This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/YqBXpDQiXpk138ox9ulGQaR5grA.roa
File:                     YqBXpDQiXpk138ox9ulGQaR5grA.roa (raw, json)
Hash identifier:          BIqaH1uAUhERfgNALFZlB1LtxiRIrkNo+yapdFNZxMc=
Subject key identifier:   62:A0:57:A4:34:22:5E:99:35:DF:CA:31:F6:E9:46:41:A4:79:82:B0
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       019ACBE5893905F05C387AA5113D4F0327A9
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/YqBXpDQiXpk138ox9ulGQaR5grA.roa
Signing time:             Fri 28 Nov 2025 19:16:48 +0000
ROA not before:           Fri 28 Nov 2025 19:16:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48444
IP address blocks:        91.224.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:cb:e5:89:39:05:f0:5c:38:7a:a5:11:3d:4f:03:27:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: Nov 28 19:16:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62a057a434225e9935dfca31f6e94641a47982b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:35:e3:55:53:54:c4:b0:80:d1:f0:3e:a1:64:
                    4c:64:5e:41:43:ff:d3:02:59:94:04:8b:23:25:d7:
                    c2:60:09:c2:a1:99:4e:3e:c8:f2:aa:37:ac:b9:d6:
                    87:30:0b:65:8c:e8:98:4d:3a:8d:f6:db:85:83:dc:
                    76:f4:7a:ca:44:c3:35:30:b6:d4:89:b1:48:82:f7:
                    ca:48:cc:db:f0:7c:5a:c3:cc:86:67:aa:58:f6:7e:
                    fe:01:38:85:7d:2b:7b:6b:42:28:fd:ed:32:41:eb:
                    14:28:c8:8a:04:c3:4b:78:0e:6c:b3:08:1d:f7:77:
                    84:10:e8:4d:97:8f:82:d4:c5:28:d5:2f:8a:30:19:
                    62:7c:ec:e0:0c:91:95:f6:08:27:52:ab:86:1c:f5:
                    7b:b5:ab:3f:b7:a3:0f:68:b4:a4:15:98:76:19:e6:
                    98:5b:d5:e0:c4:73:c1:a9:2a:7f:70:b5:64:a3:ed:
                    e7:1d:f3:2e:b8:cd:30:92:68:af:f1:71:e2:fd:c7:
                    89:44:4e:a0:18:7a:f4:4e:f0:71:99:49:ef:50:d5:
                    27:27:e9:c0:c1:60:c1:6c:9d:15:f6:b6:f5:74:05:
                    29:31:6a:b0:11:9f:6d:c6:88:e5:02:20:a9:36:18:
                    e7:ae:1b:41:e4:28:57:77:11:bd:5a:98:07:05:7a:
                    1b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A0:57:A4:34:22:5E:99:35:DF:CA:31:F6:E9:46:41:A4:79:82:B0
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/YqBXpDQiXpk138ox9ulGQaR5grA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:bc:90:01:b5:04:a3:77:de:be:93:d3:a5:1f:f5:54:4b:c2:
         d2:ad:74:b7:35:36:1f:c4:53:4b:06:c9:f7:d7:38:5f:e6:95:
         89:14:f0:a3:9d:89:57:31:af:a8:75:fd:95:9c:8d:44:5f:64:
         75:bb:95:a7:ff:e0:d9:28:e8:e6:ce:27:3a:11:e5:ea:3d:60:
         35:16:4c:e0:69:f7:72:7e:6d:d4:a0:52:62:61:74:1b:6e:25:
         fa:a5:ae:d7:29:d4:f1:c3:da:6e:ad:8c:79:9d:3c:57:4f:91:
         80:0b:74:25:04:cd:08:e7:c4:a1:0e:30:1e:35:70:ec:5b:a6:
         62:67:85:d1:e5:cc:11:9b:25:5f:2f:08:e7:ca:2c:ad:62:92:
         7a:78:b5:6f:db:91:5d:9a:d2:d3:cb:98:f2:02:e1:50:d2:ba:
         a8:80:03:71:eb:7b:fc:d7:82:13:6f:52:13:02:8b:49:de:91:
         c8:a2:fe:d3:0b:55:03:41:57:e4:3a:29:b9:b9:83:c0:fb:57:
         9b:03:e5:7c:0d:cb:9b:dc:f7:db:f4:c2:aa:2d:7f:12:b4:fa:
         82:f4:22:0c:96:40:eb:1f:a9:b5:7e:a7:5b:19:d9:2d:e2:2a:
         2d:27:4b:59:60:df:bb:3b:3d:46:05:f4:88:e0:41:e8:b2:6b:
         a0:f2:d7:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrL5Yk5BfBcOHqlET1PAyepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjUxMTI4MTkxNjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmEwNTdhNDM0MjI1ZTk5MzVkZmNhMzFmNmU5NDY0MWE0Nzk4MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDXjVVNUxLCA0fA+oWRMZF5BQ//T
AlmUBIsjJdfCYAnCoZlOPsjyqjesudaHMAtljOiYTTqN9tuFg9x29HrKRMM1MLbU
ibFIgvfKSMzb8Hxaw8yGZ6pY9n7+ATiFfSt7a0Io/e0yQesUKMiKBMNLeA5sswgd
93eEEOhNl4+C1MUo1S+KMBlifOzgDJGV9ggnUquGHPV7tas/t6MPaLSkFZh2GeaY
W9XgxHPBqSp/cLVko+3nHfMuuM0wkmiv8XHi/ceJRE6gGHr0TvBxmUnvUNUnJ+nA
wWDBbJ0V9rb1dAUpMWqwEZ9txojlAiCpNhjnrhtB5ChXdxG9WpgHBXobQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKgV6Q0Il6ZNd/KMfbpRkGkeYKwMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvWXFCWHBEUWlYcGsxMzhveDl1bEdRYVI1Z3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+BtMA0G
CSqGSIb3DQEBCwUAA4IBAQANvJABtQSjd96+k9OlH/VUS8LSrXS3NTYfxFNLBsn3
1zhf5pWJFPCjnYlXMa+odf2VnI1EX2R1u5Wn/+DZKOjmzic6EeXqPWA1Fkzgafdy
fm3UoFJiYXQbbiX6pa7XKdTxw9purYx5nTxXT5GAC3QlBM0I58ShDjAeNXDsW6Zi
Z4XR5cwRmyVfLwjnyiytYpJ6eLVv25FdmtLTy5jyAuFQ0rqogANx63v814ITb1IT
AotJ3pHIov7TC1UDQVfkOim5uYPA+1ebA+V8Dcub3Pfb9MKqLX8StPqC9CIMlkDr
H6m1fqdbGdkt4iotJ0tZYN+7Oz1GBfSI4EHosmug8tdC
-----END CERTIFICATE-----