This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/YR_Sklpw1rT1jn14ENZmY_YlgSc.roa
File:                     YR_Sklpw1rT1jn14ENZmY_YlgSc.roa (raw, json)
Hash identifier:          a6i5iaFNJsMyMSeoRuHDFzGc9ROq7AMhUx/2K/zffhI=
Subject key identifier:   61:1F:D2:92:5A:70:D6:B4:F5:8E:7D:78:10:D6:66:63:F6:25:81:27
Certificate issuer:       /CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
Certificate serial:       019B7BA468173D923853D427075F032BDDFF
Authority key identifier: AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/YR_Sklpw1rT1jn14ENZmY_YlgSc.roa
Signing time:             Thu 01 Jan 2026 22:18:50 +0000
ROA not before:           Thu 01 Jan 2026 22:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20910
IP address blocks:        178.213.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:68:17:3d:92:38:53:d4:27:07:5f:03:2b:dd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
        Validity
            Not Before: Jan  1 22:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=611fd2925a70d6b4f58e7d7810d66663f6258127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:71:d3:f6:2c:9f:ea:25:eb:3b:96:d1:9f:d1:
                    7b:e4:aa:9e:4c:56:4c:dd:d6:3c:df:43:94:be:a6:
                    ac:86:5e:91:8c:40:bc:3d:27:65:f9:78:57:ec:4a:
                    f5:85:c2:cd:30:8b:47:5e:fd:16:c2:23:03:76:49:
                    71:a3:ad:74:9d:f0:ee:c6:d5:3d:5d:93:3d:6e:5b:
                    55:3a:61:03:39:a7:e0:ec:cd:37:53:98:17:95:fc:
                    05:af:15:1e:a7:b3:b7:0b:47:b2:16:23:29:2f:c9:
                    d3:05:b1:88:1f:5d:dc:f3:64:04:9d:d9:68:c2:a1:
                    51:cb:4c:5f:0a:6c:29:c5:37:61:fa:2c:46:3d:8e:
                    8a:cd:2e:ed:6b:f2:e5:6d:12:67:b1:14:38:d2:97:
                    89:f0:3e:7b:28:77:93:b5:97:48:e2:a8:33:4b:92:
                    a5:89:f6:23:26:35:d3:76:32:d7:69:25:ba:4b:92:
                    d6:35:7c:6c:51:20:f4:fc:7e:ca:f3:cf:30:84:25:
                    41:5f:5e:a2:18:36:fd:94:98:d3:d5:be:07:39:66:
                    89:ea:52:f6:8c:db:58:72:64:fe:d5:8b:27:7f:db:
                    45:aa:01:05:76:48:74:7e:a3:47:d8:a7:ca:61:44:
                    c9:09:f1:cf:03:7a:d4:26:95:3e:76:c9:6e:0e:8b:
                    0d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1F:D2:92:5A:70:D6:B4:F5:8E:7D:78:10:D6:66:63:F6:25:81:27
            X509v3 Authority Key Identifier:
                keyid:AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/YR_Sklpw1rT1jn14ENZmY_YlgSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:4a:97:48:31:22:ae:f1:4b:1d:7e:e4:a8:96:fd:cf:f3:2a:
         1a:c8:94:36:70:22:b4:00:a8:00:72:62:58:be:28:3b:d8:36:
         25:52:1f:14:31:6e:29:bc:99:18:08:f8:fd:72:f4:18:3f:83:
         17:ca:73:a3:ec:c6:1c:e1:bd:3c:37:88:cb:da:80:d3:19:5f:
         49:b4:00:7d:72:07:9b:44:3d:18:f7:ba:61:c6:dc:12:10:15:
         bc:1a:6b:ac:47:63:08:07:78:bd:f4:5c:e3:81:98:f1:90:ee:
         c1:62:18:02:d0:3e:d7:e4:04:4d:1a:4f:3b:2f:11:c7:bd:2a:
         65:95:5a:4a:89:5e:de:cd:ab:30:fd:3c:f4:e6:d8:80:58:e4:
         16:07:69:23:dc:b7:01:ec:13:cb:fd:68:a5:ea:e5:ac:94:e5:
         8f:c3:fb:28:79:78:d2:4d:03:26:2e:40:c5:d8:b2:35:ba:ee:
         86:11:79:ee:c2:12:c5:b0:4c:5b:9c:bc:a5:7d:5b:7f:5d:a6:
         cf:f8:4d:69:66:7c:5c:04:42:c9:2d:ea:ea:23:1a:a5:0b:dc:
         d1:af:76:0e:57:ff:37:36:09:74:96:18:77:ae:52:9a:65:21:
         28:30:d9:f9:6c:cb:4e:f0:60:eb:ba:14:9d:79:16:3e:df:18:
         ab:19:35:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pGgXPZI4U9QnB18DK93/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGVkMzNiNzBiZTZjYzIwYzg5ZmJiYWM3N2E1OWNhM2I0
YzA5MzQwHhcNMjYwMTAxMjIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFmZDI5MjVhNzBkNmI0ZjU4ZTdkNzgxMGQ2NjY2M2Y2MjU4MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznHT9iyf6iXrO5bRn9F75KqeTFZM
3dY830OUvqashl6RjEC8PSdl+XhX7Er1hcLNMItHXv0WwiMDdklxo610nfDuxtU9
XZM9bltVOmEDOafg7M03U5gXlfwFrxUep7O3C0eyFiMpL8nTBbGIH13c82QEndlo
wqFRy0xfCmwpxTdh+ixGPY6KzS7ta/LlbRJnsRQ40peJ8D57KHeTtZdI4qgzS5Kl
ifYjJjXTdjLXaSW6S5LWNXxsUSD0/H7K888whCVBX16iGDb9lJjT1b4HOWaJ6lL2
jNtYcmT+1Ysnf9tFqgEFdkh0fqNH2KfKYUTJCfHPA3rUJpU+dsluDosN7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEf0pJacNa09Y59eBDWZmP2JYEnMB8GA1UdIwQY
MBaAFK6O0ztwvmzCDIn7usd6Wco7TAk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUt
MDRkYmM5YWMxNDQ0LzEvWVJfU2tscHcxclQxam4xNEVOWm1ZX1lsZ1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUtMDRkYmM5YWMxNDQ0
LzEvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBSSpdIMSKu8UsdfuSolv3P8yoayJQ2cCK0AKgAcmJY
vig72DYlUh8UMW4pvJkYCPj9cvQYP4MXynOj7MYc4b08N4jL2oDTGV9JtAB9cgeb
RD0Y97phxtwSEBW8GmusR2MIB3i99FzjgZjxkO7BYhgC0D7X5ARNGk87LxHHvSpl
lVpKiV7ezasw/Tz05tiAWOQWB2kj3LcB7BPL/Wil6uWslOWPw/soeXjSTQMmLkDF
2LI1uu6GEXnuwhLFsExbnLylfVt/XabP+E1pZnxcBELJLerqIxqlC9zRr3YOV/83
Ngl0lhh3rlKaZSEoMNn5bMtO8GDruhSdeRY+3xirGTVE
-----END CERTIFICATE-----