This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Sf8l21ZiSgWSjqxAQwjY5XTnt64.roa
File:                     Sf8l21ZiSgWSjqxAQwjY5XTnt64.roa (raw, json)
Hash identifier:          ic64AzL0lNZhjVYT/xvGWlRABvZPQStgxrPZWRuzhDM=
Subject key identifier:   49:FF:25:DB:56:62:4A:05:92:8E:AC:40:43:08:D8:E5:74:E7:B7:AE
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019B7C7F5E2C644A623566A2E00BF5E75FDC
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Sf8l21ZiSgWSjqxAQwjY5XTnt64.roa
Signing time:             Fri 02 Jan 2026 02:18:00 +0000
ROA not before:           Fri 02 Jan 2026 02:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201845
IP address blocks:        85.232.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:5e:2c:64:4a:62:35:66:a2:e0:0b:f5:e7:5f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 02:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49ff25db56624a05928eac404308d8e574e7b7ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:13:34:de:4a:05:bd:18:3e:9a:f7:37:be:ab:
                    cf:22:28:80:e0:4a:99:30:cf:a0:db:f9:9a:a9:cc:
                    91:8f:ab:5b:3e:4a:c4:bf:9f:7e:d6:97:cf:ec:c5:
                    d4:24:a9:9f:a4:44:e5:35:2f:b4:a4:af:14:1f:34:
                    c6:d1:fc:7f:a1:43:76:7e:46:59:76:2a:b6:34:ce:
                    5a:b2:89:5d:60:11:ac:76:8c:ad:fb:7f:52:39:94:
                    c9:75:81:3b:4f:66:b3:c4:47:7e:53:df:11:d2:eb:
                    86:18:af:dd:85:57:ab:ae:7c:cc:07:fe:66:77:c5:
                    2c:d2:d4:ff:61:b9:33:9f:31:dd:14:4e:cd:a7:2b:
                    9a:df:6d:24:40:1a:c6:eb:e7:51:17:c4:ff:de:a7:
                    f5:f2:06:49:40:3c:6a:8e:e6:47:b4:54:ac:45:58:
                    d7:9c:05:38:1d:36:66:e6:9f:68:83:47:e2:6f:53:
                    bc:5e:6e:bb:07:0b:09:7c:57:cc:40:0a:88:6c:06:
                    10:d7:46:7d:d0:bc:3d:30:22:14:dc:d3:0d:5b:58:
                    75:dd:95:a5:95:2d:de:1d:53:8b:55:2f:7d:d7:40:
                    4b:54:0f:f1:70:88:ec:25:9b:17:83:e3:c1:c4:81:
                    32:d6:60:42:71:57:b6:f7:22:2f:46:ac:93:4a:54:
                    47:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FF:25:DB:56:62:4A:05:92:8E:AC:40:43:08:D8:E5:74:E7:B7:AE
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Sf8l21ZiSgWSjqxAQwjY5XTnt64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:2b:37:8e:69:56:bc:d3:65:e2:a9:c1:d4:a4:5d:2f:be:61:
         98:da:6b:fb:51:41:56:e7:68:e2:b7:35:39:2f:40:ff:4b:86:
         5b:6b:00:a4:7b:24:42:6a:e1:0c:f4:ed:ed:f9:1c:f9:4e:71:
         09:e0:84:c6:16:52:32:e4:d4:c5:45:ea:c4:6c:1a:aa:f7:df:
         10:17:af:31:bf:e2:57:70:d6:3d:e4:17:de:ea:eb:40:56:e3:
         ce:d5:57:90:2b:f3:34:42:95:35:86:3c:a9:6d:88:60:fc:64:
         51:9c:cd:55:d7:d6:1c:15:f3:3e:5b:2f:f4:84:61:58:ed:a7:
         a9:1e:40:37:c2:5d:e4:ac:f9:02:f0:ec:4f:f6:f3:e2:08:ab:
         16:be:83:c9:ea:c6:17:c7:74:76:c0:6c:94:17:4c:1f:18:3e:
         ee:db:e7:04:4a:44:f2:bf:85:ce:69:0b:2c:d6:5a:85:7a:14:
         19:20:1f:c1:85:78:27:72:ca:b9:d7:b7:fc:08:0a:fb:51:8e:
         4c:5e:53:8e:70:c7:e2:6b:5c:79:50:bf:15:60:2e:3b:a2:be:
         27:ae:01:5d:02:4b:f1:b6:31:7f:f2:1c:55:90:bd:2b:ca:d2:
         3d:1b:58:c6:61:2f:25:1f:17:2d:ed:14:58:e4:8f:25:58:84:
         09:73:75:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f14sZEpiNWai4Av151/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjYwMTAyMDIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZmMjVkYjU2NjI0YTA1OTI4ZWFjNDA0MzA4ZDhlNTc0ZTdiN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihM03koFvRg+mvc3vqvPIiiA4EqZ
MM+g2/maqcyRj6tbPkrEv59+1pfP7MXUJKmfpETlNS+0pK8UHzTG0fx/oUN2fkZZ
diq2NM5asoldYBGsdoyt+39SOZTJdYE7T2azxEd+U98R0uuGGK/dhVerrnzMB/5m
d8Us0tT/YbkznzHdFE7Npyua320kQBrG6+dRF8T/3qf18gZJQDxqjuZHtFSsRVjX
nAU4HTZm5p9og0fib1O8Xm67BwsJfFfMQAqIbAYQ10Z90Lw9MCIU3NMNW1h13ZWl
lS3eHVOLVS9910BLVA/xcIjsJZsXg+PBxIEy1mBCcVe29yIvRqyTSlRHsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn/JdtWYkoFko6sQEMI2OV057euMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvU2Y4bDIxWmlTZ1dTanF4QVF3alk1WFRudDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVejnMA0G
CSqGSIb3DQEBCwUAA4IBAQBxKzeOaVa802XiqcHUpF0vvmGY2mv7UUFW52jitzU5
L0D/S4ZbawCkeyRCauEM9O3t+Rz5TnEJ4ITGFlIy5NTFRerEbBqq998QF68xv+JX
cNY95Bfe6utAVuPO1VeQK/M0QpU1hjypbYhg/GRRnM1V19YcFfM+Wy/0hGFY7aep
HkA3wl3krPkC8OxP9vPiCKsWvoPJ6sYXx3R2wGyUF0wfGD7u2+cESkTyv4XOaQss
1lqFehQZIB/BhXgncsq517f8CAr7UY5MXlOOcMfia1x5UL8VYC47or4nrgFdAkvx
tjF/8hxVkL0rytI9G1jGYS8lHxct7RRY5I8lWIQJc3XK
-----END CERTIFICATE-----