This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YaOfJgRLouGx6tole4Xd3URpTRI.roa
File:                     YaOfJgRLouGx6tole4Xd3URpTRI.roa (raw, json)
Hash identifier:          iNqNR/rlJQ3emWR1ZSYN26bQpkUgaYYux6SlwS0SDiA=
Subject key identifier:   61:A3:9F:26:04:4B:A2:E1:B1:EA:DA:25:7B:85:DD:DD:44:69:4D:12
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019B76EB0A3C2B9AA9D1DE8B1801C4B9777F
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YaOfJgRLouGx6tole4Xd3URpTRI.roa
Signing time:             Thu 01 Jan 2026 00:17:53 +0000
ROA not before:           Thu 01 Jan 2026 00:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44188
IP address blocks:        185.165.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:0a:3c:2b:9a:a9:d1:de:8b:18:01:c4:b9:77:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 00:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61a39f26044ba2e1b1eada257b85dddd44694d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:73:18:08:3a:ee:cb:8b:4b:3b:d1:3d:67:89:
                    8a:49:79:8d:4c:d6:23:ce:3c:81:a3:e5:d0:e5:af:
                    54:20:39:1e:f8:f4:b9:0f:1b:f2:3f:44:b6:e3:ff:
                    da:8d:eb:3b:4d:b2:7e:52:97:6d:1e:82:b7:a7:89:
                    d0:f0:ea:db:14:6e:da:7a:14:7b:2d:91:c9:db:5d:
                    1d:f4:50:9b:82:1d:ad:d3:3c:02:c1:5f:7f:d6:89:
                    da:ab:57:d4:da:02:52:63:42:11:26:93:bb:ef:af:
                    ee:a6:33:f4:7f:05:7c:c0:6c:5b:e8:fa:42:8b:e9:
                    5a:cb:0a:42:27:c8:45:0d:41:f7:6f:33:3f:4b:89:
                    9d:9f:a9:78:00:ff:c9:63:3f:53:08:f6:79:47:f0:
                    1d:38:fe:6b:06:1d:1f:1d:38:54:47:dc:6c:c8:bb:
                    41:2c:c6:33:48:c1:ca:13:a2:89:5c:10:29:86:40:
                    8b:07:f8:c7:06:3b:d4:22:5b:18:10:a8:f6:e1:24:
                    a3:36:a8:8b:28:bd:58:bf:e0:28:31:95:80:d2:a2:
                    2d:b5:10:94:66:fc:3f:38:12:89:e0:f7:25:3f:b0:
                    14:15:72:e5:f2:64:1c:fb:7d:21:13:95:4d:da:29:
                    54:41:c2:e0:23:53:4a:97:f7:ea:20:22:b1:20:b7:
                    6b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A3:9F:26:04:4B:A2:E1:B1:EA:DA:25:7B:85:DD:DD:44:69:4D:12
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YaOfJgRLouGx6tole4Xd3URpTRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:12:77:bd:86:66:14:cc:39:00:48:fa:9b:e9:e5:2f:8c:fa:
         98:c0:fa:02:7c:7a:b3:21:00:17:ee:6a:ef:af:4d:84:cc:6b:
         bb:e9:87:3e:8b:a9:04:e9:b3:05:c6:17:2a:49:b0:a6:0c:c5:
         17:4a:de:c2:41:a0:de:82:a9:bc:dc:58:c7:a5:60:04:81:dc:
         68:44:1b:59:2b:b9:b7:9a:5c:9a:d1:fb:f4:d3:40:ba:16:5e:
         c8:55:4b:30:8f:21:8d:57:8b:15:67:44:d0:37:2b:dc:32:58:
         de:c2:1a:d8:a0:87:af:b6:d4:22:a3:60:c2:4a:13:2f:fc:13:
         15:c9:dc:74:8f:27:b6:fa:89:95:60:fb:91:3c:2d:d6:a8:9b:
         c6:1e:db:a7:6c:df:28:c2:dc:5b:0c:e7:e3:5e:ba:fc:dc:eb:
         46:bc:c9:e0:81:40:2f:f8:97:02:c0:38:9d:5e:d2:b7:40:c8:
         fb:da:58:3c:a5:24:93:f4:2c:69:e7:14:ab:1d:bf:e4:26:06:
         81:c7:7f:dc:ec:eb:d1:05:17:2c:7f:c1:6e:6a:9a:92:69:6a:
         4d:72:95:08:6b:e8:80:60:46:fe:e3:5a:9c:6f:87:5a:ef:84:
         80:46:64:bd:78:8c:66:7d:7b:47:eb:53:05:1c:2a:a4:94:28:
         a8:e5:a8:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wo8K5qp0d6LGAHEuXd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMTAxMDAxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWEzOWYyNjA0NGJhMmUxYjFlYWRhMjU3Yjg1ZGRkZDQ0Njk0ZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HMYCDruy4tLO9E9Z4mKSXmNTNYj
zjyBo+XQ5a9UIDke+PS5DxvyP0S24//ajes7TbJ+UpdtHoK3p4nQ8OrbFG7aehR7
LZHJ210d9FCbgh2t0zwCwV9/1onaq1fU2gJSY0IRJpO776/upjP0fwV8wGxb6PpC
i+laywpCJ8hFDUH3bzM/S4mdn6l4AP/JYz9TCPZ5R/AdOP5rBh0fHThUR9xsyLtB
LMYzSMHKE6KJXBAphkCLB/jHBjvUIlsYEKj24SSjNqiLKL1Yv+AoMZWA0qIttRCU
Zvw/OBKJ4PclP7AUFXLl8mQc+30hE5VN2ilUQcLgI1NKl/fqICKxILdrVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGjnyYES6LhseraJXuF3d1EaU0SMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWWFPZkpnUkxvdUd4NnRvbGU0WGQzVVJwVFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaUEMA0G
CSqGSIb3DQEBCwUAA4IBAQAGEne9hmYUzDkASPqb6eUvjPqYwPoCfHqzIQAX7mrv
r02EzGu76Yc+i6kE6bMFxhcqSbCmDMUXSt7CQaDegqm83FjHpWAEgdxoRBtZK7m3
mlya0fv000C6Fl7IVUswjyGNV4sVZ0TQNyvcMljewhrYoIevttQio2DCShMv/BMV
ydx0jye2+omVYPuRPC3WqJvGHtunbN8owtxbDOfjXrr83OtGvMnggUAv+JcCwDid
XtK3QMj72lg8pSST9Cxp5xSrHb/kJgaBx3/c7OvRBRcsf8FuapqSaWpNcpUIa+iA
YEb+41qcb4da74SARmS9eIxmfXtH61MFHCqklCio5ah9
-----END CERTIFICATE-----