5E:06:A0:83:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/psb8p1JpxrAQpvpxCeQxXgagg9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/YB8uK3pVluHiYzZPZMIZIoTnMfI.roa
Signing time:             Thu 01 Jan 2026 08:18:54 +0000
ROA not before:           Thu 01 Jan 2026 08:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        193.161.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/psb8p1JpxrAQpvpxCeQxXgagg9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/psb8p1JpxrAQpvpxCeQxXgagg9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/psb8p1JpxrAQpvpxCeQxXgagg9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6a:8a:5d:1a:6f:21:ce:12:0f:f4:6f:59:de:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6c6fca75269c6b010a6fa7109e4315e06a083dc
        Validity
            Not Before: Jan  1 08:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=601f2e2b7a5596e1e263364f64c2192284e731f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3f:91:9d:83:5d:c8:cb:c7:f6:62:f5:4a:35:
                    3e:77:3e:1d:a7:fd:43:61:17:fa:2b:4a:6b:db:49:
                    57:38:c8:56:ed:1a:10:4b:c0:68:73:4d:79:06:43:
                    01:a5:1c:8c:3a:69:94:2f:6c:05:06:98:b2:64:1f:
                    02:f9:1b:f9:e6:ae:f4:fc:93:72:0e:79:0e:fa:a0:
                    8f:65:7f:78:79:b9:95:51:50:27:e3:dc:88:78:5d:
                    9f:2f:01:5b:7e:bb:0c:42:d0:8f:85:d1:a4:66:ae:
                    6a:b1:35:47:25:f2:f5:30:a2:41:ea:25:5b:6e:a2:
                    a5:0a:71:5d:04:2d:4f:f3:e0:a5:66:b7:2b:86:47:
                    1f:21:cc:81:b8:fc:4c:8b:23:17:e2:13:07:31:eb:
                    76:3e:d2:f5:eb:2e:d4:f9:29:2e:06:b1:f7:c0:d7:
                    ea:88:02:9d:76:d7:16:72:32:f6:b5:41:bf:dd:7f:
                    57:97:fe:51:30:fc:41:f7:cc:e5:b3:8f:16:d3:2f:
                    df:7f:44:59:ab:34:2c:ca:ef:7e:c4:98:2e:dd:a5:
                    a8:86:a7:3b:b6:53:b0:8a:d3:06:8b:aa:1c:6d:90:
                    ff:92:15:6c:2d:f7:bc:59:be:9a:07:6f:11:27:79:
                    10:8d:40:51:91:0d:3a:12:8b:be:39:fd:d3:64:eb:
                    4f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1F:2E:2B:7A:55:96:E1:E2:63:36:4F:64:C2:19:22:84:E7:31:F2
            X509v3 Authority Key Identifier:
                keyid:A6:C6:FC:A7:52:69:C6:B0:10:A6:FA:71:09:E4:31:5E:06:A0:83:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/psb8p1JpxrAQpvpxCeQxXgagg9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/YB8uK3pVluHiYzZPZMIZIoTnMfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/eab7ef-8cd6-4dfe-8f1e-86e29f05eb97/1/psb8p1JpxrAQpvpxCeQxXgagg9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0c:2f:1e:ab:25:e8:c0:dd:92:73:b7:dd:c9:01:4f:fa:a7:5c:
         03:19:5a:31:82:02:36:d8:1f:d4:6e:3c:9f:ad:17:24:83:bb:
         83:71:b2:bb:2a:11:36:25:74:0c:bc:64:a4:12:61:32:e1:26:
         8c:e3:af:08:a1:96:52:fb:bc:89:e1:e2:06:91:a3:02:98:93:
         ee:71:d0:f4:47:cf:c2:b7:b2:d9:cf:87:30:4c:3a:59:63:93:
         e8:b5:54:68:9d:39:dd:14:d1:b1:20:75:aa:f6:15:e4:f3:62:
         4c:a7:fb:42:87:fb:81:ce:a0:3e:96:91:cc:e5:f8:db:5b:7c:
         d8:e7:36:89:7e:ae:4e:a8:db:99:38:7d:38:24:bc:0b:c1:34:
         68:35:3d:a5:cd:87:f2:fb:77:f3:a0:9c:e2:1a:53:95:71:fe:
         95:38:7f:f4:53:60:0b:5f:ac:f8:b2:46:16:57:2c:f4:f1:da:
         9e:ce:78:44:c9:10:78:8d:60:b3:e0:37:11:e8:98:03:89:f3:
         82:83:0f:9f:43:68:dc:cf:14:ad:00:13:b4:3c:39:ec:14:d6:
         67:8c:c9:e1:74:9e:1b:7b:9d:63:d3:d3:cd:f8:bd:27:68:d1:
         c8:dd:98:71:ee:9f:42:95:f1:cb:bf:40:f2:b8:a9:58:fa:88:
         0f:dd:d2:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2qKXRpvIc4SD/RvWd6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YzZmY2E3NTI2OWM2YjAxMGE2ZmE3MTA5ZTQzMTVlMDZh
MDgzZGMwHhcNMjYwMTAxMDgxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDFmMmUyYjdhNTU5NmUxZTI2MzM2NGY2NGMyMTkyMjg0ZTczMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT+RnYNdyMvH9mL1SjU+dz4dp/1D
YRf6K0pr20lXOMhW7RoQS8Boc015BkMBpRyMOmmUL2wFBpiyZB8C+Rv55q70/JNy
DnkO+qCPZX94ebmVUVAn49yIeF2fLwFbfrsMQtCPhdGkZq5qsTVHJfL1MKJB6iVb
bqKlCnFdBC1P8+ClZrcrhkcfIcyBuPxMiyMX4hMHMet2PtL16y7U+SkuBrH3wNfq
iAKddtcWcjL2tUG/3X9Xl/5RMPxB98zls48W0y/ff0RZqzQsyu9+xJgu3aWohqc7
tlOwitMGi6ocbZD/khVsLfe8Wb6aB28RJ3kQjUBRkQ06Eou+Of3TZOtPNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAfLit6VZbh4mM2T2TCGSKE5zHyMB8GA1UdIwQY
MBaAFKbG/KdSacawEKb6cQnkMV4GoIPcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHNiOHAxSnB4ckFRcHZweENlUXhYZ2FnZzl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lYWI3ZWYtOGNkNi00ZGZlLThmMWUt
ODZlMjlmMDVlYjk3LzEvWUI4dUszcFZsdUhpWXpaUFpNSVpJb1RuTWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lYWI3ZWYtOGNkNi00ZGZlLThmMWUtODZlMjlmMDVlYjk3
LzEvcHNiOHAxSnB4ckFRcHZweENlUXhYZ2FnZzl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwaFgMA0G
CSqGSIb3DQEBCwUAA4IBAQAMLx6rJejA3ZJzt93JAU/6p1wDGVoxggI22B/Ubjyf
rRckg7uDcbK7KhE2JXQMvGSkEmEy4SaM468IoZZS+7yJ4eIGkaMCmJPucdD0R8/C
t7LZz4cwTDpZY5PotVRonTndFNGxIHWq9hXk82JMp/tCh/uBzqA+lpHM5fjbW3zY
5zaJfq5OqNuZOH04JLwLwTRoNT2lzYfy+3fzoJziGlOVcf6VOH/0U2ALX6z4skYW
Vyz08dqeznhEyRB4jWCz4DcR6JgDifOCgw+fQ2jczxStABO0PDnsFNZnjMnhdJ4b
e51j09PN+L0naNHI3Zhx7p9ClfHLv0DyuKlY+ogP3dJa
-----END CERTIFICATE-----