This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/9Y4Cj1zcNI-OI_G0_326TU47Zk8.roa
File:                     9Y4Cj1zcNI-OI_G0_326TU47Zk8.roa (raw, json)
Hash identifier:          8kLwum3zpuCTGIqKbfHCoFSoW2guHnnrlJufLkIKMM0=
Subject key identifier:   F5:8E:02:8F:5C:DC:34:8F:8E:23:F1:B4:FF:7D:BA:4D:4E:3B:66:4F
Certificate issuer:       /CN=8afc31f36c97777f906b93e83ae657f00aeb3099
Certificate serial:       019B7CECCDA8F77A477A4980DB1C8ECCAF04
Authority key identifier: 8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/9Y4Cj1zcNI-OI_G0_326TU47Zk8.roa
Signing time:             Fri 02 Jan 2026 04:17:32 +0000
ROA not before:           Fri 02 Jan 2026 04:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47232
IP address blocks:        185.214.192.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:cd:a8:f7:7a:47:7a:49:80:db:1c:8e:cc:af:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afc31f36c97777f906b93e83ae657f00aeb3099
        Validity
            Not Before: Jan  2 04:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f58e028f5cdc348f8e23f1b4ff7dba4d4e3b664f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:34:0f:73:a3:0b:84:38:50:33:6b:9f:f1:94:
                    61:59:0a:dc:e2:61:84:98:b4:c6:67:cf:dc:85:eb:
                    e7:a8:0f:5c:3f:d5:a1:13:66:ec:ac:fc:87:78:73:
                    30:1f:0b:e8:7b:4a:e2:50:b1:3b:d8:41:e7:fe:df:
                    6d:a2:87:ba:f6:aa:bb:18:0c:16:31:60:95:5a:11:
                    ed:a1:46:35:1c:72:2f:25:c4:5a:ce:26:86:c2:d0:
                    59:2e:ec:ca:85:a1:1a:9f:9e:50:c1:cd:1e:79:f6:
                    2d:2e:27:5b:77:fb:5c:76:cb:68:ec:b5:1e:26:c4:
                    92:1b:3e:b7:b6:47:15:d0:13:f7:1f:b4:d0:dd:10:
                    a4:d7:6a:8e:dd:40:25:62:cd:35:91:1b:31:98:e4:
                    8c:3d:5f:4e:f8:3c:f7:dc:84:30:2b:df:3e:8e:dd:
                    22:32:80:d2:32:9d:af:0c:b5:20:17:53:14:7a:73:
                    e4:2f:c2:f2:e9:66:e5:ba:f2:f3:25:db:a9:29:2b:
                    c5:c4:34:d1:f3:5a:db:dd:d6:ac:78:0a:4b:ac:3f:
                    da:a5:68:a9:cc:46:87:83:83:51:f1:92:a8:1e:48:
                    2b:5e:c1:25:d4:26:38:28:72:98:bd:de:3e:96:d2:
                    a5:9e:4a:a5:a4:ed:5b:d3:5d:2e:41:a5:1d:f1:a4:
                    cd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:8E:02:8F:5C:DC:34:8F:8E:23:F1:B4:FF:7D:BA:4D:4E:3B:66:4F
            X509v3 Authority Key Identifier:
                keyid:8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/9Y4Cj1zcNI-OI_G0_326TU47Zk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:b5:47:a7:ed:a8:d2:cc:05:81:15:d9:e6:71:c2:1a:fe:c2:
         d8:c4:c5:dc:91:7f:65:ba:e1:d0:fe:73:f9:a4:d0:ae:75:52:
         d3:6e:e9:c0:7d:0e:65:0c:03:d1:4a:4d:b1:1a:5d:5c:cd:a0:
         86:0a:33:da:fe:e7:a9:d4:06:09:fb:65:35:1f:db:2f:7d:ac:
         7a:5d:f7:04:97:8c:63:bb:34:ff:57:8c:3c:d7:54:e9:fa:d9:
         58:60:06:7a:9d:08:c2:59:ca:fe:1e:7d:e3:2d:56:b7:17:65:
         06:2a:e3:36:8e:87:12:54:b0:10:dd:07:2a:9d:cc:e2:ed:5c:
         d9:02:66:7d:a9:17:fc:cf:3a:0f:fd:fb:b7:5c:e9:b1:b8:50:
         e8:fa:8f:42:f0:00:6d:c7:ef:ce:a8:86:76:f0:de:85:f8:6a:
         a5:fd:96:9e:24:89:d4:e7:11:09:34:25:22:32:6b:82:7e:f6:
         7e:22:9c:ca:32:3f:d7:d6:de:95:b6:db:64:f4:f5:ad:86:98:
         c1:d7:2f:90:c6:c9:1b:66:f6:09:f2:b5:6c:44:35:35:52:1f:
         be:d1:ef:68:3a:07:87:6b:8f:56:62:d0:00:a4:61:b3:60:d9:
         30:32:ed:1d:c5:5c:1a:81:fc:45:25:99:06:6a:3d:cf:fa:e1:
         e1:d3:af:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87M2o93pHekmA2xyOzK8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmMzMWYzNmM5Nzc3N2Y5MDZiOTNlODNhZTY1N2YwMGFl
YjMwOTkwHhcNMjYwMTAyMDQxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNThlMDI4ZjVjZGMzNDhmOGUyM2YxYjRmZjdkYmE0ZDRlM2I2NjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DQPc6MLhDhQM2uf8ZRhWQrc4mGE
mLTGZ8/chevnqA9cP9WhE2bsrPyHeHMwHwvoe0riULE72EHn/t9tooe69qq7GAwW
MWCVWhHtoUY1HHIvJcRaziaGwtBZLuzKhaEan55Qwc0eefYtLidbd/tcdsto7LUe
JsSSGz63tkcV0BP3H7TQ3RCk12qO3UAlYs01kRsxmOSMPV9O+Dz33IQwK98+jt0i
MoDSMp2vDLUgF1MUenPkL8Ly6WbluvLzJdupKSvFxDTR81rb3daseApLrD/apWip
zEaHg4NR8ZKoHkgrXsEl1CY4KHKYvd4+ltKlnkqlpO1b010uQaUd8aTN1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWOAo9c3DSPjiPxtP99uk1OO2ZPMB8GA1UdIwQY
MBaAFIr8MfNsl3d/kGuT6DrmV/AK6zCZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQt
MDcxMTY5NDAwMGEwLzEvOVk0Q2oxemNOSS1PSV9HMF8zMjZUVTQ3Wms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQtMDcxMTY5NDAwMGEw
LzEvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudbAMA0G
CSqGSIb3DQEBCwUAA4IBAQAttUen7ajSzAWBFdnmccIa/sLYxMXckX9luuHQ/nP5
pNCudVLTbunAfQ5lDAPRSk2xGl1czaCGCjPa/uep1AYJ+2U1H9svfax6XfcEl4xj
uzT/V4w811Tp+tlYYAZ6nQjCWcr+Hn3jLVa3F2UGKuM2jocSVLAQ3Qcqnczi7VzZ
AmZ9qRf8zzoP/fu3XOmxuFDo+o9C8ABtx+/OqIZ28N6F+Gql/ZaeJInU5xEJNCUi
MmuCfvZ+IpzKMj/X1t6Vtttk9PWthpjB1y+QxskbZvYJ8rVsRDU1Uh++0e9oOgeH
a49WYtAApGGzYNkwMu0dxVwagfxFJZkGaj3P+uHh069h
-----END CERTIFICATE-----