This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/yXa8XbTaH683GFEjkOW8VCRIjpE.roa
File:                     yXa8XbTaH683GFEjkOW8VCRIjpE.roa (raw, json)
Hash identifier:          l5nJIcq0a2VDJfhrhqSb9wFUsKAsvOaRuHeId15ZhA0=
Subject key identifier:   C9:76:BC:5D:B4:DA:1F:AF:37:18:51:23:90:E5:BC:54:24:48:8E:91
Certificate issuer:       /CN=49b2444644c43348d7c50f4e50e74356e9896dbf
Certificate serial:       019B7B366327A29A95C34082631C128DCDC6
Authority key identifier: 49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/yXa8XbTaH683GFEjkOW8VCRIjpE.roa
Signing time:             Thu 01 Jan 2026 20:18:40 +0000
ROA not before:           Thu 01 Jan 2026 20:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30781
IP address blocks:        185.85.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:63:27:a2:9a:95:c3:40:82:63:1c:12:8d:cd:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49b2444644c43348d7c50f4e50e74356e9896dbf
        Validity
            Not Before: Jan  1 20:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c976bc5db4da1faf3718512390e5bc5424488e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:45:21:61:5b:af:b7:51:67:d7:18:b4:0f:02:
                    60:d2:66:fb:37:21:19:59:7b:3c:99:e9:01:34:f2:
                    ae:4a:b4:22:82:e1:fa:0e:5f:97:d5:85:62:89:ab:
                    cc:0a:53:17:56:af:20:69:d9:82:27:55:b4:79:17:
                    6a:fe:6b:54:b5:b7:e0:60:0c:1a:1d:5d:58:bd:40:
                    f7:79:13:84:74:31:9a:ef:05:af:88:b9:e1:6a:f6:
                    ff:06:a9:50:71:7a:47:7f:f4:7e:73:4f:7a:b4:eb:
                    fb:31:dc:70:4d:85:4f:45:e8:ac:f6:ee:66:85:6c:
                    f7:d1:54:3d:4c:c8:87:bf:c2:70:bd:20:30:13:ee:
                    96:29:82:cc:72:53:3d:55:c4:c3:1f:0a:75:ad:15:
                    b5:73:b0:47:df:35:c2:15:a1:20:b8:42:82:30:c0:
                    1d:48:7f:0d:a0:4e:44:ee:bd:f9:22:b4:97:9a:70:
                    e3:dd:42:49:61:d2:e6:47:c6:23:fd:a0:c3:ba:5e:
                    05:60:f1:02:6e:68:96:ee:8b:f4:39:06:d5:34:97:
                    22:80:f7:34:b5:14:01:3a:22:3c:4d:3a:ab:20:bc:
                    7b:10:61:65:9f:ee:c9:3e:6d:44:92:ea:ec:25:21:
                    50:41:0d:ec:4a:5d:0c:e7:5d:87:37:9f:93:78:c1:
                    c8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:76:BC:5D:B4:DA:1F:AF:37:18:51:23:90:E5:BC:54:24:48:8E:91
            X509v3 Authority Key Identifier:
                keyid:49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/yXa8XbTaH683GFEjkOW8VCRIjpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:de:a9:fe:49:71:e4:74:65:3c:85:18:96:c3:a0:89:9c:bf:
         59:31:78:cb:5a:18:92:cd:23:59:a7:b6:49:cd:23:6e:71:82:
         88:7e:05:72:6a:a0:f0:f2:a8:b2:d5:a1:8a:d0:82:16:93:d5:
         1e:09:1e:78:57:8e:dc:9f:8d:93:17:d8:b1:f1:9f:7e:ca:98:
         29:cb:91:27:35:a5:42:9a:66:6f:c2:83:0f:b4:00:65:de:a3:
         fe:0a:67:ec:97:6b:3b:7b:d1:ab:9b:36:2d:7a:e0:bd:7c:0e:
         80:48:96:5f:c0:21:2d:74:b9:c5:88:0a:a8:e4:10:5c:18:9e:
         61:2a:36:54:82:79:fa:2e:44:70:12:91:bd:dd:1e:ce:a6:9a:
         ea:70:e2:97:8a:9a:63:81:86:fb:55:f8:df:a0:04:d6:1e:56:
         1d:c2:c6:78:3b:69:0a:05:a5:0e:e1:a3:c7:9d:80:42:8d:2a:
         ca:a2:22:3d:17:c8:a3:26:f4:07:82:3b:0c:f4:43:d8:37:92:
         72:44:a0:4a:c2:53:d3:a6:86:79:c0:3e:41:7b:e5:65:fe:c0:
         6b:91:f8:1f:61:f1:8e:10:b5:26:82:57:ef:22:9a:c6:3a:b5:
         e2:a4:78:35:d7:c2:f0:bb:36:43:8c:84:b7:40:14:77:90:37:
         53:d4:c9:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NmMnopqVw0CCYxwSjc3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YjI0NDQ2NDRjNDMzNDhkN2M1MGY0ZTUwZTc0MzU2ZTk4
OTZkYmYwHhcNMjYwMTAxMjAxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTc2YmM1ZGI0ZGExZmFmMzcxODUxMjM5MGU1YmM1NDI0NDg4ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kUhYVuvt1Fn1xi0DwJg0mb7NyEZ
WXs8mekBNPKuSrQiguH6Dl+X1YViiavMClMXVq8gadmCJ1W0eRdq/mtUtbfgYAwa
HV1YvUD3eROEdDGa7wWviLnhavb/BqlQcXpHf/R+c096tOv7MdxwTYVPReis9u5m
hWz30VQ9TMiHv8JwvSAwE+6WKYLMclM9VcTDHwp1rRW1c7BH3zXCFaEguEKCMMAd
SH8NoE5E7r35IrSXmnDj3UJJYdLmR8Yj/aDDul4FYPECbmiW7ov0OQbVNJcigPc0
tRQBOiI8TTqrILx7EGFln+7JPm1EkursJSFQQQ3sSl0M512HN5+TeMHIYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl2vF202h+vNxhRI5DlvFQkSI6RMB8GA1UdIwQY
MBaAFEmyREZExDNI18UPTlDnQ1bpiW2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzkt
NzUzZDk2OWEwNzAyLzEveVhhOFhiVGFINjgzR0ZFamtPVzhWQ1JJanBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzktNzUzZDk2OWEwNzAy
LzEvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVXqMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ3qn+SXHkdGU8hRiWw6CJnL9ZMXjLWhiSzSNZp7ZJ
zSNucYKIfgVyaqDw8qiy1aGK0IIWk9UeCR54V47cn42TF9ix8Z9+ypgpy5EnNaVC
mmZvwoMPtABl3qP+Cmfsl2s7e9GrmzYteuC9fA6ASJZfwCEtdLnFiAqo5BBcGJ5h
KjZUgnn6LkRwEpG93R7OpprqcOKXippjgYb7VfjfoATWHlYdwsZ4O2kKBaUO4aPH
nYBCjSrKoiI9F8ijJvQHgjsM9EPYN5JyRKBKwlPTpoZ5wD5Be+Vl/sBrkfgfYfGO
ELUmglfvIprGOrXipHg118LwuzZDjIS3QBR3kDdT1Mm5
-----END CERTIFICATE-----