This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/YLu7TqT2RSl1_BNUUxUt12edQaA.roa
File:                     YLu7TqT2RSl1_BNUUxUt12edQaA.roa (raw, json)
Hash identifier:          paF/KBHEk0JOZSKhbJ4oeNoOGAfMADsXOpIZVHL7RNY=
Subject key identifier:   60:BB:BB:4E:A4:F6:45:29:75:FC:13:54:53:15:2D:D7:67:9D:41:A0
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       019B7C804C4A8062B91FF68AE97BD227580F
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/YLu7TqT2RSl1_BNUUxUt12edQaA.roa
Signing time:             Fri 02 Jan 2026 02:19:01 +0000
ROA not before:           Fri 02 Jan 2026 02:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49367
IP address blocks:        91.230.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:4c:4a:80:62:b9:1f:f6:8a:e9:7b:d2:27:58:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  2 02:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60bbbb4ea4f6452975fc135453152dd7679d41a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0f:c4:3b:b5:0e:69:1e:d9:78:7f:17:85:6a:
                    a9:09:35:c3:8e:4b:ff:6b:dd:f2:61:59:3e:5c:7c:
                    fb:5d:e5:45:01:1e:e0:81:a4:d9:7e:2c:9f:a0:3f:
                    5c:03:67:82:be:92:d1:ee:a5:a0:56:f1:a6:86:97:
                    54:27:13:0a:c9:4c:a4:88:1b:68:a9:10:28:79:33:
                    a0:e3:92:a4:a9:27:42:d2:48:74:3a:09:f1:6c:88:
                    0f:b9:43:40:25:dd:83:ab:41:3e:22:8e:c9:ef:14:
                    21:ff:fd:dc:b2:9f:62:80:1a:5b:46:43:35:38:89:
                    28:18:76:23:bf:a0:8d:e3:df:0f:f8:38:7d:53:95:
                    3f:13:11:b6:2a:7a:a3:41:3c:91:f2:7f:0a:82:66:
                    f3:fc:8a:9b:12:97:81:f2:c7:2d:a1:45:fd:f1:09:
                    c6:80:9f:05:c4:17:80:19:cc:c6:ef:0d:84:30:ed:
                    16:75:aa:16:95:6d:6b:a1:5c:e9:36:d1:40:bc:9a:
                    80:c4:98:0c:b8:8d:40:ea:6c:26:72:6d:81:0b:00:
                    df:9c:a2:63:de:28:83:85:24:fe:76:dc:9d:bf:a2:
                    f3:2c:d4:d1:cd:a9:58:48:1d:93:ce:68:4a:97:f2:
                    2a:01:c0:4f:8f:8c:d8:33:67:0c:a1:3f:6e:76:22:
                    e6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:BB:BB:4E:A4:F6:45:29:75:FC:13:54:53:15:2D:D7:67:9D:41:A0
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/YLu7TqT2RSl1_BNUUxUt12edQaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:6d:f1:f7:e8:f1:45:3c:fa:8d:ba:8e:99:b1:40:4f:72:a8:
         02:52:0e:a7:90:36:70:77:9e:f0:2b:5c:4c:72:f7:e8:8b:03:
         e3:51:68:f4:6c:44:7f:4a:88:a3:9d:8d:4d:e2:41:d0:7f:c2:
         26:90:25:04:fe:31:ed:d5:d9:91:5a:8a:b7:0c:ab:4d:df:e1:
         06:32:c9:02:1f:4b:ad:6c:b9:f5:da:1f:1f:67:2f:cf:55:7b:
         53:46:a8:75:81:c9:8a:d2:c9:e3:96:3b:bb:f9:64:eb:c6:41:
         09:9f:6d:b0:19:a2:85:95:29:05:24:7e:8a:4e:c6:0d:9a:39:
         27:90:0b:20:2e:dd:6a:59:1e:39:d2:77:8f:38:28:8b:11:9c:
         70:05:00:80:af:77:10:2b:71:f5:b4:64:5a:ee:e2:62:d3:02:
         31:36:56:97:74:d8:90:ab:2b:c5:f5:82:21:49:34:e1:09:7b:
         17:cc:27:35:bb:13:bf:e0:fa:eb:db:4c:35:d4:73:7a:75:ed:
         48:f7:fc:4f:03:03:01:60:25:69:cb:43:60:de:f5:eb:ab:7c:
         3c:81:b3:4f:d7:c2:d6:d6:d5:35:88:7c:08:91:04:ad:24:d7:
         ad:67:8a:6d:6d:af:37:42:15:67:2d:a0:b9:b4:f4:8a:75:d8:
         5d:e7:ed:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gExKgGK5H/aK6XvSJ1gPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjYwMTAyMDIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGJiYmI0ZWE0ZjY0NTI5NzVmYzEzNTQ1MzE1MmRkNzY3OWQ0MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ/EO7UOaR7ZeH8XhWqpCTXDjkv/
a93yYVk+XHz7XeVFAR7ggaTZfiyfoD9cA2eCvpLR7qWgVvGmhpdUJxMKyUykiBto
qRAoeTOg45KkqSdC0kh0OgnxbIgPuUNAJd2Dq0E+Io7J7xQh//3csp9igBpbRkM1
OIkoGHYjv6CN498P+Dh9U5U/ExG2KnqjQTyR8n8Kgmbz/IqbEpeB8sctoUX98QnG
gJ8FxBeAGczG7w2EMO0WdaoWlW1roVzpNtFAvJqAxJgMuI1A6mwmcm2BCwDfnKJj
3iiDhST+dtydv6LzLNTRzalYSB2TzmhKl/IqAcBPj4zYM2cMoT9udiLmFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGC7u06k9kUpdfwTVFMVLddnnUGgMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvWUx1N1RxVDJSU2wxX0JOVVV4VXQxMmVkUWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+b3MA0G
CSqGSIb3DQEBCwUAA4IBAQBPbfH36PFFPPqNuo6ZsUBPcqgCUg6nkDZwd57wK1xM
cvfoiwPjUWj0bER/SoijnY1N4kHQf8ImkCUE/jHt1dmRWoq3DKtN3+EGMskCH0ut
bLn12h8fZy/PVXtTRqh1gcmK0snjlju7+WTrxkEJn22wGaKFlSkFJH6KTsYNmjkn
kAsgLt1qWR450nePOCiLEZxwBQCAr3cQK3H1tGRa7uJi0wIxNlaXdNiQqyvF9YIh
STThCXsXzCc1uxO/4Prr20w11HN6de1I9/xPAwMBYCVpy0Ng3vXrq3w8gbNP18LW
1tU1iHwIkQStJNetZ4ptba83QhVnLaC5tPSKddhd5+2r
-----END CERTIFICATE-----