This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/yVrNXqNEpQPVCD5-s0QzcdjfSt0.roa
File:                     yVrNXqNEpQPVCD5-s0QzcdjfSt0.roa (raw, json)
Hash identifier:          MPF8hnJnGT4tCUF+yYI/sK+YJjujYjlpvRajTbmYFa4=
Subject key identifier:   C9:5A:CD:5E:A3:44:A5:03:D5:08:3E:7E:B3:44:33:71:D8:DF:4A:DD
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019B77C7186C1B32F7D38875A68BFFC02DDF
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/yVrNXqNEpQPVCD5-s0QzcdjfSt0.roa
Signing time:             Thu 01 Jan 2026 04:18:14 +0000
ROA not before:           Thu 01 Jan 2026 04:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214088
IP address blocks:        85.133.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:18:6c:1b:32:f7:d3:88:75:a6:8b:ff:c0:2d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  1 04:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c95acd5ea344a503d5083e7eb3443371d8df4add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c5:32:33:78:52:c0:a1:b0:e9:c0:63:24:83:
                    47:5d:e7:f5:3f:28:30:98:37:30:ed:71:5b:ce:8e:
                    49:d7:d6:ba:8d:d0:5c:5c:b2:0e:61:4b:65:a1:77:
                    a4:d8:af:31:82:a3:84:12:60:25:d0:cd:07:c4:c9:
                    68:bc:e6:3e:cf:d7:f6:56:34:bd:5a:82:64:3e:b4:
                    59:71:62:65:82:df:44:0a:52:31:8c:a9:64:77:78:
                    53:82:6e:31:ad:9b:46:78:28:16:f8:01:a3:7c:bb:
                    70:4c:d6:64:b8:e6:f9:c1:ec:dd:8a:4f:47:0a:9e:
                    97:3d:3c:f1:60:e0:71:3a:66:9c:6b:b9:7a:aa:7a:
                    8a:cb:8e:ad:b8:4f:df:06:88:90:bf:66:5a:f6:04:
                    5d:28:ee:bb:ca:ba:08:89:47:d4:ee:a8:3f:f4:ab:
                    42:3d:bf:5a:5b:aa:50:9f:74:00:24:6e:71:dc:ac:
                    17:d1:a2:6c:bd:75:1a:a1:a5:7a:a0:48:23:2f:13:
                    fd:50:8c:d0:58:01:53:b5:83:e2:22:01:99:19:ca:
                    e4:22:25:f8:41:8c:f3:98:57:0b:5e:56:98:4f:45:
                    10:a0:15:18:ae:9b:c8:6d:10:17:22:6a:86:64:c7:
                    df:7b:27:f4:5c:3d:68:e5:85:8d:b4:88:a9:8d:1d:
                    bf:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5A:CD:5E:A3:44:A5:03:D5:08:3E:7E:B3:44:33:71:D8:DF:4A:DD
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/yVrNXqNEpQPVCD5-s0QzcdjfSt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:1d:c0:35:14:54:25:a7:3c:b0:52:41:16:4b:6e:12:59:e4:
         8a:f1:69:6e:89:51:7b:c9:21:34:0d:15:02:fe:43:86:37:2b:
         bd:c8:02:f0:a7:2b:f2:51:83:cf:c9:5d:32:41:52:1f:67:ef:
         46:42:5d:fc:0a:9f:23:eb:f8:d6:c4:6d:44:96:e7:2c:60:45:
         5b:2a:67:32:c2:0c:7e:a7:ed:b8:c4:ea:cb:06:c4:57:37:af:
         98:4e:4f:9d:03:6d:20:08:65:5f:f7:f8:da:f9:3e:76:4d:f4:
         56:cb:a5:fd:c2:ad:43:34:2d:6f:49:f1:df:46:c6:e7:c4:4a:
         ff:d0:aa:56:98:e2:f3:1a:e9:8f:4f:6f:c7:66:c0:52:9a:f0:
         fa:02:85:cc:31:3b:99:98:18:02:2e:da:a6:70:d2:57:08:18:
         d8:c5:8e:59:1f:32:94:48:b6:db:8f:af:6d:33:64:a5:a7:a2:
         11:0a:3b:62:d0:e3:e6:5e:eb:21:3f:58:60:3f:78:c9:6e:cf:
         6f:42:65:46:45:54:24:0d:17:5f:43:63:2b:27:8e:02:89:bb:
         56:5d:11:01:d9:db:5d:09:ea:6e:af:31:ab:e1:61:6c:e8:c6:
         32:12:19:8a:a0:b8:72:67:7d:c6:24:d6:36:da:9b:16:17:48:
         28:ed:c6:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxhsGzL304h1pov/wC3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMTAxMDQxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVhY2Q1ZWEzNDRhNTAzZDUwODNlN2ViMzQ0MzM3MWQ4ZGY0YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8UyM3hSwKGw6cBjJINHXef1Pygw
mDcw7XFbzo5J19a6jdBcXLIOYUtloXek2K8xgqOEEmAl0M0HxMlovOY+z9f2VjS9
WoJkPrRZcWJlgt9EClIxjKlkd3hTgm4xrZtGeCgW+AGjfLtwTNZkuOb5wezdik9H
Cp6XPTzxYOBxOmaca7l6qnqKy46tuE/fBoiQv2Za9gRdKO67yroIiUfU7qg/9KtC
Pb9aW6pQn3QAJG5x3KwX0aJsvXUaoaV6oEgjLxP9UIzQWAFTtYPiIgGZGcrkIiX4
QYzzmFcLXlaYT0UQoBUYrpvIbRAXImqGZMffeyf0XD1o5YWNtIipjR2/LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlazV6jRKUD1Qg+frNEM3HY30rdMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEveVZyTlhxTkVwUVBWQ0Q1LXMwUXpjZGpmU3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXpMA0G
CSqGSIb3DQEBCwUAA4IBAQAvHcA1FFQlpzywUkEWS24SWeSK8WluiVF7ySE0DRUC
/kOGNyu9yALwpyvyUYPPyV0yQVIfZ+9GQl38Cp8j6/jWxG1ElucsYEVbKmcywgx+
p+24xOrLBsRXN6+YTk+dA20gCGVf9/ja+T52TfRWy6X9wq1DNC1vSfHfRsbnxEr/
0KpWmOLzGumPT2/HZsBSmvD6AoXMMTuZmBgCLtqmcNJXCBjYxY5ZHzKUSLbbj69t
M2Slp6IRCjti0OPmXushP1hgP3jJbs9vQmVGRVQkDRdfQ2MrJ44CibtWXREB2dtd
CepurzGr4WFs6MYyEhmKoLhyZ33GJNY22psWF0go7cZK
-----END CERTIFICATE-----