This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/yUZd6eY1ILFj_NVgWnntQzVJiGs.roa
File:                     yUZd6eY1ILFj_NVgWnntQzVJiGs.roa (raw, json)
Hash identifier:          aYbs72JfiEw4WjwVxwNiVwxvegvGGWCTaf1wWunmceE=
Subject key identifier:   C9:46:5D:E9:E6:35:20:B1:63:FC:D5:60:5A:79:ED:43:35:49:88:6B
Certificate issuer:       /CN=89554780db25b243c0a2d361979b130a7f13c60d
Certificate serial:       019B7B35FE09B249690479F0C2FCA7F1FAFC
Authority key identifier: 89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/yUZd6eY1ILFj_NVgWnntQzVJiGs.roa
Signing time:             Thu 01 Jan 2026 20:18:14 +0000
ROA not before:           Thu 01 Jan 2026 20:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39700
IP address blocks:        185.75.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fe:09:b2:49:69:04:79:f0:c2:fc:a7:f1:fa:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89554780db25b243c0a2d361979b130a7f13c60d
        Validity
            Not Before: Jan  1 20:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9465de9e63520b163fcd5605a79ed433549886b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9f:c6:3e:d4:66:5d:c4:c1:ff:05:e2:a3:83:
                    f8:77:73:8d:d3:ea:a2:56:78:d5:e8:89:97:bc:6b:
                    26:9d:f0:3d:33:9a:c5:fc:9a:9f:c2:70:ff:5d:f1:
                    2d:be:0b:1e:cf:0a:d1:20:72:82:ed:c6:6e:71:62:
                    9a:98:94:65:fa:bc:b4:e8:89:64:d0:06:ba:b8:5b:
                    f2:17:e5:49:7f:ef:fe:e6:a9:0b:12:ce:28:59:18:
                    70:e7:1c:66:45:26:89:e3:f8:d8:e6:b0:f5:86:c1:
                    3f:24:46:07:39:0f:f9:f1:c9:ca:0d:93:e1:5a:8d:
                    84:bd:4e:af:a5:19:84:9e:50:2d:fc:17:0f:6f:94:
                    8e:8a:19:c3:bb:13:68:6b:2e:64:d9:e9:87:de:5d:
                    33:fe:15:0d:db:17:f0:c5:de:29:15:0a:16:21:51:
                    bf:30:c0:5d:2d:51:dc:3f:71:ae:90:a4:30:87:fd:
                    be:6b:1f:75:bb:e3:63:c2:f9:b4:e0:00:fe:bd:4b:
                    b0:99:89:89:fb:53:4a:20:2a:c9:69:49:a7:a0:a3:
                    92:c3:d5:b0:b3:af:d5:0f:16:95:c9:da:6b:c5:2e:
                    f7:b8:c2:58:ab:d8:53:14:f0:de:76:94:71:f2:ca:
                    9c:de:4c:65:e4:45:d2:84:1b:86:13:07:5a:71:4e:
                    98:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:46:5D:E9:E6:35:20:B1:63:FC:D5:60:5A:79:ED:43:35:49:88:6B
            X509v3 Authority Key Identifier:
                keyid:89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/yUZd6eY1ILFj_NVgWnntQzVJiGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:fb:dd:a5:17:72:0c:05:2f:6a:7a:3c:7a:89:0e:88:19:5a:
         dc:8c:d4:52:09:ab:5d:ac:9b:e4:64:e0:74:95:fb:1c:96:16:
         a9:3b:d7:04:46:47:9f:95:6a:25:16:a8:e8:04:36:c9:69:dd:
         85:de:2f:81:dd:35:d7:7e:44:b8:52:d4:c9:f3:77:c0:75:dc:
         16:a2:a5:6b:4f:dc:7e:f6:92:69:05:5e:1f:c2:ed:a7:f4:01:
         62:c2:3f:74:70:40:fc:87:3a:6c:2f:b2:6a:9e:1e:51:57:c5:
         5f:06:3f:21:c1:39:b6:33:02:6b:a9:1c:a6:ba:4e:c8:5d:a5:
         ab:04:0b:04:12:cd:36:c8:15:34:80:4f:9f:21:ca:c1:1a:32:
         97:60:eb:16:a6:0d:22:37:24:73:a8:1d:97:a3:78:fb:39:c3:
         f1:e1:fc:fd:0b:39:d9:d9:6d:b8:3f:37:e7:53:33:32:89:48:
         97:13:f9:2f:3a:c3:26:7d:5a:5d:48:fd:46:5a:35:11:d5:7a:
         a3:06:64:ca:04:ff:1e:4b:33:40:a3:30:6a:28:27:b2:e9:b8:
         2d:ee:fd:a6:73:05:25:1d:04:85:ff:2b:76:2c:25:ae:ab:0d:
         63:22:63:c9:00:c2:e7:75:90:79:59:7c:6a:64:f9:93:cd:df:
         36:e4:0b:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nf4JsklpBHnwwvyn8fr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTU0NzgwZGIyNWIyNDNjMGEyZDM2MTk3OWIxMzBhN2Yx
M2M2MGQwHhcNMjYwMTAxMjAxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTQ2NWRlOWU2MzUyMGIxNjNmY2Q1NjA1YTc5ZWQ0MzM1NDk4ODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp/GPtRmXcTB/wXio4P4d3ON0+qi
VnjV6ImXvGsmnfA9M5rF/JqfwnD/XfEtvgsezwrRIHKC7cZucWKamJRl+ry06Ilk
0Aa6uFvyF+VJf+/+5qkLEs4oWRhw5xxmRSaJ4/jY5rD1hsE/JEYHOQ/58cnKDZPh
Wo2EvU6vpRmEnlAt/BcPb5SOihnDuxNoay5k2emH3l0z/hUN2xfwxd4pFQoWIVG/
MMBdLVHcP3GukKQwh/2+ax91u+Njwvm04AD+vUuwmYmJ+1NKICrJaUmnoKOSw9Ww
s6/VDxaVydprxS73uMJYq9hTFPDedpRx8sqc3kxl5EXShBuGEwdacU6YnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlGXenmNSCxY/zVYFp57UM1SYhrMB8GA1UdIwQY
MBaAFIlVR4DbJbJDwKLTYZebEwp/E8YNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGIt
ZGJhNGM5Yjg3MDZiLzEveVVaZDZlWTFJTEZqX05WZ1dubnRRelZKaUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGItZGJhNGM5Yjg3MDZi
LzEvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUucMA0G
CSqGSIb3DQEBCwUAA4IBAQBr+92lF3IMBS9qejx6iQ6IGVrcjNRSCatdrJvkZOB0
lfsclhapO9cERkeflWolFqjoBDbJad2F3i+B3TXXfkS4UtTJ83fAddwWoqVrT9x+
9pJpBV4fwu2n9AFiwj90cED8hzpsL7Jqnh5RV8VfBj8hwTm2MwJrqRymuk7IXaWr
BAsEEs02yBU0gE+fIcrBGjKXYOsWpg0iNyRzqB2Xo3j7OcPx4fz9CznZ2W24Pzfn
UzMyiUiXE/kvOsMmfVpdSP1GWjUR1XqjBmTKBP8eSzNAozBqKCey6bgt7v2mcwUl
HQSF/yt2LCWuqw1jImPJAMLndZB5WXxqZPmTzd825AtS
-----END CERTIFICATE-----