This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/dligzRRVoWtfjy4qlRdbw7o42uM.roa
File:                     dligzRRVoWtfjy4qlRdbw7o42uM.roa (raw, json)
Hash identifier:          2ujZTExymeWh5nps9OWeUYEciPPWZb859+jQp6T2I7s=
Subject key identifier:   76:58:A0:CD:14:55:A1:6B:5F:8F:2E:2A:95:17:5B:C3:BA:38:DA:E3
Certificate issuer:       /CN=d464667c34a7dbb02f0530bce482d11ad42487bd
Certificate serial:       019B7F12D6465AD25B35DA9D9634B86348CD
Authority key identifier: D4:64:66:7C:34:A7:DB:B0:2F:05:30:BC:E4:82:D1:1A:D4:24:87:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/dligzRRVoWtfjy4qlRdbw7o42uM.roa
Signing time:             Fri 02 Jan 2026 14:18:19 +0000
ROA not before:           Fri 02 Jan 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205826
IP address blocks:        185.160.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:12:d6:46:5a:d2:5b:35:da:9d:96:34:b8:63:48:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d464667c34a7dbb02f0530bce482d11ad42487bd
        Validity
            Not Before: Jan  2 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7658a0cd1455a16b5f8f2e2a95175bc3ba38dae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:6e:c7:44:63:16:3e:8a:31:76:00:18:b5:
                    02:c1:20:88:f3:02:00:70:e4:e9:c0:05:f3:db:25:
                    81:1f:74:5b:e0:a2:47:6b:19:0e:71:27:61:5d:f2:
                    59:6a:39:53:49:d9:e9:1c:c3:3d:8c:4a:7f:f3:a8:
                    56:b3:be:87:c3:9c:47:91:d4:f4:c9:5d:62:f6:cf:
                    6d:2c:4b:db:50:e2:ec:ae:af:c3:fe:b0:c5:4e:6b:
                    a3:67:77:5b:0f:68:b5:fa:73:74:00:8d:6f:02:96:
                    7d:d7:21:f0:6f:f2:24:66:af:3b:9f:70:c2:b5:0b:
                    ae:25:6b:a2:ff:7e:db:c2:f6:bc:1e:83:4a:24:76:
                    c0:fd:90:90:4b:89:fa:b5:75:31:19:27:fb:47:1e:
                    21:b2:03:c6:38:92:b1:fb:c2:4d:92:82:c9:58:6a:
                    d7:4d:58:50:79:4c:63:51:a5:77:42:88:f0:48:9f:
                    1c:2b:26:11:6e:30:43:df:ac:e4:6e:02:f0:3d:c9:
                    2d:bf:d2:fa:cf:9e:53:f2:9f:83:8b:7f:23:5b:ca:
                    c1:93:a7:14:00:9a:c9:fb:4a:86:54:9d:d7:34:c2:
                    a9:d5:c3:40:c0:5c:38:71:98:a4:07:3c:6e:06:93:
                    a2:f6:6c:7a:e8:5a:92:b4:7d:4e:46:69:d4:5a:f0:
                    ce:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:58:A0:CD:14:55:A1:6B:5F:8F:2E:2A:95:17:5B:C3:BA:38:DA:E3
            X509v3 Authority Key Identifier:
                keyid:D4:64:66:7C:34:A7:DB:B0:2F:05:30:BC:E4:82:D1:1A:D4:24:87:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/dligzRRVoWtfjy4qlRdbw7o42uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e1:31:86:9f:b7:a8:4e:28:3e:2b:40:7f:e1:7b:08:66:25:
         8d:5b:1b:e7:05:0f:6e:07:33:7a:75:6b:84:c6:0c:02:88:5c:
         19:cd:6e:d2:e5:71:42:6e:34:82:0a:09:ea:20:95:59:8c:ab:
         2c:d8:92:71:45:6a:69:05:94:09:98:2a:c0:15:bc:2c:bf:69:
         53:61:1c:c0:b4:3e:46:93:c7:07:6b:e7:03:d6:00:03:fc:94:
         0e:fe:69:11:9e:34:80:c1:9a:3a:71:1f:4f:67:11:14:49:f9:
         8c:1e:91:ab:80:cb:83:0d:d1:aa:de:6c:e9:7d:8b:ef:65:00:
         87:91:c0:93:e5:fb:63:0c:8d:f1:8f:78:1d:aa:a6:33:68:41:
         55:0c:bf:55:de:95:71:9f:82:cb:89:20:fd:2a:a5:dd:cb:4e:
         b6:1b:cb:80:dd:e5:a9:cd:dc:c3:89:d7:ea:9f:18:67:b9:fc:
         0a:f4:b7:7c:4c:f8:3e:4d:76:a5:6a:75:cb:38:d2:ec:c7:38:
         87:bb:4a:bf:6f:0e:e4:00:37:f2:d6:7c:de:37:12:7f:0b:f7:
         8b:61:37:2f:77:5a:66:d7:55:62:b6:b1:fe:7a:96:17:b3:8c:
         c7:4f:7b:69:3b:72:a1:85:91:ac:3e:b9:b3:5c:dd:80:f9:b2:
         cd:41:3d:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/EtZGWtJbNdqdljS4Y0jNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjQ2NjdjMzRhN2RiYjAyZjA1MzBiY2U0ODJkMTFhZDQy
NDg3YmQwHhcNMjYwMTAyMTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjU4YTBjZDE0NTVhMTZiNWY4ZjJlMmE5NTE3NWJjM2JhMzhkYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbdux0RjFj6KMXYAGLUCwSCI8wIA
cOTpwAXz2yWBH3Rb4KJHaxkOcSdhXfJZajlTSdnpHMM9jEp/86hWs76Hw5xHkdT0
yV1i9s9tLEvbUOLsrq/D/rDFTmujZ3dbD2i1+nN0AI1vApZ91yHwb/IkZq87n3DC
tQuuJWui/37bwva8HoNKJHbA/ZCQS4n6tXUxGSf7Rx4hsgPGOJKx+8JNkoLJWGrX
TVhQeUxjUaV3QojwSJ8cKyYRbjBD36zkbgLwPcktv9L6z55T8p+Di38jW8rBk6cU
AJrJ+0qGVJ3XNMKp1cNAwFw4cZikBzxuBpOi9mx66FqStH1ORmnUWvDOaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZYoM0UVaFrX48uKpUXW8O6ONrjMB8GA1UdIwQY
MBaAFNRkZnw0p9uwLwUwvOSC0RrUJIe9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdSbWZEU24yN0F2QlRDODVJTFJHdFFraDcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iZjQ3OTMtMGM4NC00MjJjLTliOGUt
MjYwZGU2Y2JmNDU2LzEvZGxpZ3pSUlZvV3Rmank0cWxSZGJ3N280MnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iZjQ3OTMtMGM4NC00MjJjLTliOGUtMjYwZGU2Y2JmNDU2
LzEvMUdSbWZEU24yN0F2QlRDODVJTFJHdFFraDcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDOMA0G
CSqGSIb3DQEBCwUAA4IBAQCM4TGGn7eoTig+K0B/4XsIZiWNWxvnBQ9uBzN6dWuE
xgwCiFwZzW7S5XFCbjSCCgnqIJVZjKss2JJxRWppBZQJmCrAFbwsv2lTYRzAtD5G
k8cHa+cD1gAD/JQO/mkRnjSAwZo6cR9PZxEUSfmMHpGrgMuDDdGq3mzpfYvvZQCH
kcCT5ftjDI3xj3gdqqYzaEFVDL9V3pVxn4LLiSD9KqXdy062G8uA3eWpzdzDidfq
nxhnufwK9Ld8TPg+TXalanXLONLsxziHu0q/bw7kADfy1nzeNxJ/C/eLYTcvd1pm
11VitrH+epYXs4zHT3tpO3KhhZGsPrmzXN2A+bLNQT04
-----END CERTIFICATE-----