This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/Yohrn8HNTtjhGA9URKUO2_Mby_U.roa
File:                     Yohrn8HNTtjhGA9URKUO2_Mby_U.roa (raw, json)
Hash identifier:          /XhETKRi5W1obuv4QEHTmdciLbp0sxJedBeaO8RsKsM=
Subject key identifier:   62:88:6B:9F:C1:CD:4E:D8:E1:18:0F:54:44:A5:0E:DB:F3:1B:CB:F5
Certificate issuer:       /CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
Certificate serial:       019B7A5ABB3CA91BB38DC09094C1DF90E1C9
Authority key identifier: FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/Yohrn8HNTtjhGA9URKUO2_Mby_U.roa
Signing time:             Thu 01 Jan 2026 16:18:45 +0000
ROA not before:           Thu 01 Jan 2026 16:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215098
IP address blocks:        185.220.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:bb:3c:a9:1b:b3:8d:c0:90:94:c1:df:90:e1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
        Validity
            Not Before: Jan  1 16:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62886b9fc1cd4ed8e1180f5444a50edbf31bcbf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:65:19:75:3d:ea:86:25:07:f8:f1:ed:9f:7a:
                    20:90:50:9b:10:0f:35:8a:22:68:37:06:c0:54:18:
                    66:8d:2c:8a:a3:3c:1b:07:a5:76:85:cb:9f:fc:30:
                    8f:94:5a:69:3b:83:4a:ea:96:a0:db:c0:b8:8f:91:
                    5f:96:3b:92:62:2f:bf:c0:ef:0c:ff:db:4c:43:8e:
                    d4:39:08:ba:16:f2:a2:d0:6c:8d:28:ee:11:82:12:
                    d3:45:9f:3e:74:9f:d8:cb:eb:d6:9f:11:7e:65:f3:
                    ef:bd:1a:39:f8:48:29:e2:97:e3:96:7d:94:c4:d3:
                    bf:68:e2:c3:59:71:cc:11:3f:97:c6:df:6c:60:31:
                    ba:26:6f:a3:2a:52:c8:df:fb:a3:e7:73:f0:e0:e3:
                    4e:9a:fd:50:6b:aa:a8:68:02:39:e2:12:9a:df:77:
                    b9:1b:6a:05:38:d5:47:d0:82:79:72:48:c4:f3:f4:
                    1e:c5:78:d8:c6:64:22:42:fc:fa:d7:83:ab:72:a3:
                    f9:0c:cc:bd:d5:13:ef:60:db:fa:24:03:16:70:ce:
                    2a:8f:ab:af:9a:e5:0d:a1:83:94:41:23:60:b1:46:
                    54:17:67:9d:42:14:74:48:05:9b:e8:76:91:a3:8f:
                    92:fa:c9:22:44:e8:8b:88:aa:fb:0d:fb:35:c7:1f:
                    d7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:88:6B:9F:C1:CD:4E:D8:E1:18:0F:54:44:A5:0E:DB:F3:1B:CB:F5
            X509v3 Authority Key Identifier:
                keyid:FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/Yohrn8HNTtjhGA9URKUO2_Mby_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:ec:67:e5:f1:3f:99:ed:5a:18:d1:3d:40:fd:81:70:c4:8e:
         65:36:d9:86:5a:70:82:ad:3d:02:9d:ec:c1:51:a3:0d:eb:bf:
         6b:6a:b6:f6:0e:89:af:a0:48:27:36:7a:f6:c3:cc:cb:20:64:
         12:17:f6:f8:de:30:08:02:a2:dd:f9:b5:4c:8b:6f:9c:bf:37:
         35:fe:c7:c0:47:84:17:00:86:8b:20:dd:fa:9b:96:2e:81:72:
         c8:a8:6c:1c:37:29:4a:dc:c4:da:a7:ec:f1:64:73:83:53:ad:
         a9:af:49:75:3c:11:21:b8:9a:0b:82:dc:2b:76:93:78:ad:b0:
         12:a5:18:d8:0a:75:a1:dd:35:73:d4:4b:bd:d9:c3:57:80:71:
         83:1b:ae:c3:14:a8:f5:11:b1:e7:d4:a6:6c:b9:f9:86:7f:34:
         0a:f2:8b:22:01:1d:b3:30:9d:ae:03:0d:05:8f:6c:c3:5b:34:
         77:dd:b3:9d:7b:55:8e:b1:c7:6e:ed:fc:bb:e5:91:ea:ca:6f:
         df:69:7b:dd:81:c9:6a:f9:b7:9e:23:70:fd:13:16:f4:ea:aa:
         89:2d:66:dd:54:ea:7c:27:9d:e3:0b:43:83:f0:1e:a2:40:58:
         e5:31:41:e6:dc:ce:56:27:2f:75:91:ee:fb:55:93:e8:32:b1:
         bf:13:be:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wrs8qRuzjcCQlMHfkOHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWY2MTViOTE4MzlmNTFlZDNhNWI1Mzc1M2IyN2IwMmM3
NmRhOTUwHhcNMjYwMTAxMTYxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjg4NmI5ZmMxY2Q0ZWQ4ZTExODBmNTQ0NGE1MGVkYmYzMWJjYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWUZdT3qhiUH+PHtn3ogkFCbEA81
iiJoNwbAVBhmjSyKozwbB6V2hcuf/DCPlFppO4NK6pag28C4j5FfljuSYi+/wO8M
/9tMQ47UOQi6FvKi0GyNKO4RghLTRZ8+dJ/Yy+vWnxF+ZfPvvRo5+Egp4pfjln2U
xNO/aOLDWXHMET+Xxt9sYDG6Jm+jKlLI3/uj53Pw4ONOmv1Qa6qoaAI54hKa33e5
G2oFONVH0IJ5ckjE8/QexXjYxmQiQvz614OrcqP5DMy91RPvYNv6JAMWcM4qj6uv
muUNoYOUQSNgsUZUF2edQhR0SAWb6HaRo4+S+skiROiLiKr7Dfs1xx/XFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKIa5/BzU7Y4RgPVESlDtvzG8v1MB8GA1UdIwQY
MBaAFP8fYVuRg59R7TpbU3U7J7AsdtqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQt
NzQ3NWY3MGRmOWZhLzEvWW9ocm44SE5UdGpoR0E5VVJLVU8yX01ieV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQtNzQ3NWY3MGRmOWZh
LzEvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudzCMA0G
CSqGSIb3DQEBCwUAA4IBAQB57Gfl8T+Z7VoY0T1A/YFwxI5lNtmGWnCCrT0CnezB
UaMN679rarb2DomvoEgnNnr2w8zLIGQSF/b43jAIAqLd+bVMi2+cvzc1/sfAR4QX
AIaLIN36m5YugXLIqGwcNylK3MTap+zxZHODU62pr0l1PBEhuJoLgtwrdpN4rbAS
pRjYCnWh3TVz1Eu92cNXgHGDG67DFKj1EbHn1KZsufmGfzQK8osiAR2zMJ2uAw0F
j2zDWzR33bOde1WOscdu7fy75ZHqym/faXvdgclq+beeI3D9Exb06qqJLWbdVOp8
J53jC0OD8B6iQFjlMUHm3M5WJy91ke77VZPoMrG/E74p
-----END CERTIFICATE-----