This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/fRlgrC6V-4hpDOR3xf-j7dbCZZ8.roa
File:                     fRlgrC6V-4hpDOR3xf-j7dbCZZ8.roa (raw, json)
Hash identifier:          aMV6NBt217+iKos/Lhiyotp7vHjyI7McAj/90qITACM=
Subject key identifier:   7D:19:60:AC:2E:95:FB:88:69:0C:E4:77:C5:FF:A3:ED:D6:C2:65:9F
Certificate issuer:       /CN=2e1620890f700f012b0ba60172314e3c85919513
Certificate serial:       019B7F158A1ACF6193F2C86042968B91B398
Authority key identifier: 2E:16:20:89:0F:70:0F:01:2B:0B:A6:01:72:31:4E:3C:85:91:95:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhYgiQ9wDwErC6YBcjFOPIWRlRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/fRlgrC6V-4hpDOR3xf-j7dbCZZ8.roa
Signing time:             Fri 02 Jan 2026 14:21:16 +0000
ROA not before:           Fri 02 Jan 2026 14:21:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61113
IP address blocks:        185.3.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/LhYgiQ9wDwErC6YBcjFOPIWRlRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/LhYgiQ9wDwErC6YBcjFOPIWRlRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhYgiQ9wDwErC6YBcjFOPIWRlRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:8a:1a:cf:61:93:f2:c8:60:42:96:8b:91:b3:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1620890f700f012b0ba60172314e3c85919513
        Validity
            Not Before: Jan  2 14:21:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d1960ac2e95fb88690ce477c5ffa3edd6c2659f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:66:68:36:c0:56:92:51:7c:fb:01:7f:30:69:
                    db:64:74:71:cf:41:6a:f1:42:e7:d1:5f:cf:f4:d7:
                    cb:67:ee:e4:8a:82:41:14:60:f3:b8:ba:a5:4c:45:
                    2f:04:88:60:10:67:1e:d3:36:33:6f:92:61:c6:ba:
                    7b:58:b9:81:44:f6:a6:a5:f1:29:69:cb:d7:73:2e:
                    18:a7:64:e7:69:65:06:f9:df:0f:1f:3b:36:50:04:
                    f6:88:9f:e3:83:3c:89:dc:70:a0:1e:70:02:76:50:
                    a7:00:a0:d4:79:1d:40:28:d8:19:27:14:dc:0b:60:
                    50:cb:0d:28:8f:4f:8e:fc:98:88:f2:8b:21:9f:32:
                    12:83:a9:ed:a5:43:3f:89:3c:76:8c:0b:cc:a0:6d:
                    5c:e0:8f:c5:91:71:df:0c:2c:b4:9f:37:b8:9b:68:
                    1a:a1:7c:24:b3:06:5a:11:5f:65:ea:1d:b4:71:ca:
                    90:a7:e5:c1:73:1a:e7:9c:0e:c5:0c:9d:30:48:72:
                    1b:44:68:2e:11:25:38:c6:a2:c0:e5:0d:5f:5e:c2:
                    39:60:b2:dc:82:e6:b3:83:fe:f9:bd:da:5f:ac:d1:
                    6c:97:ec:92:63:e5:21:42:9e:e9:2f:63:46:35:e7:
                    1c:1a:73:0f:74:9d:8c:28:a4:1a:60:36:61:53:9c:
                    74:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:19:60:AC:2E:95:FB:88:69:0C:E4:77:C5:FF:A3:ED:D6:C2:65:9F
            X509v3 Authority Key Identifier:
                keyid:2E:16:20:89:0F:70:0F:01:2B:0B:A6:01:72:31:4E:3C:85:91:95:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhYgiQ9wDwErC6YBcjFOPIWRlRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/fRlgrC6V-4hpDOR3xf-j7dbCZZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/821152-9f13-4c09-9dcd-45bbb23a15d8/1/LhYgiQ9wDwErC6YBcjFOPIWRlRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:a4:03:5a:c2:ab:55:ce:f6:50:96:94:f1:08:f3:70:00:a4:
         f5:31:de:47:1c:3b:a9:0b:48:9e:4b:3c:a2:d1:2b:fe:a9:b5:
         5d:af:a2:f8:c6:53:83:91:dc:70:ec:e5:86:05:1b:7e:b2:97:
         97:8c:77:86:36:8c:f0:5f:d1:c6:08:76:dd:29:45:d1:17:f4:
         b5:93:41:e3:5a:fe:d1:21:b5:2d:98:5a:e4:e7:0e:d9:08:d0:
         01:15:fa:69:f6:9d:66:65:a3:5e:73:e2:ff:87:97:45:74:03:
         86:4f:97:7f:81:c3:f1:69:d2:24:9a:af:6a:c5:72:a4:f0:dc:
         35:d0:c8:02:df:93:dd:76:b7:0e:b7:aa:39:ed:29:5d:90:1f:
         b6:36:60:57:80:ae:e4:84:eb:10:02:d9:06:4e:ed:76:a8:de:
         d6:9e:0d:d0:74:75:b2:47:b7:39:37:5a:9c:b0:ba:19:36:66:
         f7:80:a1:e0:46:12:f2:b2:8a:84:af:2b:e5:ff:9d:e5:1f:f0:
         6f:b8:63:3d:bf:89:bd:0c:6c:63:70:7c:a3:09:42:47:12:ba:
         e3:83:3a:fd:c2:19:12:91:4c:77:40:cd:b7:0c:10:59:a4:5d:
         c0:27:57:7c:ec:18:cf:4d:70:ba:56:35:b6:45:86:d2:a9:0e:
         f7:35:d5:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FYoaz2GT8shgQpaLkbOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTYyMDg5MGY3MDBmMDEyYjBiYTYwMTcyMzE0ZTNjODU5
MTk1MTMwHhcNMjYwMTAyMTQyMTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDE5NjBhYzJlOTVmYjg4NjkwY2U0NzdjNWZmYTNlZGQ2YzI2NTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGZoNsBWklF8+wF/MGnbZHRxz0Fq
8ULn0V/P9NfLZ+7kioJBFGDzuLqlTEUvBIhgEGce0zYzb5Jhxrp7WLmBRPampfEp
acvXcy4Yp2TnaWUG+d8PHzs2UAT2iJ/jgzyJ3HCgHnACdlCnAKDUeR1AKNgZJxTc
C2BQyw0oj0+O/JiI8oshnzISg6ntpUM/iTx2jAvMoG1c4I/FkXHfDCy0nze4m2ga
oXwkswZaEV9l6h20ccqQp+XBcxrnnA7FDJ0wSHIbRGguESU4xqLA5Q1fXsI5YLLc
guazg/75vdpfrNFsl+ySY+UhQp7pL2NGNeccGnMPdJ2MKKQaYDZhU5x01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0ZYKwulfuIaQzkd8X/o+3WwmWfMB8GA1UdIwQY
MBaAFC4WIIkPcA8BKwumAXIxTjyFkZUTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhZZ2lROXdEd0VyQzZZQmNqRk9QSVdSbFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy84MjExNTItOWYxMy00YzA5LTlkY2Qt
NDViYmIyM2ExNWQ4LzEvZlJsZ3JDNlYtNGhwRE9SM3hmLWo3ZGJDWlo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy84MjExNTItOWYxMy00YzA5LTlkY2QtNDViYmIyM2ExNWQ4
LzEvTGhZZ2lROXdEd0VyQzZZQmNqRk9QSVdSbFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQMWMA0G
CSqGSIb3DQEBCwUAA4IBAQBRpANawqtVzvZQlpTxCPNwAKT1Md5HHDupC0ieSzyi
0Sv+qbVdr6L4xlODkdxw7OWGBRt+speXjHeGNozwX9HGCHbdKUXRF/S1k0HjWv7R
IbUtmFrk5w7ZCNABFfpp9p1mZaNec+L/h5dFdAOGT5d/gcPxadIkmq9qxXKk8Nw1
0MgC35PddrcOt6o57SldkB+2NmBXgK7khOsQAtkGTu12qN7Wng3QdHWyR7c5N1qc
sLoZNmb3gKHgRhLysoqEryvl/53lH/BvuGM9v4m9DGxjcHyjCUJHErrjgzr9whkS
kUx3QM23DBBZpF3AJ1d87BjPTXC6VjW2RYbSqQ73NdU5
-----END CERTIFICATE-----