This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Yoq46B4J07jOmxv71mhUG-g3QvU.roa
File:                     Yoq46B4J07jOmxv71mhUG-g3QvU.roa (raw, json)
Hash identifier:          vkQuMlSBxHu2jK3Q4QLDOv7JL0vgHZVUCpk7qJCdUOM=
Subject key identifier:   62:8A:B8:E8:1E:09:D3:B8:CE:9B:1B:FB:D6:68:54:1B:E8:37:42:F5
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019B7CEE02382814D023E42881EE18546D2A
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Yoq46B4J07jOmxv71mhUG-g3QvU.roa
Signing time:             Fri 02 Jan 2026 04:18:51 +0000
ROA not before:           Fri 02 Jan 2026 04:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32002
IP address blocks:        80.71.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:02:38:28:14:d0:23:e4:28:81:ee:18:54:6d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 04:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=628ab8e81e09d3b8ce9b1bfbd668541be83742f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0f:e9:07:f9:90:1b:42:a6:35:9d:4a:ad:df:
                    df:38:3f:be:8f:39:f9:45:38:85:26:f4:77:a7:36:
                    1f:9f:25:0e:dc:ed:b7:32:91:3e:8e:06:ad:b5:4f:
                    8c:cc:ab:aa:71:6f:9c:74:6d:79:2f:a4:57:2b:96:
                    ca:59:b9:30:68:c6:2e:87:ca:86:ed:97:8c:8d:c0:
                    1b:89:35:4b:f8:88:a7:46:bd:b4:ef:b1:ee:10:cb:
                    89:6c:9e:b1:d3:1d:8d:88:96:32:9c:41:d0:58:42:
                    4f:ce:e7:e7:58:b0:49:4f:1b:ca:2e:7f:2c:2f:e7:
                    ee:c8:91:34:79:1e:8e:96:2e:38:a7:e3:82:02:eb:
                    2d:eb:60:09:a1:49:29:88:2e:48:a2:2b:e7:d3:10:
                    e7:c2:3b:f1:db:e8:a7:d8:0a:b3:82:74:96:f3:f0:
                    b5:59:1a:ab:a0:66:09:a9:1e:93:8b:90:da:e1:5d:
                    92:3c:3a:3a:d3:4e:7c:b0:cb:2c:2a:72:52:86:8b:
                    08:a0:e0:4b:f3:43:1a:bb:d9:60:6a:f2:27:f7:ac:
                    41:aa:f9:77:c0:3a:5b:7e:bd:5f:64:f6:62:3d:62:
                    7c:9a:62:56:66:be:c7:fb:51:63:5b:08:30:d5:d4:
                    3f:49:64:7a:d1:c7:ea:5f:dc:11:9d:ef:e3:b7:55:
                    65:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:8A:B8:E8:1E:09:D3:B8:CE:9B:1B:FB:D6:68:54:1B:E8:37:42:F5
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Yoq46B4J07jOmxv71mhUG-g3QvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:12:08:41:7f:f2:c1:d2:be:60:76:5a:87:5d:4d:09:e0:71:
         d3:32:ce:f6:15:a1:2a:56:6e:b3:04:c4:0c:77:5d:68:98:51:
         84:9f:d7:5b:f5:65:80:95:f6:11:bb:b9:c7:f2:82:8e:af:06:
         25:6a:ee:cb:37:75:7d:91:fb:97:0e:05:46:5d:da:5a:a2:cd:
         b9:f6:70:3f:67:79:44:bf:ad:0d:e7:a8:88:b0:15:92:f9:45:
         e0:72:3a:ba:2d:ab:12:bb:fb:80:a5:6a:2b:81:b0:59:3c:ad:
         49:c8:24:20:f8:ba:1c:ed:ce:c7:de:8c:20:d6:15:2f:b7:ca:
         16:c4:9a:da:60:4b:73:2e:2d:e9:1a:6c:f9:f6:c3:10:d2:a1:
         ef:38:42:19:e6:5f:50:67:6a:8d:06:1d:b2:d4:7d:a2:cc:4d:
         af:2f:a4:7d:93:09:b5:45:cc:2d:39:fb:ac:ca:99:02:8a:e5:
         d8:92:3d:1f:03:08:e4:ec:a4:f1:ee:55:cc:48:89:5b:87:5e:
         59:65:0f:bc:85:e2:9e:b2:49:ca:fc:18:1e:dc:35:c5:58:e7:
         ee:17:eb:66:eb:04:ec:1c:bc:82:b1:67:58:26:b6:11:7e:33:
         4b:52:80:3e:84:3f:2c:40:13:59:5a:99:e6:5c:1a:01:c2:e5:
         43:be:9e:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87gI4KBTQI+Qoge4YVG0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwMTAyMDQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjhhYjhlODFlMDlkM2I4Y2U5YjFiZmJkNjY4NTQxYmU4Mzc0MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvA/pB/mQG0KmNZ1Krd/fOD++jzn5
RTiFJvR3pzYfnyUO3O23MpE+jgattU+MzKuqcW+cdG15L6RXK5bKWbkwaMYuh8qG
7ZeMjcAbiTVL+IinRr2077HuEMuJbJ6x0x2NiJYynEHQWEJPzufnWLBJTxvKLn8s
L+fuyJE0eR6Oli44p+OCAust62AJoUkpiC5Ioivn0xDnwjvx2+in2AqzgnSW8/C1
WRqroGYJqR6Ti5Da4V2SPDo60058sMssKnJShosIoOBL80Mau9lgavIn96xBqvl3
wDpbfr1fZPZiPWJ8mmJWZr7H+1FjWwgw1dQ/SWR60cfqX9wRne/jt1VlpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKKuOgeCdO4zpsb+9ZoVBvoN0L1MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvWW9xNDZCNEowN2pPbXh2NzFtaFVHLWczUXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfkMA0G
CSqGSIb3DQEBCwUAA4IBAQArEghBf/LB0r5gdlqHXU0J4HHTMs72FaEqVm6zBMQM
d11omFGEn9db9WWAlfYRu7nH8oKOrwYlau7LN3V9kfuXDgVGXdpaos259nA/Z3lE
v60N56iIsBWS+UXgcjq6LasSu/uApWorgbBZPK1JyCQg+Loc7c7H3owg1hUvt8oW
xJraYEtzLi3pGmz59sMQ0qHvOEIZ5l9QZ2qNBh2y1H2izE2vL6R9kwm1RcwtOfus
ypkCiuXYkj0fAwjk7KTx7lXMSIlbh15ZZQ+8heKesknK/Bge3DXFWOfuF+tm6wTs
HLyCsWdYJrYRfjNLUoA+hD8sQBNZWpnmXBoBwuVDvp79
-----END CERTIFICATE-----