This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/suamwYdV2kKIPidzPYiCq9-IUDM.roa
File:                     suamwYdV2kKIPidzPYiCq9-IUDM.roa (raw, json)
Hash identifier:          VNOegjuT8/2Y39UrMHD85RKZ5GmjLwxmKGv2c2FnOoA=
Subject key identifier:   B2:E6:A6:C1:87:55:DA:42:88:3E:27:73:3D:88:82:AB:DF:88:50:33
Certificate issuer:       /CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
Certificate serial:       019B7834AD0CFDE8B2929619349E55235ED0
Authority key identifier: EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/suamwYdV2kKIPidzPYiCq9-IUDM.roa
Signing time:             Thu 01 Jan 2026 06:17:56 +0000
ROA not before:           Thu 01 Jan 2026 06:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.33.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ad:0c:fd:e8:b2:92:96:19:34:9e:55:23:5e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
        Validity
            Not Before: Jan  1 06:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2e6a6c18755da42883e27733d8882abdf885033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:65:3f:53:ea:ca:d6:35:3e:6c:1a:64:57:ba:
                    61:d3:e8:78:a0:e2:03:53:5e:02:bd:98:d3:89:90:
                    a7:33:6a:2e:0d:8c:41:9c:7f:9e:63:67:07:54:99:
                    da:ae:b4:53:9a:21:2b:71:5d:67:73:df:b2:98:dd:
                    3e:bb:09:fa:e1:20:67:7b:81:ea:d2:35:c1:35:6b:
                    60:bc:b7:e9:69:0a:83:d9:a7:4d:e7:e9:94:1d:ea:
                    46:b1:66:3f:6a:62:42:b5:2f:b1:96:eb:72:25:23:
                    ea:77:8d:04:52:fb:40:af:cf:81:c5:79:19:e8:e7:
                    1f:d5:1a:5c:9e:0d:e2:49:44:1a:47:77:ed:d9:7d:
                    61:2a:93:24:30:16:48:db:8e:8b:c4:c8:52:ac:0e:
                    ba:26:19:14:38:19:ee:c3:9b:d1:4f:06:10:58:36:
                    51:c8:0e:98:f9:75:48:2b:78:d3:94:7e:27:1e:c1:
                    4e:21:f5:0a:cf:6d:3d:dd:50:53:3c:df:78:22:71:
                    f2:22:28:d3:e5:b0:1c:da:a0:dd:a4:36:6c:c4:ed:
                    44:a2:68:30:db:3c:4e:be:42:af:67:78:ae:2e:ed:
                    03:33:5b:0a:35:f1:ae:af:68:09:06:7e:45:c2:06:
                    e1:7e:a7:58:83:59:62:6b:88:7c:5a:27:3b:82:ee:
                    a2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E6:A6:C1:87:55:DA:42:88:3E:27:73:3D:88:82:AB:DF:88:50:33
            X509v3 Authority Key Identifier:
                keyid:EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/suamwYdV2kKIPidzPYiCq9-IUDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:54:9b:8d:37:2c:3f:97:eb:0d:f9:72:1b:00:72:ee:19:38:
         50:72:fc:24:02:c1:ef:10:3e:95:b1:5f:fd:4b:02:d7:55:7f:
         9b:e6:49:e9:37:a6:f5:81:d1:2f:db:ea:04:30:14:fd:7a:62:
         fa:3d:e1:97:bc:ac:ea:c9:3c:37:ba:72:52:10:f9:38:a9:62:
         ae:d0:56:8d:05:02:d7:af:52:d6:df:f3:6f:05:7c:32:13:11:
         39:28:df:69:71:3c:21:a1:19:c4:40:c9:0e:97:e0:db:75:59:
         e1:6a:74:ea:71:8e:f1:be:83:b5:58:d1:5a:f3:1d:7f:17:d1:
         e3:3a:62:66:2e:14:cd:81:0c:2b:89:a4:35:06:b3:4a:03:2c:
         52:81:99:96:7c:47:c0:37:a8:25:5a:e4:df:5b:02:66:3a:4d:
         c2:6c:c8:d5:89:cb:04:a9:23:b0:e1:6d:ac:14:f9:b6:99:87:
         7f:d8:40:04:64:82:fd:9e:ff:2c:cb:d3:65:5c:ea:5b:be:71:
         cc:66:0a:ce:a4:51:c6:7a:9a:5a:dc:c3:4f:05:38:5c:68:c2:
         8e:bc:53:43:8e:b8:03:44:73:38:b5:2a:52:fc:9a:db:31:37:
         91:a2:7c:ef:01:c3:98:70:b9:06:b3:d2:bb:7c:e6:c5:ad:a5:
         ae:1b:4c:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NK0M/eiykpYZNJ5VI17QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYzY2NDAzYWQwYzQ1MzdhZjljMzJiMGRlZjBjNTJhYzJh
YWIxMDQwHhcNMjYwMTAxMDYxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU2YTZjMTg3NTVkYTQyODgzZTI3NzMzZDg4ODJhYmRmODg1MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WU/U+rK1jU+bBpkV7ph0+h4oOID
U14CvZjTiZCnM2ouDYxBnH+eY2cHVJnarrRTmiErcV1nc9+ymN0+uwn64SBne4Hq
0jXBNWtgvLfpaQqD2adN5+mUHepGsWY/amJCtS+xlutyJSPqd40EUvtAr8+BxXkZ
6Ocf1Rpcng3iSUQaR3ft2X1hKpMkMBZI246LxMhSrA66JhkUOBnuw5vRTwYQWDZR
yA6Y+XVIK3jTlH4nHsFOIfUKz2093VBTPN94InHyIijT5bAc2qDdpDZsxO1Eomgw
2zxOvkKvZ3iuLu0DM1sKNfGur2gJBn5FwgbhfqdYg1lia4h8Wic7gu6i2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLmpsGHVdpCiD4ncz2IgqvfiFAzMB8GA1UdIwQY
MBaAFOvGZAOtDEU3r5wysN7wxSrCqrEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMt
ZDFhOWRhNGExMzBkLzEvc3VhbXdZZFYya0tJUGlkelBZaUNxOS1JVURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMtZDFhOWRhNGExMzBk
LzEvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSFcMA0G
CSqGSIb3DQEBCwUAA4IBAQArVJuNNyw/l+sN+XIbAHLuGThQcvwkAsHvED6VsV/9
SwLXVX+b5knpN6b1gdEv2+oEMBT9emL6PeGXvKzqyTw3unJSEPk4qWKu0FaNBQLX
r1LW3/NvBXwyExE5KN9pcTwhoRnEQMkOl+DbdVnhanTqcY7xvoO1WNFa8x1/F9Hj
OmJmLhTNgQwriaQ1BrNKAyxSgZmWfEfAN6glWuTfWwJmOk3CbMjVicsEqSOw4W2s
FPm2mYd/2EAEZIL9nv8sy9NlXOpbvnHMZgrOpFHGeppa3MNPBThcaMKOvFNDjrgD
RHM4tSpS/JrbMTeRonzvAcOYcLkGs9K7fObFraWuG0zM
-----END CERTIFICATE-----