This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/yhnCcvMGfFoTZMf1oJ6P5sYzLfg.roa
File:                     yhnCcvMGfFoTZMf1oJ6P5sYzLfg.roa (raw, json)
Hash identifier:          mwt4irHC6GhVnuZ5Xr0w1wBWRdsXBhU6yRY/gWgSeJE=
Subject key identifier:   CA:19:C2:72:F3:06:7C:5A:13:64:C7:F5:A0:9E:8F:E6:C6:33:2D:F8
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019B76EB66CCFE4EF1FAF336FC593C95EA61
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/yhnCcvMGfFoTZMf1oJ6P5sYzLfg.roa
Signing time:             Thu 01 Jan 2026 00:18:17 +0000
ROA not before:           Thu 01 Jan 2026 00:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207080
IP address blocks:        2a0b:6b86:400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:66:cc:fe:4e:f1:fa:f3:36:fc:59:3c:95:ea:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 00:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca19c272f3067c5a1364c7f5a09e8fe6c6332df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:3b:af:d4:d8:39:43:aa:2a:1a:1d:86:6e:23:
                    c3:f6:5c:bb:4c:d0:e4:5a:1b:b2:4e:25:08:1d:70:
                    fd:ad:34:30:ee:c2:39:ed:af:66:b6:d7:fc:34:86:
                    95:1b:74:c1:e5:83:7a:97:c7:8d:aa:72:6b:49:41:
                    99:da:67:77:08:86:7a:8b:c8:a7:25:31:5a:c0:f5:
                    be:7b:06:5d:97:88:5f:6f:6f:59:0b:7c:e0:02:63:
                    44:b6:53:0f:47:7e:1f:d3:1e:74:5f:ec:82:ec:75:
                    31:af:d7:86:4a:d9:87:23:90:71:85:a0:b2:06:d9:
                    3c:27:40:b9:c1:ab:51:32:75:61:e2:bd:5b:af:20:
                    b6:90:97:62:4b:6f:3a:1c:dd:8e:60:91:d5:fc:f6:
                    2f:e9:6e:bc:fe:3b:66:d7:ee:5f:f3:09:5d:ab:34:
                    c0:cc:dc:6a:33:99:89:3d:29:d0:67:1f:15:46:84:
                    9c:2a:95:8f:32:9e:9b:c9:0f:16:21:f0:7f:c6:56:
                    31:e3:28:bf:34:70:f8:82:35:7b:ee:95:b9:c2:fd:
                    99:81:fe:07:4a:30:3c:60:7c:e1:a0:c6:e2:a8:61:
                    1b:25:cd:98:78:55:48:21:ba:ff:fe:0c:0f:9f:15:
                    f9:d8:f7:f1:4e:66:39:89:6a:15:33:08:4d:b9:f4:
                    85:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:19:C2:72:F3:06:7C:5A:13:64:C7:F5:A0:9E:8F:E6:C6:33:2D:F8
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/yhnCcvMGfFoTZMf1oJ6P5sYzLfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:fa:67:87:ed:61:b0:22:88:2f:33:fe:ea:66:0e:ef:c5:68:
         01:25:9e:54:2c:82:c7:dc:50:c0:16:04:98:a4:8d:94:39:45:
         d9:8c:55:c1:9d:6b:ca:b7:49:b5:ad:55:4c:dd:79:57:06:bf:
         da:65:5a:24:42:ec:19:ce:04:4d:70:aa:51:e0:7c:97:50:2e:
         11:0e:b0:4a:17:a8:07:4f:81:fd:5e:64:33:3d:2a:c1:a1:1a:
         e3:65:25:0a:01:42:35:46:3f:7b:2a:49:6e:d9:c1:5f:75:76:
         f0:2e:14:aa:46:c1:c0:47:e4:fc:92:5b:fc:87:48:e2:5e:c0:
         20:2d:bc:7c:ff:ae:d4:15:3f:f0:a3:54:85:04:bb:72:ed:c5:
         8f:09:4d:fe:46:c3:af:74:dc:5e:e4:15:25:67:36:6b:28:81:
         ce:76:a6:bf:14:f6:59:99:f9:22:24:15:94:0f:a3:eb:d6:ea:
         29:bc:4f:67:eb:64:fe:82:e6:be:60:23:7f:60:54:4e:d9:c9:
         0b:d8:76:32:bc:53:80:aa:4b:de:0f:3b:64:f9:0a:65:a7:5a:
         1e:38:7e:d0:4a:b0:75:63:5b:55:11:c5:ee:b7:24:55:b7:40:
         12:08:8e:74:55:94:9e:c2:a7:bc:95:10:28:db:cd:96:b0:2b:
         0f:11:8c:cd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt262bM/k7x+vM2/Fk8lephMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjYwMTAxMDAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE5YzI3MmYzMDY3YzVhMTM2NGM3ZjVhMDllOGZlNmM2MzMyZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zuv1Ng5Q6oqGh2GbiPD9ly7TNDk
WhuyTiUIHXD9rTQw7sI57a9mttf8NIaVG3TB5YN6l8eNqnJrSUGZ2md3CIZ6i8in
JTFawPW+ewZdl4hfb29ZC3zgAmNEtlMPR34f0x50X+yC7HUxr9eGStmHI5BxhaCy
Btk8J0C5watRMnVh4r1bryC2kJdiS286HN2OYJHV/PYv6W68/jtm1+5f8wldqzTA
zNxqM5mJPSnQZx8VRoScKpWPMp6byQ8WIfB/xlYx4yi/NHD4gjV77pW5wv2Zgf4H
SjA8YHzhoMbiqGEbJc2YeFVIIbr//gwPnxX52PfxTmY5iWoVMwhNufSFxwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMoZwnLzBnxaE2TH9aCej+bGMy34MB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEveWhuQ2N2TUdmRm9UWk1mMW9KNlA1c1l6TGZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgQw
DQYJKoZIhvcNAQELBQADggEBAHb6Z4ftYbAiiC8z/upmDu/FaAElnlQsgsfcUMAW
BJikjZQ5RdmMVcGda8q3SbWtVUzdeVcGv9plWiRC7BnOBE1wqlHgfJdQLhEOsEoX
qAdPgf1eZDM9KsGhGuNlJQoBQjVGP3sqSW7ZwV91dvAuFKpGwcBH5PySW/yHSOJe
wCAtvHz/rtQVP/CjVIUEu3LtxY8JTf5Gw6903F7kFSVnNmsogc52pr8U9lmZ+SIk
FZQPo+vW6im8T2frZP6C5r5gI39gVE7ZyQvYdjK8U4CqS94PO2T5CmWnWh44ftBK
sHVjW1URxe63JFW3QBIIjnRVlJ7Cp7yVECjbzZawKw8RjM0=
-----END CERTIFICATE-----