This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/I945miDFpQYT7r3liramnIH9Rls.roa
File:                     I945miDFpQYT7r3liramnIH9Rls.roa (raw, json)
Hash identifier:          e2W1mAyx8RsZ5wQIGm7sXapbFW0BtqtspvuqaFqFnSU=
Subject key identifier:   23:DE:39:9A:20:C5:A5:06:13:EE:BD:E5:8A:B6:A6:9C:81:FD:46:5B
Certificate issuer:       /CN=d9f9fa7b944f7e7c60d73ef10b776fc27995a4ed
Certificate serial:       019B7F83274887118C0FBA536D410A446AE8
Authority key identifier: D9:F9:FA:7B:94:4F:7E:7C:60:D7:3E:F1:0B:77:6F:C2:79:95:A4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/I945miDFpQYT7r3liramnIH9Rls.roa
Signing time:             Fri 02 Jan 2026 16:21:00 +0000
ROA not before:           Fri 02 Jan 2026 16:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201558
IP address blocks:        185.69.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:27:48:87:11:8c:0f:ba:53:6d:41:0a:44:6a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f9fa7b944f7e7c60d73ef10b776fc27995a4ed
        Validity
            Not Before: Jan  2 16:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23de399a20c5a50613eebde58ab6a69c81fd465b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9a:2a:eb:ca:7f:f6:e9:56:e7:36:44:ae:6a:
                    e9:18:61:7a:2a:72:00:93:f4:e1:d4:fb:ab:76:e6:
                    2a:26:55:65:3a:11:7d:f1:84:e5:82:64:4e:71:25:
                    01:4c:b1:96:0e:95:8e:0e:3a:80:64:85:4e:10:13:
                    3c:d5:bb:8f:3c:75:18:e0:d3:57:12:f3:6d:71:6f:
                    63:9d:cd:39:2a:a2:78:86:ab:73:59:ec:0e:e2:23:
                    02:d4:44:08:27:95:87:e6:aa:20:53:43:83:53:5c:
                    6b:f6:a4:cc:b9:62:c2:83:73:c5:65:21:f2:94:e7:
                    3c:3d:04:bf:81:a3:6c:d3:5b:72:61:30:2d:ab:fd:
                    a0:91:26:6b:d4:e5:e2:d1:12:b8:60:68:13:72:a5:
                    1c:ec:47:97:b7:aa:c8:5d:e4:dd:48:c9:97:2f:92:
                    1c:3f:c8:32:f0:9d:d9:b8:9f:98:67:65:d3:05:ca:
                    b5:d6:26:b2:e1:01:0b:74:d4:1b:2c:57:fd:fa:d0:
                    c0:e1:f6:62:7d:f9:f1:79:71:9e:10:38:81:bf:d9:
                    22:2a:b3:8f:b5:67:98:2c:a4:13:6f:74:84:b9:a5:
                    33:43:b2:11:90:fa:24:45:e4:af:0e:86:31:bf:a9:
                    67:fe:a0:d8:a9:e8:38:43:48:14:2b:7a:3e:cf:89:
                    14:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DE:39:9A:20:C5:A5:06:13:EE:BD:E5:8A:B6:A6:9C:81:FD:46:5B
            X509v3 Authority Key Identifier:
                keyid:D9:F9:FA:7B:94:4F:7E:7C:60:D7:3E:F1:0B:77:6F:C2:79:95:A4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fn6e5RPfnxg1z7xC3dvwnmVpO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/I945miDFpQYT7r3liramnIH9Rls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9d4203-2eee-41de-8d85-08bf22f64097/1/2fn6e5RPfnxg1z7xC3dvwnmVpO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:f1:9f:0d:82:c0:15:b9:c7:d9:99:8f:73:e3:f8:14:ab:69:
         f6:da:5a:cf:64:ff:b3:7a:24:d0:23:44:72:21:20:52:54:02:
         5d:f3:69:0e:e1:2e:d6:52:f4:83:4d:ed:19:b4:96:88:79:47:
         67:30:a7:15:ae:5f:49:53:c0:d8:bd:42:30:92:83:1b:99:72:
         75:a9:55:84:0a:7c:a5:cf:4a:2d:94:d2:01:de:28:a5:be:5e:
         55:4b:f7:4d:bf:e0:5e:d1:89:99:e4:78:4f:ae:3a:ab:25:fc:
         aa:ec:16:35:c4:e5:87:c1:82:a7:e5:c6:7a:52:dc:2d:24:5b:
         e5:bd:e6:7b:a8:0e:31:31:01:47:c7:5e:b0:a1:38:85:40:1f:
         47:b0:19:be:6b:2c:a9:62:bd:8c:06:98:8d:ba:5d:cd:ad:5c:
         ad:40:30:a5:3e:89:7a:ec:0b:6a:bb:40:3b:5a:e9:f6:8c:63:
         73:c1:80:61:52:c1:11:dd:b0:69:5a:92:c2:67:e2:84:ab:6c:
         e9:3f:ea:3a:58:1c:a9:2f:bf:4f:13:8b:49:5e:51:a4:12:44:
         a2:c1:22:2c:5a:80:5a:83:29:75:fa:c9:96:84:1e:af:5c:99:
         a1:47:57:f3:3b:b5:4e:06:47:19:c7:54:d4:8d:53:c0:79:89:
         26:24:22:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gydIhxGMD7pTbUEKRGroMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjlmYTdiOTQ0ZjdlN2M2MGQ3M2VmMTBiNzc2ZmMyNzk5
NWE0ZWQwHhcNMjYwMTAyMTYyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RlMzk5YTIwYzVhNTA2MTNlZWJkZTU4YWI2YTY5YzgxZmQ0NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJoq68p/9ulW5zZErmrpGGF6KnIA
k/Th1PurduYqJlVlOhF98YTlgmROcSUBTLGWDpWODjqAZIVOEBM81buPPHUY4NNX
EvNtcW9jnc05KqJ4hqtzWewO4iMC1EQIJ5WH5qogU0ODU1xr9qTMuWLCg3PFZSHy
lOc8PQS/gaNs01tyYTAtq/2gkSZr1OXi0RK4YGgTcqUc7EeXt6rIXeTdSMmXL5Ic
P8gy8J3ZuJ+YZ2XTBcq11iay4QELdNQbLFf9+tDA4fZiffnxeXGeEDiBv9kiKrOP
tWeYLKQTb3SEuaUzQ7IRkPokReSvDoYxv6ln/qDYqeg4Q0gUK3o+z4kUMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPeOZogxaUGE+695Yq2ppyB/UZbMB8GA1UdIwQY
MBaAFNn5+nuUT358YNc+8Qt3b8J5laTtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZuNmU1UlBmbnhnMXo3eEMzZHZ3bm1WcE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85ZDQyMDMtMmVlZS00MWRlLThkODUt
MDhiZjIyZjY0MDk3LzEvSTk0NW1pREZwUVlUN3IzbGlyYW1uSUg5UmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85ZDQyMDMtMmVlZS00MWRlLThkODUtMDhiZjIyZjY0MDk3
LzEvMmZuNmU1UlBmbnhnMXo3eEMzZHZ3bm1WcE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUW7MA0G
CSqGSIb3DQEBCwUAA4IBAQA88Z8NgsAVucfZmY9z4/gUq2n22lrPZP+zeiTQI0Ry
ISBSVAJd82kO4S7WUvSDTe0ZtJaIeUdnMKcVrl9JU8DYvUIwkoMbmXJ1qVWECnyl
z0otlNIB3iilvl5VS/dNv+Be0YmZ5HhPrjqrJfyq7BY1xOWHwYKn5cZ6UtwtJFvl
veZ7qA4xMQFHx16woTiFQB9HsBm+ayypYr2MBpiNul3NrVytQDClPol67Atqu0A7
Wun2jGNzwYBhUsER3bBpWpLCZ+KEq2zpP+o6WBypL79PE4tJXlGkEkSiwSIsWoBa
gyl1+smWhB6vXJmhR1fzO7VOBkcZx1TUjVPAeYkmJCJ6
-----END CERTIFICATE-----