This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/y0v5hqRnK3oXSef_pYXkfz4Oyzw.roa
File:                     y0v5hqRnK3oXSef_pYXkfz4Oyzw.roa (raw, json)
Hash identifier:          0FZ3W5rrSzMRERGSvGaSIJBxiMzf+ECnXIculdCdNkw=
Subject key identifier:   CB:4B:F9:86:A4:67:2B:7A:17:49:E7:FF:A5:85:E4:7F:3E:0E:CB:3C
Certificate issuer:       /CN=fac089a9cd6a0375bae499cc06a4caa3071b5d4c
Certificate serial:       019B7F82DE3C304A739B5F5036ECB4992375
Authority key identifier: FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/y0v5hqRnK3oXSef_pYXkfz4Oyzw.roa
Signing time:             Fri 02 Jan 2026 16:20:41 +0000
ROA not before:           Fri 02 Jan 2026 16:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15924
IP address blocks:        193.35.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:de:3c:30:4a:73:9b:5f:50:36:ec:b4:99:23:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac089a9cd6a0375bae499cc06a4caa3071b5d4c
        Validity
            Not Before: Jan  2 16:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb4bf986a4672b7a1749e7ffa585e47f3e0ecb3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ed:2b:af:8a:75:7f:3f:ea:76:88:b1:ae:c0:
                    bf:5f:bc:8e:d5:39:7c:24:c1:56:61:6d:a8:e0:02:
                    93:e4:3e:94:c4:0f:d3:24:5f:4f:c3:e7:c9:cd:28:
                    cc:25:3b:3e:2b:26:4b:04:d1:be:be:9d:ab:c1:51:
                    e7:cd:ce:05:c0:ba:45:25:47:93:f0:f6:5c:4b:ed:
                    d7:fc:bb:60:1a:f1:08:25:20:f7:1c:c2:6f:02:16:
                    0c:41:d8:95:18:6a:b4:1f:d8:71:f8:5d:92:fb:b7:
                    39:aa:92:f3:f4:ca:15:d9:ff:25:3e:94:09:96:8a:
                    2d:7c:6b:49:64:33:45:12:0f:10:51:9a:f3:4b:da:
                    ae:a3:00:1d:28:92:3d:66:e5:52:a7:b8:14:06:5f:
                    ae:4a:95:10:4b:90:2c:6e:c9:42:32:49:55:03:f4:
                    44:23:bc:3f:38:ea:80:71:71:7f:bc:5f:69:15:3f:
                    6a:4f:a0:3f:a0:ec:bb:df:bd:af:3b:80:1c:93:fc:
                    7a:7d:c3:d2:44:9a:8a:df:82:d0:b7:ed:df:e9:b8:
                    af:8a:77:42:6a:7c:bc:a1:03:24:2c:de:cb:8a:30:
                    0b:82:16:79:62:dc:1d:2c:a7:8d:cd:fa:ef:bf:a2:
                    04:24:b0:c7:cf:05:ee:f6:a9:73:08:2a:08:8d:0d:
                    39:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4B:F9:86:A4:67:2B:7A:17:49:E7:FF:A5:85:E4:7F:3E:0E:CB:3C
            X509v3 Authority Key Identifier:
                keyid:FA:C0:89:A9:CD:6A:03:75:BA:E4:99:CC:06:A4:CA:A3:07:1B:5D:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sCJqc1qA3W65JnMBqTKowcbXUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/y0v5hqRnK3oXSef_pYXkfz4Oyzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/2fac9f-618c-42f6-9483-777f86166221/1/1-sCJqc1qA3W65JnMBqTKowcbXUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:1d:53:bb:7a:03:79:8f:51:cc:c3:c6:f8:fe:bc:aa:24:49:
         2e:1b:10:6f:65:1c:0a:8c:0d:aa:4a:48:23:5b:e8:3b:75:08:
         ec:73:a2:f5:a6:ef:a8:69:2b:37:a2:4b:2e:28:eb:cd:20:34:
         db:15:13:14:57:b6:94:8c:03:cf:9f:33:a4:c0:d4:8b:d2:ab:
         2a:9d:25:a5:b3:3b:e9:67:cf:d0:87:79:97:50:a5:f6:a0:94:
         7e:01:3b:dd:04:28:b2:2f:aa:7e:09:bc:9d:84:14:94:3e:74:
         4d:2c:21:d5:72:81:9f:05:dd:5a:e7:a2:2d:9a:e7:5c:e1:08:
         17:bf:64:97:b3:e6:61:4c:3d:7c:9d:7b:15:1e:df:aa:46:2f:
         44:f3:e7:fb:b6:3a:8a:81:a0:a5:09:f1:0b:e9:63:c7:74:19:
         1e:cf:de:1b:2c:70:7a:48:ac:61:54:25:b4:4b:eb:11:96:cb:
         e0:09:bd:ef:9b:c8:5f:dd:ac:e5:82:f4:0b:cc:5c:64:bf:27:
         02:f5:86:87:42:92:e4:68:16:c0:cc:bc:7a:ac:88:19:5d:18:
         8e:5d:25:27:a7:e5:03:49:7b:82:4f:6f:05:06:97:ca:2d:05:
         a0:28:b4:2f:16:0e:ec:c3:11:14:80:f4:67:90:8c:0f:dc:f3:
         12:aa:71:2a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/gt48MEpzm19QNuy0mSN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYzA4OWE5Y2Q2YTAzNzViYWU0OTljYzA2YTRjYWEzMDcx
YjVkNGMwHhcNMjYwMTAyMTYyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRiZjk4NmE0NjcyYjdhMTc0OWU3ZmZhNTg1ZTQ3ZjNlMGVjYjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e0rr4p1fz/qdoixrsC/X7yO1Tl8
JMFWYW2o4AKT5D6UxA/TJF9Pw+fJzSjMJTs+KyZLBNG+vp2rwVHnzc4FwLpFJUeT
8PZcS+3X/LtgGvEIJSD3HMJvAhYMQdiVGGq0H9hx+F2S+7c5qpLz9MoV2f8lPpQJ
lootfGtJZDNFEg8QUZrzS9quowAdKJI9ZuVSp7gUBl+uSpUQS5AsbslCMklVA/RE
I7w/OOqAcXF/vF9pFT9qT6A/oOy7372vO4Ack/x6fcPSRJqK34LQt+3f6bivindC
any8oQMkLN7LijALghZ5YtwdLKeNzfrvv6IEJLDHzwXu9qlzCCoIjQ05lwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMtL+YakZyt6F0nn/6WF5H8+Dss8MB8GA1UdIwQY
MBaAFPrAianNagN1uuSZzAakyqMHG11MMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1zQ0pxYzFxQTNXNjVKbk1CcVRLb3djYlhVdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIvMmZhYzlmLTYxOGMtNDJmNi05NDgz
LTc3N2Y4NjE2NjIyMS8xL3kwdjVocVJuSzNvWFNlZl9wWVhrZno0T3l6dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvMmZhYzlmLTYxOGMtNDJmNi05NDgzLTc3N2Y4NjE2NjIy
MS8xLzEtc0NKcWMxcUEzVzY1Sm5NQnFUS293Y2JYVXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALBI8gw
DQYJKoZIhvcNAQELBQADggEBABkdU7t6A3mPUczDxvj+vKokSS4bEG9lHAqMDapK
SCNb6Dt1COxzovWm76hpKzeiSy4o680gNNsVExRXtpSMA8+fM6TA1IvSqyqdJaWz
O+lnz9CHeZdQpfaglH4BO90EKLIvqn4JvJ2EFJQ+dE0sIdVygZ8F3Vrnoi2a51zh
CBe/ZJez5mFMPXydexUe36pGL0Tz5/u2OoqBoKUJ8QvpY8d0GR7P3hsscHpIrGFU
JbRL6xGWy+AJve+byF/drOWC9AvMXGS/JwL1hodCkuRoFsDMvHqsiBldGI5dJSen
5QNJe4JPbwUGl8otBaAotC8WDuzDERSA9GeQjA/c8xKqcSo=
-----END CERTIFICATE-----