This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/yBmSRS9b5lz7_xzd3NgvPyLBW94.roa
File:                     yBmSRS9b5lz7_xzd3NgvPyLBW94.roa (raw, json)
Hash identifier:          8pKcmdD26fnU0KVwOwv225VvvZWRzrn5qkT1zOJvfrA=
Subject key identifier:   C8:19:92:45:2F:5B:E6:5C:FB:FF:1C:DD:DC:D8:2F:3F:22:C1:5B:DE
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       019B7F157ED402A290E49692222DA2FC9467
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/yBmSRS9b5lz7_xzd3NgvPyLBW94.roa
Signing time:             Fri 02 Jan 2026 14:21:13 +0000
ROA not before:           Fri 02 Jan 2026 14:21:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2830
IP address blocks:        193.58.222.0/24 maxlen: 24
                          193.58.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 02:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:7e:d4:02:a2:90:e4:96:92:22:2d:a2:fc:94:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  2 14:21:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c81992452f5be65cfbff1cdddcd82f3f22c15bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:af:5e:e3:6a:e1:a9:dd:1a:a5:67:20:c4:d4:
                    0d:2a:60:6d:c5:2c:60:f1:b0:6d:30:e4:75:06:fb:
                    65:75:b9:20:2b:ab:0d:bb:e2:36:c2:b9:2d:cc:4b:
                    3c:0c:40:50:1a:b0:e5:c3:79:c9:b2:49:45:24:75:
                    9b:d6:f6:fb:80:87:b2:81:42:2b:74:f1:ba:5e:b2:
                    9d:31:5c:ba:18:f0:13:25:e5:da:a4:60:9b:fc:dd:
                    ed:ce:86:0a:82:c3:8d:1b:12:28:51:39:d1:5a:93:
                    c3:b6:8a:d7:07:ee:6b:cc:0a:37:73:21:d8:fd:2a:
                    16:b5:4b:0c:e2:1a:c6:bd:fd:84:e5:89:0a:12:82:
                    ee:0a:de:66:f5:07:68:8e:fd:93:bc:a5:80:40:56:
                    e3:ef:1f:68:f1:8f:58:2c:3e:82:f5:44:57:31:4f:
                    48:25:1e:ad:fb:26:ca:14:2d:9f:97:1d:d3:32:0a:
                    34:2b:d8:54:ce:8a:a0:e5:4a:13:cc:43:c3:a7:19:
                    a0:d6:a8:e4:2f:88:42:ad:79:bd:53:fa:02:c7:da:
                    94:8e:58:49:fd:5c:cc:6b:aa:15:f5:34:c0:28:bc:
                    9e:82:37:55:37:ce:92:64:98:eb:d1:59:e1:ed:e1:
                    98:bf:ae:3f:97:a1:09:3c:1d:f3:3c:f4:2d:a2:47:
                    9b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:19:92:45:2F:5B:E6:5C:FB:FF:1C:DD:DC:D8:2F:3F:22:C1:5B:DE
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/yBmSRS9b5lz7_xzd3NgvPyLBW94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:7b:9b:93:51:94:2f:59:95:ef:b9:3e:d8:41:e0:1f:4a:ee:
         09:6d:fa:80:fa:a7:58:48:97:4e:ea:e3:b4:73:81:d2:da:9d:
         ba:b0:ab:b5:b0:70:1c:a2:3f:20:37:25:0d:65:6d:c6:7c:6c:
         b7:ce:89:dd:e4:f0:38:ac:d8:44:1d:75:0b:21:43:12:46:96:
         cf:fe:88:92:4a:43:ed:e1:24:89:5f:b0:b1:4a:a7:bd:c7:b8:
         0b:dc:79:d1:51:62:60:e3:68:cc:cf:ae:9c:1d:2a:ee:4c:90:
         ce:9a:a9:23:c6:56:bc:04:05:b3:34:33:20:d0:2d:94:db:1e:
         3e:ba:ab:04:d2:b5:e4:a1:af:2d:1f:80:e0:1d:c0:75:bb:61:
         e5:ae:7c:33:89:de:df:e3:b0:0b:fe:2d:d6:39:79:ff:da:a7:
         c1:7a:6c:4f:b0:9e:66:d8:17:9f:83:23:7c:b8:98:2c:6f:2f:
         68:4a:45:58:f4:8b:bf:14:6d:5c:1c:24:ba:22:a8:0e:46:cc:
         73:56:46:0b:75:09:3e:de:bd:f6:64:46:9e:60:8a:df:0c:bb:
         14:dc:fd:d6:12:77:f8:08:68:6e:35:ba:c3:9d:b6:0a:ff:cf:
         f7:1c:7e:c1:53:e7:e4:b9:89:6f:68:9a:fe:b9:aa:52:c3:dc:
         20:1a:bc:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FX7UAqKQ5JaSIi2i/JRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjYwMTAyMTQyMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODE5OTI0NTJmNWJlNjVjZmJmZjFjZGRkY2Q4MmYzZjIyYzE1YmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApa9e42rhqd0apWcgxNQNKmBtxSxg
8bBtMOR1BvtldbkgK6sNu+I2wrktzEs8DEBQGrDlw3nJsklFJHWb1vb7gIeygUIr
dPG6XrKdMVy6GPATJeXapGCb/N3tzoYKgsONGxIoUTnRWpPDtorXB+5rzAo3cyHY
/SoWtUsM4hrGvf2E5YkKEoLuCt5m9Qdojv2TvKWAQFbj7x9o8Y9YLD6C9URXMU9I
JR6t+ybKFC2flx3TMgo0K9hUzoqg5UoTzEPDpxmg1qjkL4hCrXm9U/oCx9qUjlhJ
/VzMa6oV9TTAKLyegjdVN86SZJjr0Vnh7eGYv64/l6EJPB3zPPQtokebowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgZkkUvW+Zc+/8c3dzYLz8iwVveMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEveUJtU1JTOWI1bHo3X3h6ZDNOZ3ZQeUxCVzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTreMA0G
CSqGSIb3DQEBCwUAA4IBAQCNe5uTUZQvWZXvuT7YQeAfSu4JbfqA+qdYSJdO6uO0
c4HS2p26sKu1sHAcoj8gNyUNZW3GfGy3zond5PA4rNhEHXULIUMSRpbP/oiSSkPt
4SSJX7CxSqe9x7gL3HnRUWJg42jMz66cHSruTJDOmqkjxla8BAWzNDMg0C2U2x4+
uqsE0rXkoa8tH4DgHcB1u2Hlrnwzid7f47AL/i3WOXn/2qfBemxPsJ5m2BefgyN8
uJgsby9oSkVY9Iu/FG1cHCS6IqgORsxzVkYLdQk+3r32ZEaeYIrfDLsU3P3WEnf4
CGhuNbrDnbYK/8/3HH7BU+fkuYlvaJr+uapSw9wgGryi
-----END CERTIFICATE-----