This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/rRTCz9gdKZmCD2CPH7ZEPITaxno.roa
File:                     rRTCz9gdKZmCD2CPH7ZEPITaxno.roa (raw, json)
Hash identifier:          IkdpUdMuuhLbUbcbS19kzqtq8+mEc9r+5ZSOWumJXFc=
Subject key identifier:   AD:14:C2:CF:D8:1D:29:99:82:0F:60:8F:1F:B6:44:3C:84:DA:C6:7A
Certificate issuer:       /CN=0ad06dd27bd93a380da4c75d1a8bf076828fd64a
Certificate serial:       019B7AC7AEE23CB7C60107A11B8B1664C103
Authority key identifier: 0A:D0:6D:D2:7B:D9:3A:38:0D:A4:C7:5D:1A:8B:F0:76:82:8F:D6:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CtBt0nvZOjgNpMddGovwdoKP1ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/rRTCz9gdKZmCD2CPH7ZEPITaxno.roa
Signing time:             Thu 01 Jan 2026 18:17:45 +0000
ROA not before:           Thu 01 Jan 2026 18:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62236
IP address blocks:        185.224.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/CtBt0nvZOjgNpMddGovwdoKP1ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/CtBt0nvZOjgNpMddGovwdoKP1ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CtBt0nvZOjgNpMddGovwdoKP1ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:ae:e2:3c:b7:c6:01:07:a1:1b:8b:16:64:c1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ad06dd27bd93a380da4c75d1a8bf076828fd64a
        Validity
            Not Before: Jan  1 18:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad14c2cfd81d2999820f608f1fb6443c84dac67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:30:5a:e5:7f:38:6f:51:d6:87:41:6e:b6:78:
                    9d:6a:ff:50:d2:a8:99:1e:87:f0:49:f4:d0:0c:f9:
                    44:51:60:49:74:f3:23:2a:d9:22:9a:b9:10:5b:61:
                    67:43:53:1d:5c:94:47:19:da:76:07:c8:bc:cd:b7:
                    42:a7:85:5a:0f:11:27:5d:fb:3b:6e:d6:2f:18:96:
                    7b:58:f4:bd:f1:47:15:7b:9c:5f:7c:14:51:84:1f:
                    3c:79:8b:44:47:5d:43:6e:ad:7e:82:ca:a8:eb:e8:
                    72:d2:ce:c4:8c:85:34:6d:a3:d7:50:5f:fc:6f:8c:
                    bf:da:0a:36:95:0a:f5:03:03:96:60:8a:eb:b5:3e:
                    e6:88:ea:81:77:fa:05:44:64:3d:6c:dc:97:d0:f5:
                    7d:64:ec:ad:6f:b9:47:17:07:65:9e:6a:78:ad:b1:
                    d8:2e:27:c1:11:f7:f7:b8:ee:13:d3:7d:05:45:ff:
                    25:c7:e0:11:4a:2f:71:9b:e8:7c:8c:81:9d:6a:42:
                    63:7e:32:d6:a1:7d:35:0a:97:fc:ae:64:d5:86:17:
                    cb:24:be:33:50:00:ee:10:8c:12:77:e7:ec:11:1f:
                    0d:4a:d0:64:6b:a2:49:77:20:3f:04:9f:42:68:23:
                    13:74:8a:14:f0:62:5d:73:24:46:b7:8b:d0:9e:03:
                    8b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:14:C2:CF:D8:1D:29:99:82:0F:60:8F:1F:B6:44:3C:84:DA:C6:7A
            X509v3 Authority Key Identifier:
                keyid:0A:D0:6D:D2:7B:D9:3A:38:0D:A4:C7:5D:1A:8B:F0:76:82:8F:D6:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CtBt0nvZOjgNpMddGovwdoKP1ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/rRTCz9gdKZmCD2CPH7ZEPITaxno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/db75db-25b2-43dc-aa12-ed001a2889ad/1/CtBt0nvZOjgNpMddGovwdoKP1ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a7:28:24:15:13:70:9d:0f:4a:8e:8d:51:43:a0:8f:3a:37:
         87:61:35:86:c8:c2:d7:d6:fc:57:11:df:80:08:b3:80:1a:62:
         af:aa:c9:6e:36:11:2e:7e:0c:95:a2:c5:fb:8e:b7:c1:6b:44:
         f6:60:80:e6:32:ce:1b:17:ea:d3:52:ee:fb:96:da:8e:f1:31:
         88:f5:08:14:f4:5d:7d:2a:95:27:12:96:2a:df:64:98:d2:3c:
         57:00:05:23:16:cc:c3:89:84:80:ee:9c:8c:0e:57:1e:fa:0a:
         c4:81:5c:d4:60:95:85:f9:50:fa:7b:34:a1:57:d4:53:1a:5d:
         48:96:c7:2b:22:95:da:f9:16:4f:95:78:0a:be:b4:d6:ed:6b:
         c4:7e:d2:7d:cf:ec:25:21:94:04:c9:ce:da:99:b4:54:cf:e0:
         3a:3b:03:b4:68:7b:15:0a:44:3d:46:83:fe:ce:64:69:ed:29:
         e9:f7:1f:9e:e8:98:6e:45:1f:63:0e:62:f9:ac:f3:3e:32:e7:
         3d:08:5e:79:82:c3:a9:c0:7b:34:4e:11:54:e1:8f:79:b6:30:
         07:fe:c4:6d:1d:99:3d:9e:c8:c3:c0:d8:59:13:fa:87:c7:d5:
         7d:fa:28:01:f0:e5:55:b4:c2:6c:22:fe:57:84:0f:f2:11:17:
         41:2a:e0:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x67iPLfGAQehG4sWZMEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZDA2ZGQyN2JkOTNhMzgwZGE0Yzc1ZDFhOGJmMDc2ODI4
ZmQ2NGEwHhcNMjYwMTAxMTgxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE0YzJjZmQ4MWQyOTk5ODIwZjYwOGYxZmI2NDQzYzg0ZGFjNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDBa5X84b1HWh0Futnidav9Q0qiZ
HofwSfTQDPlEUWBJdPMjKtkimrkQW2FnQ1MdXJRHGdp2B8i8zbdCp4VaDxEnXfs7
btYvGJZ7WPS98UcVe5xffBRRhB88eYtER11Dbq1+gsqo6+hy0s7EjIU0baPXUF/8
b4y/2go2lQr1AwOWYIrrtT7miOqBd/oFRGQ9bNyX0PV9ZOytb7lHFwdlnmp4rbHY
LifBEff3uO4T030FRf8lx+ARSi9xm+h8jIGdakJjfjLWoX01Cpf8rmTVhhfLJL4z
UADuEIwSd+fsER8NStBka6JJdyA/BJ9CaCMTdIoU8GJdcyRGt4vQngOL0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0Uws/YHSmZgg9gjx+2RDyE2sZ6MB8GA1UdIwQY
MBaAFArQbdJ72To4DaTHXRqL8HaCj9ZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3RCdDBudlpPamdOcE1kZEdvdndkb0tQMWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kYjc1ZGItMjViMi00M2RjLWFhMTIt
ZWQwMDFhMjg4OWFkLzEvclJUQ3o5Z2RLWm1DRDJDUEg3WkVQSVRheG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kYjc1ZGItMjViMi00M2RjLWFhMTItZWQwMDFhMjg4OWFk
LzEvQ3RCdDBudlpPamdOcE1kZEdvdndkb0tQMWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueAcMA0G
CSqGSIb3DQEBCwUAA4IBAQB3pygkFRNwnQ9Kjo1RQ6CPOjeHYTWGyMLX1vxXEd+A
CLOAGmKvqsluNhEufgyVosX7jrfBa0T2YIDmMs4bF+rTUu77ltqO8TGI9QgU9F19
KpUnEpYq32SY0jxXAAUjFszDiYSA7pyMDlce+grEgVzUYJWF+VD6ezShV9RTGl1I
lscrIpXa+RZPlXgKvrTW7WvEftJ9z+wlIZQEyc7ambRUz+A6OwO0aHsVCkQ9RoP+
zmRp7Snp9x+e6JhuRR9jDmL5rPM+Muc9CF55gsOpwHs0ThFU4Y95tjAH/sRtHZk9
nsjDwNhZE/qHx9V9+igB8OVVtMJsIv5XhA/yERdBKuCr
-----END CERTIFICATE-----