This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yB4JrGbbLBahpCVqUjQ5JMPEoy0.roa
File:                     yB4JrGbbLBahpCVqUjQ5JMPEoy0.roa (raw, json)
Hash identifier:          MYbJ3F7lniFZJDJqwCVH0LjInv8BOiDXulKMz+nU15A=
Subject key identifier:   C8:1E:09:AC:66:DB:2C:16:A1:A4:25:6A:52:34:39:24:C3:C4:A3:2D
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       019B7C1235B9AA7C367494D7DF60BB98AB14
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yB4JrGbbLBahpCVqUjQ5JMPEoy0.roa
Signing time:             Fri 02 Jan 2026 00:18:46 +0000
ROA not before:           Fri 02 Jan 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44639
IP address blocks:        193.255.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:35:b9:aa:7c:36:74:94:d7:df:60:bb:98:ab:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c81e09ac66db2c16a1a4256a52343924c3c4a32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:28:c3:b5:aa:2e:a0:98:b8:bb:75:0d:04:87:
                    13:8f:7d:50:e9:79:19:c0:5f:c5:dc:c8:bb:fa:82:
                    02:6a:4a:00:be:2e:3b:82:c8:85:e3:8a:9e:4d:64:
                    22:43:a2:4e:02:91:4a:16:f1:f6:2c:39:9f:47:ac:
                    1a:1c:c1:06:c0:58:57:eb:a6:2b:44:a6:e0:10:50:
                    38:2e:7c:89:76:52:b3:0c:a8:a5:1e:97:7b:43:dc:
                    00:18:a8:22:3e:cc:c9:ad:05:ad:b6:88:05:eb:54:
                    4b:07:7f:54:bc:82:c3:a4:7d:4f:e9:cc:f5:fb:1e:
                    f0:77:90:35:44:0c:44:a8:5d:30:e3:b5:22:b1:e5:
                    7e:b4:93:d6:2c:57:92:f7:84:49:2d:fd:4b:c3:76:
                    85:51:fb:8f:23:2d:b9:b4:6b:4d:06:3a:1d:1c:dd:
                    63:fe:bb:c9:01:c2:df:6b:62:78:ab:41:04:cd:52:
                    79:a1:21:d8:2f:24:19:66:bd:4b:30:e5:83:94:79:
                    49:d2:15:75:84:50:45:91:cf:72:39:3b:e7:8b:73:
                    81:8a:08:f2:26:24:d0:4d:e7:5e:e8:05:21:a2:9a:
                    31:04:ee:94:f4:f6:e8:7b:29:0f:3d:2b:b0:cc:30:
                    5a:17:d0:be:15:7a:e4:d4:99:f3:26:3d:b0:4d:56:
                    67:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:1E:09:AC:66:DB:2C:16:A1:A4:25:6A:52:34:39:24:C3:C4:A3:2D
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yB4JrGbbLBahpCVqUjQ5JMPEoy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.255.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:f9:0d:ed:1b:df:b1:77:39:e5:a6:1c:8d:7d:06:60:72:da:
         6f:f1:79:f1:56:67:79:52:48:e0:3c:5b:87:24:12:a5:ac:99:
         4e:1e:1d:03:c3:a9:60:f4:df:6a:ea:97:aa:5b:5f:83:94:30:
         1f:cf:bb:21:bd:78:a4:41:6f:99:90:04:a3:e7:df:1e:b3:ee:
         37:ba:e1:da:d1:db:5f:95:ed:91:d7:f9:8a:a8:e0:6f:52:92:
         a8:8e:85:87:e8:90:f5:8d:05:32:61:6c:b5:ff:1a:84:d1:f2:
         89:e6:2b:91:c7:6a:c9:c7:ff:74:28:92:f5:d6:46:c1:50:63:
         43:9e:9c:ed:2d:49:64:ef:5b:a9:7e:e7:ae:58:2f:9c:55:90:
         b0:09:82:c5:5e:79:7c:4c:ce:72:0b:21:9a:08:74:db:55:7e:
         6b:b4:5f:f0:bb:f5:10:0e:14:61:0c:2d:57:c2:14:b7:01:62:
         49:7c:d5:0f:c9:4c:28:48:c7:e5:d1:52:76:18:4f:9b:a3:d1:
         7b:cf:a4:fa:a5:73:2e:bd:4d:52:53:3a:19:aa:a6:39:6e:65:
         cd:bd:7b:d8:86:76:14:b2:e2:44:12:75:58:1b:7f:8d:e3:07:
         3d:90:38:7e:19:cc:7a:08:df:48:72:3c:d8:0c:9a:d3:28:6f:
         4d:bf:f9:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EjW5qnw2dJTX32C7mKsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjYwMTAyMDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODFlMDlhYzY2ZGIyYzE2YTFhNDI1NmE1MjM0MzkyNGMzYzRhMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CjDtaouoJi4u3UNBIcTj31Q6XkZ
wF/F3Mi7+oICakoAvi47gsiF44qeTWQiQ6JOApFKFvH2LDmfR6waHMEGwFhX66Yr
RKbgEFA4LnyJdlKzDKilHpd7Q9wAGKgiPszJrQWttogF61RLB39UvILDpH1P6cz1
+x7wd5A1RAxEqF0w47UiseV+tJPWLFeS94RJLf1Lw3aFUfuPIy25tGtNBjodHN1j
/rvJAcLfa2J4q0EEzVJ5oSHYLyQZZr1LMOWDlHlJ0hV1hFBFkc9yOTvni3OBigjy
JiTQTede6AUhopoxBO6U9PboeykPPSuwzDBaF9C+FXrk1JnzJj2wTVZnqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgeCaxm2ywWoaQlalI0OSTDxKMtMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEveUI0SnJHYmJMQmFocENWcVVqUTVKTVBFb3kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwf94MA0G
CSqGSIb3DQEBCwUAA4IBAQCH+Q3tG9+xdznlphyNfQZgctpv8XnxVmd5UkjgPFuH
JBKlrJlOHh0Dw6lg9N9q6peqW1+DlDAfz7shvXikQW+ZkASj598es+43uuHa0dtf
le2R1/mKqOBvUpKojoWH6JD1jQUyYWy1/xqE0fKJ5iuRx2rJx/90KJL11kbBUGND
npztLUlk71upfueuWC+cVZCwCYLFXnl8TM5yCyGaCHTbVX5rtF/wu/UQDhRhDC1X
whS3AWJJfNUPyUwoSMfl0VJ2GE+bo9F7z6T6pXMuvU1SUzoZqqY5bmXNvXvYhnYU
suJEEnVYG3+N4wc9kDh+Gcx6CN9IcjzYDJrTKG9Nv/ke
-----END CERTIFICATE-----