This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/YniwsZL5TG-8hK_NQ7s5X6mPnCk.roa
File:                     YniwsZL5TG-8hK_NQ7s5X6mPnCk.roa (raw, json)
Hash identifier:          Iv7Gmx0VHfrE6iky54nM0ziiomd4dwV/1IBxo9ylLaM=
Subject key identifier:   62:78:B0:B1:92:F9:4C:6F:BC:84:AF:CD:43:BB:39:5F:A9:8F:9C:29
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       019B7BA3679B3B3753AF58160CA853EEA7A4
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/YniwsZL5TG-8hK_NQ7s5X6mPnCk.roa
Signing time:             Thu 01 Jan 2026 22:17:45 +0000
ROA not before:           Thu 01 Jan 2026 22:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202151
IP address blocks:        2a01:e901:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:67:9b:3b:37:53:af:58:16:0c:a8:53:ee:a7:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Jan  1 22:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6278b0b192f94c6fbc84afcd43bb395fa98f9c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:26:61:6f:0e:b9:92:e2:e9:0a:19:46:b3:
                    e8:13:d7:bd:8d:30:1c:dc:a1:75:61:53:ca:45:e4:
                    55:ed:7d:15:1e:c6:0b:b8:d1:d6:38:70:2f:a4:cc:
                    8b:21:b6:bd:75:b7:78:17:e4:1f:29:30:3a:17:55:
                    38:30:cf:67:50:62:5c:7d:26:4a:3d:3a:cd:a2:51:
                    32:3f:53:4c:b3:ee:79:97:34:26:f9:7a:20:f5:74:
                    d8:f1:7c:ca:e9:a9:c0:43:f4:6d:c4:99:87:b4:23:
                    aa:17:b7:4c:b6:7d:30:39:1e:47:32:3a:36:4d:4a:
                    fe:a7:5d:3d:72:9f:09:58:65:40:a4:46:73:76:7f:
                    40:f4:b8:1b:5f:e5:2f:b3:5e:1d:4d:33:c2:6c:25:
                    25:f4:4a:5d:89:7a:16:57:58:7b:8e:56:79:4f:a4:
                    8a:b1:60:42:21:e0:93:42:d1:28:43:b9:36:ce:7a:
                    b6:e7:bc:7f:c1:ec:ce:5c:e8:58:62:5e:83:f1:25:
                    cd:fd:56:aa:06:82:c5:48:01:65:f9:53:38:99:11:
                    42:5f:10:48:49:7c:01:2f:26:a0:f2:44:19:9b:6f:
                    de:3e:05:ea:82:c6:1e:20:da:fa:7c:4f:65:54:3a:
                    01:81:ca:73:ac:2c:ba:84:fc:52:34:89:45:27:71:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:78:B0:B1:92:F9:4C:6F:BC:84:AF:CD:43:BB:39:5F:A9:8F:9C:29
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/YniwsZL5TG-8hK_NQ7s5X6mPnCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e901:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:43:3c:5b:db:79:f1:14:5f:8b:34:fc:3d:34:db:9b:25:ce:
         8b:f0:08:0b:44:61:c8:d5:d4:68:37:26:0c:0f:1e:dc:9f:a0:
         3b:b4:71:a8:95:cc:1e:ee:e4:76:6c:da:ed:85:28:0b:93:54:
         f0:94:74:65:ea:37:14:29:66:b2:1f:9a:01:99:c5:d0:f4:54:
         cb:9f:c3:c5:44:1b:3d:ab:10:f1:e8:74:1c:c9:47:f8:55:1b:
         be:8a:82:6c:32:d1:f2:8b:2e:ee:7d:f7:a1:30:49:cf:01:40:
         75:44:ed:04:80:27:d6:ed:cb:4b:1d:7b:bb:fd:eb:b5:2e:e1:
         dc:64:55:5e:ec:97:d0:34:03:17:ca:5b:4d:d2:45:e8:25:c5:
         65:25:d4:2d:5d:8d:e1:ee:54:67:99:0b:7e:fe:dc:1c:cf:43:
         14:7b:b1:85:0c:75:fb:d5:20:74:94:5c:80:43:d0:46:03:dd:
         5b:d4:95:f7:5f:80:29:a8:76:a6:1b:03:18:6d:96:7d:ee:a9:
         37:ff:48:2d:83:11:37:18:9e:e5:40:81:8e:ea:de:2e:87:1c:
         41:5d:ca:4d:fa:fe:31:63:dd:d5:bb:d3:9c:61:d8:7b:98:0d:
         2a:28:ae:cb:46:3d:f1:b5:f0:cf:42:f9:32:46:7b:8c:14:b0:
         e8:6d:61:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7o2ebOzdTr1gWDKhT7qekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjYwMTAxMjIxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjc4YjBiMTkyZjk0YzZmYmM4NGFmY2Q0M2JiMzk1ZmE5OGY5YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4smYW8OuZLi6QoZRrPoE9e9jTAc
3KF1YVPKReRV7X0VHsYLuNHWOHAvpMyLIba9dbd4F+QfKTA6F1U4MM9nUGJcfSZK
PTrNolEyP1NMs+55lzQm+Xog9XTY8XzK6anAQ/RtxJmHtCOqF7dMtn0wOR5HMjo2
TUr+p109cp8JWGVApEZzdn9A9LgbX+Uvs14dTTPCbCUl9EpdiXoWV1h7jlZ5T6SK
sWBCIeCTQtEoQ7k2znq257x/wezOXOhYYl6D8SXN/VaqBoLFSAFl+VM4mRFCXxBI
SXwBLyag8kQZm2/ePgXqgsYeINr6fE9lVDoBgcpzrCy6hPxSNIlFJ3HeOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGJ4sLGS+UxvvISvzUO7OV+pj5wpMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvWW5pd3NaTDVURy04aEtfTlE3czVYNm1QbkNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHpAQAT
MA0GCSqGSIb3DQEBCwUAA4IBAQBmQzxb23nxFF+LNPw9NNubJc6L8AgLRGHI1dRo
NyYMDx7cn6A7tHGolcwe7uR2bNrthSgLk1TwlHRl6jcUKWayH5oBmcXQ9FTLn8PF
RBs9qxDx6HQcyUf4VRu+ioJsMtHyiy7uffehMEnPAUB1RO0EgCfW7ctLHXu7/eu1
LuHcZFVe7JfQNAMXyltN0kXoJcVlJdQtXY3h7lRnmQt+/twcz0MUe7GFDHX71SB0
lFyAQ9BGA91b1JX3X4ApqHamGwMYbZZ97qk3/0gtgxE3GJ7lQIGO6t4uhxxBXcpN
+v4xY93Vu9OcYdh7mA0qKK7LRj3xtfDPQvkyRnuMFLDobWHv
-----END CERTIFICATE-----