This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/yjWJBP_-NJfhexDZzlwqedaPyY4.roa
File:                     yjWJBP_-NJfhexDZzlwqedaPyY4.roa (raw, json)
Hash identifier:          SkEjGblzIkRFnt59eOfa2NG/dhlC1N31bem5GR7D9p0=
Subject key identifier:   CA:35:89:04:FF:FE:34:97:E1:7B:10:D9:CE:5C:2A:79:D6:8F:C9:8E
Certificate issuer:       /CN=619cf9a9e0b6461ad833875ac1168f8923fd550b
Certificate serial:       019B76EAFFFC02BFA412F2B9EE1CC77A9486
Authority key identifier: 61:9C:F9:A9:E0:B6:46:1A:D8:33:87:5A:C1:16:8F:89:23:FD:55:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/yjWJBP_-NJfhexDZzlwqedaPyY4.roa
Signing time:             Thu 01 Jan 2026 00:17:51 +0000
ROA not before:           Thu 01 Jan 2026 00:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200410
IP address blocks:        78.24.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ff:fc:02:bf:a4:12:f2:b9:ee:1c:c7:7a:94:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=619cf9a9e0b6461ad833875ac1168f8923fd550b
        Validity
            Not Before: Jan  1 00:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca358904fffe3497e17b10d9ce5c2a79d68fc98e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a2:9c:ba:44:d0:d4:c0:8c:15:5a:a0:70:e1:
                    b9:bb:b4:09:f3:b2:2a:06:3e:40:b6:c8:c5:21:65:
                    13:5e:bc:fa:b1:da:88:5a:e8:5e:9d:64:87:fe:9f:
                    2e:79:80:63:20:41:84:43:f2:31:ef:2c:07:eb:b0:
                    e8:22:d9:f6:0e:01:da:13:37:a6:d6:76:9a:e1:c0:
                    3f:9e:ef:a4:cc:1a:0f:47:e9:a1:1c:a3:41:4d:5d:
                    e2:b0:f3:da:eb:e4:9d:ff:56:55:94:ae:22:ca:e1:
                    40:66:93:93:97:00:e8:9c:64:7d:52:15:b7:de:27:
                    31:54:be:64:2f:f2:c7:65:88:20:c8:fc:eb:27:fe:
                    75:ae:40:93:a2:99:fc:4b:9d:d9:af:5a:a8:e0:f5:
                    e6:3d:4c:19:10:26:c4:2a:7f:da:b4:1e:11:c7:10:
                    b3:bb:36:eb:8a:53:b3:b7:da:ae:3c:d3:80:26:38:
                    f8:32:48:72:57:20:68:3d:99:81:f5:3a:db:9e:7b:
                    93:74:fe:f3:7d:0a:37:6b:d3:f7:ef:e3:93:bf:cb:
                    6a:94:9e:87:43:04:10:74:8a:2d:29:d6:ea:62:12:
                    36:14:eb:cd:e4:c3:67:67:41:3e:81:d4:e1:c1:d3:
                    bc:4e:df:fd:fd:54:dd:55:a5:21:36:85:ba:88:e3:
                    21:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:35:89:04:FF:FE:34:97:E1:7B:10:D9:CE:5C:2A:79:D6:8F:C9:8E
            X509v3 Authority Key Identifier:
                keyid:61:9C:F9:A9:E0:B6:46:1A:D8:33:87:5A:C1:16:8F:89:23:FD:55:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/yjWJBP_-NJfhexDZzlwqedaPyY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:1c:97:99:5a:9a:f4:0e:a6:6e:b9:26:42:cb:51:db:f5:a0:
         90:70:58:f9:83:49:72:dc:d0:34:b8:95:77:2e:86:23:b5:73:
         d8:2b:37:05:51:ab:a4:95:73:99:ec:7d:1e:95:1d:45:3e:d6:
         4f:87:4d:4c:5e:e2:10:1a:d2:c1:de:df:71:d3:a7:3d:6d:3e:
         2c:77:e1:1b:b6:17:e1:05:49:23:d0:07:c0:a0:f8:78:54:d5:
         9e:91:56:02:13:aa:3f:af:ab:74:bc:e3:62:71:d2:48:4d:05:
         d6:7a:eb:5c:1b:82:2b:93:6f:1e:98:fe:a1:7e:71:da:02:3b:
         70:a9:0b:6c:9c:eb:e9:77:ec:7a:94:59:90:d6:c5:7f:32:3d:
         cb:00:15:7f:04:0a:d6:02:23:6c:ff:56:dd:f1:40:f6:c4:14:
         60:3d:d2:0d:ee:00:84:20:e5:b8:69:90:66:99:31:dc:ba:00:
         fd:1e:fa:0b:8a:65:9a:3f:24:3d:32:a8:02:e5:6b:94:f1:b7:
         91:60:74:00:ad:a5:61:59:51:5a:80:35:69:b6:de:a8:d7:1c:
         28:c6:ac:aa:5b:77:63:24:de:24:24:a2:00:cd:32:14:35:4c:
         f0:46:cd:6d:b9:da:88:92:83:a3:d6:ae:d0:92:d9:6a:2c:28:
         d7:be:53:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26v/8Ar+kEvK57hzHepSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxOWNmOWE5ZTBiNjQ2MWFkODMzODc1YWMxMTY4Zjg5MjNm
ZDU1MGIwHhcNMjYwMTAxMDAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTM1ODkwNGZmZmUzNDk3ZTE3YjEwZDljZTVjMmE3OWQ2OGZjOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaKcukTQ1MCMFVqgcOG5u7QJ87Iq
Bj5AtsjFIWUTXrz6sdqIWuhenWSH/p8ueYBjIEGEQ/Ix7ywH67DoItn2DgHaEzem
1naa4cA/nu+kzBoPR+mhHKNBTV3isPPa6+Sd/1ZVlK4iyuFAZpOTlwDonGR9UhW3
3icxVL5kL/LHZYggyPzrJ/51rkCTopn8S53Zr1qo4PXmPUwZECbEKn/atB4RxxCz
uzbrilOzt9quPNOAJjj4MkhyVyBoPZmB9TrbnnuTdP7zfQo3a9P37+OTv8tqlJ6H
QwQQdIotKdbqYhI2FOvN5MNnZ0E+gdThwdO8Tt/9/VTdVaUhNoW6iOMh6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMo1iQT//jSX4XsQ2c5cKnnWj8mOMB8GA1UdIwQY
MBaAFGGc+angtkYa2DOHWsEWj4kj/VULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVp6NXFlQzJSaHJZTTRkYXdSYVBpU1A5VlFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNmJmYWItZWFjNi00YTQyLTg4NzIt
MTRhZmFlOTEzMzZkLzEveWpXSkJQXy1OSmZoZXhEWnpsd3FlZGFQeVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNmJmYWItZWFjNi00YTQyLTg4NzItMTRhZmFlOTEzMzZk
LzEvWVp6NXFlQzJSaHJZTTRkYXdSYVBpU1A5VlFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThjJMA0G
CSqGSIb3DQEBCwUAA4IBAQCDHJeZWpr0DqZuuSZCy1Hb9aCQcFj5g0ly3NA0uJV3
LoYjtXPYKzcFUauklXOZ7H0elR1FPtZPh01MXuIQGtLB3t9x06c9bT4sd+Ebthfh
BUkj0AfAoPh4VNWekVYCE6o/r6t0vONicdJITQXWeutcG4Irk28emP6hfnHaAjtw
qQtsnOvpd+x6lFmQ1sV/Mj3LABV/BArWAiNs/1bd8UD2xBRgPdIN7gCEIOW4aZBm
mTHcugD9HvoLimWaPyQ9MqgC5WuU8beRYHQAraVhWVFagDVptt6o1xwoxqyqW3dj
JN4kJKIAzTIUNUzwRs1tudqIkoOj1q7QktlqLCjXvlPi
-----END CERTIFICATE-----