This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/yHLToeByeR5LXnQLDh6oCy31RMM.roa
File:                     yHLToeByeR5LXnQLDh6oCy31RMM.roa (raw, json)
Hash identifier:          JH11seY61l0JGKEmVY9l0Ssg5gMsTcO0W459L08nH2c=
Subject key identifier:   C8:72:D3:A1:E0:72:79:1E:4B:5E:74:0B:0E:1E:A8:0B:2D:F5:44:C3
Certificate issuer:       /CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
Certificate serial:       019B7D5BF9142A07B29A93184D179C7A8509
Authority key identifier: BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/yHLToeByeR5LXnQLDh6oCy31RMM.roa
Signing time:             Fri 02 Jan 2026 06:18:58 +0000
ROA not before:           Fri 02 Jan 2026 06:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203012
IP address blocks:        185.147.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:f9:14:2a:07:b2:9a:93:18:4d:17:9c:7a:85:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
        Validity
            Not Before: Jan  2 06:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c872d3a1e072791e4b5e740b0e1ea80b2df544c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:30:bc:88:96:f6:c1:53:a4:ea:22:6e:86:d1:
                    d9:22:be:3b:f2:bb:9c:b4:f8:a4:fd:f4:a6:d3:b0:
                    30:42:67:a7:b5:be:1a:09:9d:1f:26:ec:d8:ee:c9:
                    58:bb:38:ca:4a:1a:e3:da:d1:d8:29:3f:8c:43:f9:
                    ea:a1:a9:5d:a0:c8:0f:3b:6b:4f:5b:e4:2d:fd:bc:
                    0b:7a:3b:7c:3c:bb:29:2d:00:59:01:9f:c1:e0:10:
                    1c:c8:60:d7:ff:7e:92:77:e4:3a:7a:d6:7b:8b:37:
                    a6:2c:a0:a1:70:13:ed:00:4b:a7:ef:ab:c9:1e:69:
                    f6:fe:7c:5f:8a:ea:87:d1:70:78:34:cc:97:35:ba:
                    db:01:27:0c:5d:39:08:7a:45:04:bc:dc:d4:b2:02:
                    5f:35:b1:06:72:90:f6:39:12:bd:45:6d:82:a3:56:
                    6c:39:21:90:30:be:40:d0:e8:14:85:87:cb:1c:c0:
                    0f:a1:43:25:21:7d:97:27:5a:82:68:23:72:af:2f:
                    b4:50:1c:51:dc:51:07:99:26:39:26:7e:37:fa:d7:
                    74:4e:eb:7d:84:40:f1:34:3b:de:09:08:38:b7:d0:
                    ff:50:d2:3e:56:7f:2c:1b:64:51:f2:f5:8a:63:fc:
                    5c:1d:8a:01:db:2e:af:ff:6f:e4:e7:23:10:ce:e3:
                    52:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:72:D3:A1:E0:72:79:1E:4B:5E:74:0B:0E:1E:A8:0B:2D:F5:44:C3
            X509v3 Authority Key Identifier:
                keyid:BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/yHLToeByeR5LXnQLDh6oCy31RMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:5d:89:91:da:17:96:2d:25:90:f5:09:82:4c:44:42:dd:e5:
         e0:10:14:24:f7:11:8c:b1:0a:10:8f:db:c2:f2:40:4b:c3:22:
         49:b6:60:95:6d:f5:a7:c8:c7:df:8f:42:c6:26:b5:bc:3b:00:
         3b:ed:a0:fd:4e:e1:c8:b2:89:2e:a5:36:63:f1:08:b7:b6:49:
         31:5b:3b:d8:85:c6:8d:94:21:ac:a4:60:84:8e:e4:65:a7:92:
         ca:d1:3a:d6:dc:da:89:24:67:52:67:6a:dc:da:74:67:ee:97:
         8e:cd:f0:41:ae:08:b0:37:fd:4f:54:d7:76:15:c9:42:ad:69:
         5c:d6:d2:35:51:8f:2b:b2:5e:ab:88:59:f6:60:f9:12:7b:e2:
         ae:f5:2a:c5:69:22:fb:96:b5:0f:64:6e:c9:1a:1a:17:bb:f8:
         e2:97:6d:10:43:8e:43:63:d4:10:8f:33:d3:3a:e3:0d:c0:ac:
         0c:8a:70:50:c2:81:f3:91:a9:98:1e:5d:ec:e8:cb:ea:6d:7c:
         f6:c7:59:77:ae:ca:bc:72:e4:b3:c5:49:03:8b:4f:7f:77:26:
         de:bb:fe:99:a4:e0:29:cf:1f:75:12:fb:89:3b:11:6b:75:95:
         95:9e:5e:ca:b9:ca:59:f2:70:03:e1:71:8a:28:f1:13:9c:d3:
         2a:e8:f2:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/kUKgeympMYTReceoUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGEwYWYxNTYzMzJkM2M3ZWNiNTg1ZmFlZTNhOTBkOWJm
MmEwOTYwHhcNMjYwMTAyMDYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODcyZDNhMWUwNzI3OTFlNGI1ZTc0MGIwZTFlYTgwYjJkZjU0NGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzC8iJb2wVOk6iJuhtHZIr478ruc
tPik/fSm07AwQmentb4aCZ0fJuzY7slYuzjKShrj2tHYKT+MQ/nqoaldoMgPO2tP
W+Qt/bwLejt8PLspLQBZAZ/B4BAcyGDX/36Sd+Q6etZ7izemLKChcBPtAEun76vJ
Hmn2/nxfiuqH0XB4NMyXNbrbAScMXTkIekUEvNzUsgJfNbEGcpD2ORK9RW2Co1Zs
OSGQML5A0OgUhYfLHMAPoUMlIX2XJ1qCaCNyry+0UBxR3FEHmSY5Jn43+td0Tut9
hEDxNDveCQg4t9D/UNI+Vn8sG2RR8vWKY/xcHYoB2y6v/2/k5yMQzuNSrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhy06HgcnkeS150Cw4eqAst9UTDMB8GA1UdIwQY
MBaAFLtKCvFWMy08fstYX67jqQ2b8qCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYt
ZjIxMjY2NjcyNWI0LzEveUhMVG9lQnllUjVMWG5RTERoNm9DeTMxUk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYtZjIxMjY2NjcyNWI0
LzEvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZMQMA0G
CSqGSIb3DQEBCwUAA4IBAQABXYmR2heWLSWQ9QmCTERC3eXgEBQk9xGMsQoQj9vC
8kBLwyJJtmCVbfWnyMffj0LGJrW8OwA77aD9TuHIsokupTZj8Qi3tkkxWzvYhcaN
lCGspGCEjuRlp5LK0TrW3NqJJGdSZ2rc2nRn7peOzfBBrgiwN/1PVNd2FclCrWlc
1tI1UY8rsl6riFn2YPkSe+Ku9SrFaSL7lrUPZG7JGhoXu/jil20QQ45DY9QQjzPT
OuMNwKwMinBQwoHzkamYHl3s6MvqbXz2x1l3rsq8cuSzxUkDi09/dybeu/6ZpOAp
zx91EvuJOxFrdZWVnl7KucpZ8nAD4XGKKPETnNMq6PL8
-----END CERTIFICATE-----