This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/YJKWmoUnloWqQAavfXfWWxqnJ5M.roa
File:                     YJKWmoUnloWqQAavfXfWWxqnJ5M.roa (raw, json)
Hash identifier:          Ka2Kdw/WOaN1bcBViqXyM0PUv8ChNL0LTlaKVsUXAN4=
Subject key identifier:   60:92:96:9A:85:27:96:85:AA:40:06:AF:7D:77:D6:5B:1A:A7:27:93
Certificate issuer:       /CN=24ba4f52ac1be0755d34bc5483c061bdf293447e
Certificate serial:       019B7D5CF26452E4233A708DF5648AB44FAB
Authority key identifier: 24:BA:4F:52:AC:1B:E0:75:5D:34:BC:54:83:C0:61:BD:F2:93:44:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/YJKWmoUnloWqQAavfXfWWxqnJ5M.roa
Signing time:             Fri 02 Jan 2026 06:20:01 +0000
ROA not before:           Fri 02 Jan 2026 06:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42415
IP address blocks:        2001:1a11:372::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:f2:64:52:e4:23:3a:70:8d:f5:64:8a:b4:4f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24ba4f52ac1be0755d34bc5483c061bdf293447e
        Validity
            Not Before: Jan  2 06:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6092969a85279685aa4006af7d77d65b1aa72793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:81:4c:e5:4e:61:1b:68:27:4c:1b:84:b8:73:
                    b4:f6:d4:3d:2e:0e:29:9e:69:ba:0f:20:01:1c:e2:
                    9f:54:79:56:75:37:40:8a:27:50:a0:5d:98:23:d0:
                    ad:b8:02:f9:94:4d:0c:09:03:6b:4e:cf:67:ef:65:
                    bc:f7:ab:bf:5a:7a:2d:26:74:cb:5c:9c:3f:0b:dc:
                    68:75:02:8e:10:da:b9:1b:c4:ef:7b:f9:d1:a8:04:
                    d2:cf:5c:72:db:e8:6b:f8:27:29:bb:cc:c4:4c:b1:
                    cd:6c:9b:76:e5:aa:04:15:a6:7a:34:d6:c1:ac:ab:
                    71:62:5d:c8:7a:cd:a4:12:6f:86:63:e3:f7:6a:be:
                    7e:dd:7a:26:15:46:16:66:1e:fb:b7:8e:00:c0:da:
                    90:55:e2:1d:aa:4b:d2:de:da:49:5d:8e:1e:f1:bd:
                    4e:6d:e9:b1:e1:a0:3f:c7:c8:84:43:4d:51:ec:5d:
                    89:27:d8:4b:1d:51:23:88:49:2e:7d:fc:b5:73:cc:
                    53:c9:9c:a1:3a:e5:a7:82:90:80:69:f9:57:af:34:
                    ed:a3:d4:53:a4:c2:bf:c4:63:78:5e:bf:34:24:8a:
                    ff:53:10:4c:ba:6e:c9:d9:48:86:29:14:e7:31:db:
                    b7:0f:4a:c0:11:50:f7:a2:99:87:2c:6c:36:88:db:
                    9a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:92:96:9A:85:27:96:85:AA:40:06:AF:7D:77:D6:5B:1A:A7:27:93
            X509v3 Authority Key Identifier:
                keyid:24:BA:4F:52:AC:1B:E0:75:5D:34:BC:54:83:C0:61:BD:F2:93:44:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLpPUqwb4HVdNLxUg8BhvfKTRH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/YJKWmoUnloWqQAavfXfWWxqnJ5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/397546-dc7b-4660-8a51-bf59fc1cb26d/1/JLpPUqwb4HVdNLxUg8BhvfKTRH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a11:372::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:32:a7:b4:55:4c:c6:de:f8:83:0c:d8:ce:ed:1b:f2:ef:f8:
         4e:97:b4:eb:7f:eb:c8:9c:4d:61:24:78:52:ab:db:78:c9:64:
         ab:86:a3:da:0a:84:2c:c7:ca:0b:48:fe:53:92:b4:d2:1b:5b:
         6a:a5:14:1d:7e:e2:14:4b:ed:7e:38:db:8c:05:c6:f8:03:6e:
         38:3d:f3:71:7a:c1:8c:4d:b8:34:0d:6b:13:fd:72:2e:ec:b7:
         14:b3:92:5e:87:6b:de:18:52:0f:29:ab:49:47:f1:03:be:b6:
         59:45:f7:96:b0:67:47:95:b3:41:e1:c8:35:20:0e:36:b5:8a:
         49:dd:e3:5f:8d:2e:9f:b0:54:ff:0e:51:67:54:16:4f:d2:33:
         48:b0:bc:0a:b5:2e:11:de:2b:bc:81:6e:02:b5:c0:a5:f3:41:
         81:12:b2:f4:3d:a4:ca:a5:f1:d4:6e:dd:36:fb:09:10:1d:c8:
         68:4e:dd:12:4d:03:58:9e:ce:23:62:6e:d5:ef:41:8d:1f:4a:
         ff:b7:72:3d:fa:6d:fb:0b:38:45:69:bf:4e:3a:f6:08:62:f3:
         3f:bf:3e:04:4e:e5:8f:db:05:ad:96:60:73:43:57:0c:0e:9f:
         75:f8:af:6e:de:79:45:c7:dd:6a:ec:d3:49:a1:d4:1b:20:68:
         04:7c:c6:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9XPJkUuQjOnCN9WSKtE+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YmE0ZjUyYWMxYmUwNzU1ZDM0YmM1NDgzYzA2MWJkZjI5
MzQ0N2UwHhcNMjYwMTAyMDYyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDkyOTY5YTg1Mjc5Njg1YWE0MDA2YWY3ZDc3ZDY1YjFhYTcyNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIFM5U5hG2gnTBuEuHO09tQ9Lg4p
nmm6DyABHOKfVHlWdTdAiidQoF2YI9CtuAL5lE0MCQNrTs9n72W896u/WnotJnTL
XJw/C9xodQKOENq5G8Tve/nRqATSz1xy2+hr+Ccpu8zETLHNbJt25aoEFaZ6NNbB
rKtxYl3Ies2kEm+GY+P3ar5+3XomFUYWZh77t44AwNqQVeIdqkvS3tpJXY4e8b1O
bemx4aA/x8iEQ01R7F2JJ9hLHVEjiEkuffy1c8xTyZyhOuWngpCAaflXrzTto9RT
pMK/xGN4Xr80JIr/UxBMum7J2UiGKRTnMdu3D0rAEVD3opmHLGw2iNuarwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCSlpqFJ5aFqkAGr3131lsapyeTMB8GA1UdIwQY
MBaAFCS6T1KsG+B1XTS8VIPAYb3yk0R+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkxwUFVxd2I0SFZkTkx4VWc4Qmh2ZktUUkg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zOTc1NDYtZGM3Yi00NjYwLThhNTEt
YmY1OWZjMWNiMjZkLzEvWUpLV21vVW5sb1dxUUFhdmZYZldXeHFuSjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zOTc1NDYtZGM3Yi00NjYwLThhNTEtYmY1OWZjMWNiMjZk
LzEvSkxwUFVxd2I0SFZkTkx4VWc4Qmh2ZktUUkg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaEQNy
MA0GCSqGSIb3DQEBCwUAA4IBAQBtMqe0VUzG3viDDNjO7Rvy7/hOl7Trf+vInE1h
JHhSq9t4yWSrhqPaCoQsx8oLSP5TkrTSG1tqpRQdfuIUS+1+ONuMBcb4A244PfNx
esGMTbg0DWsT/XIu7LcUs5Jeh2veGFIPKatJR/EDvrZZRfeWsGdHlbNB4cg1IA42
tYpJ3eNfjS6fsFT/DlFnVBZP0jNIsLwKtS4R3iu8gW4CtcCl80GBErL0PaTKpfHU
bt02+wkQHchoTt0STQNYns4jYm7V70GNH0r/t3I9+m37CzhFab9OOvYIYvM/vz4E
TuWP2wWtlmBzQ1cMDp91+K9u3nlFx91q7NNJodQbIGgEfMal
-----END CERTIFICATE-----