This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/YKk6KvjeY_RwM6-fGT6G4_ZJVx4.roa
File:                     YKk6KvjeY_RwM6-fGT6G4_ZJVx4.roa (raw, json)
Hash identifier:          CjTmvkWgMsl3+rELzvl+uMCWJONzTqE5DK9lcYaQMF0=
Subject key identifier:   60:A9:3A:2A:F8:DE:63:F4:70:33:AF:9F:19:3E:86:E3:F6:49:57:1E
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019B7D5B2AC09B83B417DB00DA1C9D42BD3D
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/YKk6KvjeY_RwM6-fGT6G4_ZJVx4.roa
Signing time:             Fri 02 Jan 2026 06:18:05 +0000
ROA not before:           Fri 02 Jan 2026 06:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208264
IP address blocks:        109.122.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:25:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:2a:c0:9b:83:b4:17:db:00:da:1c:9d:42:bd:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  2 06:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60a93a2af8de63f47033af9f193e86e3f649571e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:32:46:0e:da:b4:68:45:0b:3b:2f:39:6d:8f:
                    0c:ad:e8:f6:7d:64:89:79:87:80:1c:4f:0d:92:74:
                    4a:3d:c9:69:00:44:29:da:2c:fa:ee:72:40:5c:ee:
                    cd:56:c3:98:c0:5f:88:a0:0d:cf:c6:62:f0:94:d0:
                    12:cf:82:91:30:d7:33:05:96:d7:54:c3:e3:88:f0:
                    91:2f:36:56:6d:85:41:be:5b:4e:a8:64:8b:32:cf:
                    95:75:d8:02:8e:da:63:10:2f:97:f0:0d:5e:5a:ce:
                    41:bb:e3:b5:8f:9e:6c:4e:d3:cb:14:08:56:0c:61:
                    39:3a:81:0f:3d:13:59:22:49:f1:b5:d0:89:24:0b:
                    cf:35:2d:6a:fb:5d:71:79:09:33:8f:42:51:a9:93:
                    93:97:4c:aa:95:74:90:7f:c2:26:30:09:a6:94:e5:
                    e0:de:c9:f7:c6:27:05:f1:8b:c4:7b:92:65:85:68:
                    be:24:f5:c8:f6:94:55:60:13:a3:4e:68:2b:8b:07:
                    2c:82:65:8a:4a:94:0e:5d:b3:18:45:a7:d6:70:47:
                    3d:b8:57:4b:d2:ed:ac:55:0e:9d:4f:cb:52:2d:d2:
                    82:d5:fe:d0:24:e5:8e:4a:36:2b:9c:d5:d2:c7:7f:
                    86:8c:b4:1d:f2:67:37:c1:1f:85:dc:46:58:5a:e3:
                    4d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A9:3A:2A:F8:DE:63:F4:70:33:AF:9F:19:3E:86:E3:F6:49:57:1E
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/YKk6KvjeY_RwM6-fGT6G4_ZJVx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b9:53:68:4b:99:90:a4:8c:f4:ed:bd:af:4e:45:c9:7a:85:
         be:60:17:ac:87:f4:00:df:b1:2f:fe:05:71:74:1a:92:6d:6a:
         8d:9a:da:64:b3:01:ea:d2:5d:f0:82:21:39:be:bc:9c:c2:a1:
         ab:0c:c6:c7:f6:26:b0:ae:da:0c:c0:62:07:6a:2d:81:ce:8c:
         da:92:79:8a:0c:09:66:2b:f8:ab:4e:d5:89:c1:d2:71:69:6e:
         93:10:39:46:b9:7b:f4:07:3a:5f:d7:9c:1f:c0:0f:7a:5b:63:
         6d:6e:34:49:83:71:79:91:2b:6f:05:ab:bb:7c:6d:36:f2:94:
         07:54:08:3d:29:88:7a:eb:64:28:30:6c:e9:78:32:04:03:b9:
         be:27:2b:e2:9e:06:98:0a:26:94:0f:07:a5:a0:58:a7:18:ac:
         19:73:35:ee:8c:46:7a:52:ec:55:46:74:96:60:96:28:6c:81:
         16:86:a7:f8:34:6f:ad:79:02:b4:89:5b:b9:c7:cf:73:2a:98:
         2c:05:ca:6b:37:17:d7:19:c9:73:69:e4:4c:a3:c9:ef:cf:44:
         f5:dd:a5:40:d4:f9:db:61:5d:c9:c6:00:85:03:19:44:f4:28:
         f1:e2:02:1f:2a:93:05:e3:a8:d4:bf:c7:5d:2b:7f:de:f7:af:
         0d:33:a6:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WyrAm4O0F9sA2hydQr09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMTAyMDYxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE5M2EyYWY4ZGU2M2Y0NzAzM2FmOWYxOTNlODZlM2Y2NDk1NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjJGDtq0aEULOy85bY8Mrej2fWSJ
eYeAHE8NknRKPclpAEQp2iz67nJAXO7NVsOYwF+IoA3PxmLwlNASz4KRMNczBZbX
VMPjiPCRLzZWbYVBvltOqGSLMs+VddgCjtpjEC+X8A1eWs5Bu+O1j55sTtPLFAhW
DGE5OoEPPRNZIknxtdCJJAvPNS1q+11xeQkzj0JRqZOTl0yqlXSQf8ImMAmmlOXg
3sn3xicF8YvEe5JlhWi+JPXI9pRVYBOjTmgriwcsgmWKSpQOXbMYRafWcEc9uFdL
0u2sVQ6dT8tSLdKC1f7QJOWOSjYrnNXSx3+GjLQd8mc3wR+F3EZYWuNNGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCpOir43mP0cDOvnxk+huP2SVceMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvWUtrNkt2amVZX1J3TTYtZkdUNkc0X1pKVng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXr1MA0G
CSqGSIb3DQEBCwUAA4IBAQAIuVNoS5mQpIz07b2vTkXJeoW+YBesh/QA37Ev/gVx
dBqSbWqNmtpkswHq0l3wgiE5vrycwqGrDMbH9iawrtoMwGIHai2BzozaknmKDAlm
K/irTtWJwdJxaW6TEDlGuXv0Bzpf15wfwA96W2NtbjRJg3F5kStvBau7fG028pQH
VAg9KYh662QoMGzpeDIEA7m+JyvingaYCiaUDweloFinGKwZczXujEZ6UuxVRnSW
YJYobIEWhqf4NG+teQK0iVu5x89zKpgsBcprNxfXGclzaeRMo8nvz0T13aVA1Pnb
YV3JxgCFAxlE9Cjx4gIfKpMF46jUv8ddK3/e968NM6Ze
-----END CERTIFICATE-----