This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/bDniOy7bJDqEB7j18XhIORHd9P4.roa
File:                     bDniOy7bJDqEB7j18XhIORHd9P4.roa (raw, json)
Hash identifier:          7UeZ8ffZs41TrgD9TFvep3setoYXza5q1+hwG2ZnLPc=
Subject key identifier:   6C:39:E2:3B:2E:DB:24:3A:84:07:B8:F5:F1:78:48:39:11:DD:F4:FE
Certificate issuer:       /CN=a817c7453f377e9cb6fae5c893c067a3e1d35145
Certificate serial:       019B791112D2F20F789D721F63A1411325DB
Authority key identifier: A8:17:C7:45:3F:37:7E:9C:B6:FA:E5:C8:93:C0:67:A3:E1:D3:51:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/bDniOy7bJDqEB7j18XhIORHd9P4.roa
Signing time:             Thu 01 Jan 2026 10:18:40 +0000
ROA not before:           Thu 01 Jan 2026 10:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15589
IP address blocks:        185.210.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:12:d2:f2:0f:78:9d:72:1f:63:a1:41:13:25:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a817c7453f377e9cb6fae5c893c067a3e1d35145
        Validity
            Not Before: Jan  1 10:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c39e23b2edb243a8407b8f5f178483911ddf4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:62:7b:7b:5d:05:73:a2:5e:2f:4a:84:70:bc:
                    56:a3:a3:5f:95:3c:10:98:49:2f:8b:64:83:12:f0:
                    a4:91:6a:14:a8:3e:49:a1:2c:1d:6e:50:18:4e:4a:
                    ca:d9:ad:7b:9c:8c:d2:8a:68:f0:67:03:08:0b:ed:
                    dc:80:e9:69:e8:30:a1:46:c8:76:8e:b5:ad:2f:2a:
                    f6:d5:b3:84:fb:78:17:42:3b:05:c1:69:39:ec:65:
                    11:e3:22:08:94:0d:a3:d1:ac:ca:7a:86:5a:d5:3f:
                    07:be:11:e8:51:12:7d:f1:45:b5:8b:8c:7c:6b:f9:
                    32:c8:e0:6c:4a:8a:62:cc:61:05:c7:65:43:b5:23:
                    7e:8e:61:7f:18:72:f5:c6:7b:55:19:96:dd:b9:ca:
                    75:9b:b4:d2:1d:97:11:da:5c:14:6d:80:91:44:8b:
                    d4:70:27:47:ed:c4:5e:a9:49:95:ed:12:9f:19:57:
                    fc:cf:82:b4:70:e3:87:08:73:84:0d:d7:e4:32:3f:
                    a4:e3:93:60:7e:7b:33:5f:e2:8e:cd:81:d6:64:93:
                    35:c5:35:6e:18:34:ac:b3:75:ac:a2:ea:29:b7:bd:
                    eb:16:7b:e8:a1:3e:30:26:72:ec:22:b2:48:13:c3:
                    14:ac:ef:c3:89:0e:ad:a3:62:5d:9f:ea:d1:93:a5:
                    08:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:39:E2:3B:2E:DB:24:3A:84:07:B8:F5:F1:78:48:39:11:DD:F4:FE
            X509v3 Authority Key Identifier:
                keyid:A8:17:C7:45:3F:37:7E:9C:B6:FA:E5:C8:93:C0:67:A3:E1:D3:51:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBfHRT83fpy2-uXIk8Bno-HTUUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/bDniOy7bJDqEB7j18XhIORHd9P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/95aa24-e84f-4245-9227-dec68083f8f6/1/qBfHRT83fpy2-uXIk8Bno-HTUUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:a4:90:38:29:71:4f:55:07:2e:fc:e0:65:af:e2:77:0c:b2:
         6a:9b:0d:72:b1:85:64:4b:04:81:4b:af:f8:55:35:9f:0c:dc:
         a3:67:77:88:89:11:e5:51:9f:08:b2:48:25:9e:56:84:36:29:
         6b:21:45:97:64:a1:c8:9d:cf:2e:2e:a5:4f:18:e4:16:e9:15:
         eb:a9:11:6e:42:04:4a:27:d9:dc:da:3d:b1:94:aa:f5:52:d2:
         6d:a0:8a:1b:cc:4a:7a:8e:c9:b2:88:86:2c:bd:4a:cf:7c:9c:
         89:d9:ea:18:b7:2f:17:e4:0d:b9:77:06:83:5b:56:1e:62:c4:
         3c:be:16:3d:72:fd:c9:ce:b3:2b:3f:0a:01:a5:de:c5:4f:ac:
         4c:f0:62:37:88:ac:26:da:f9:9e:52:29:62:14:49:6e:06:08:
         2e:fd:e3:5e:1b:b6:44:83:cd:e2:c8:1c:a3:3a:3d:7e:f7:94:
         f2:c5:cc:91:54:5e:07:ff:23:b3:32:c7:b1:db:1a:f3:b7:db:
         c7:c6:ab:d9:45:5d:08:13:ad:95:78:fb:37:02:49:25:d0:a8:
         e1:4f:30:b9:21:af:6e:cb:28:77:d0:25:e0:30:71:3a:22:fa:
         22:11:1e:80:d0:ea:73:ee:8d:5c:48:96:c7:73:18:c1:91:7f:
         49:26:1a:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ERLS8g94nXIfY6FBEyXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTdjNzQ1M2YzNzdlOWNiNmZhZTVjODkzYzA2N2EzZTFk
MzUxNDUwHhcNMjYwMTAxMTAxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzM5ZTIzYjJlZGIyNDNhODQwN2I4ZjVmMTc4NDgzOTExZGRmNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2J7e10Fc6JeL0qEcLxWo6NflTwQ
mEkvi2SDEvCkkWoUqD5JoSwdblAYTkrK2a17nIzSimjwZwMIC+3cgOlp6DChRsh2
jrWtLyr21bOE+3gXQjsFwWk57GUR4yIIlA2j0azKeoZa1T8HvhHoURJ98UW1i4x8
a/kyyOBsSopizGEFx2VDtSN+jmF/GHL1xntVGZbducp1m7TSHZcR2lwUbYCRRIvU
cCdH7cReqUmV7RKfGVf8z4K0cOOHCHOEDdfkMj+k45NgfnszX+KOzYHWZJM1xTVu
GDSss3Wsouopt73rFnvooT4wJnLsIrJIE8MUrO/DiQ6to2Jdn+rRk6UIMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGw54jsu2yQ6hAe49fF4SDkR3fT+MB8GA1UdIwQY
MBaAFKgXx0U/N36ctvrlyJPAZ6Ph01FFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJmSFJUODNmcHkyLXVYSWs4Qm5vLUhUVVVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS85NWFhMjQtZTg0Zi00MjQ1LTkyMjct
ZGVjNjgwODNmOGY2LzEvYkRuaU95N2JKRHFFQjdqMThYaElPUkhkOVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS85NWFhMjQtZTg0Zi00MjQ1LTkyMjctZGVjNjgwODNmOGY2
LzEvcUJmSFJUODNmcHkyLXVYSWs4Qm5vLUhUVVVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudKsMA0G
CSqGSIb3DQEBCwUAA4IBAQBWpJA4KXFPVQcu/OBlr+J3DLJqmw1ysYVkSwSBS6/4
VTWfDNyjZ3eIiRHlUZ8IskglnlaENilrIUWXZKHInc8uLqVPGOQW6RXrqRFuQgRK
J9nc2j2xlKr1UtJtoIobzEp6jsmyiIYsvUrPfJyJ2eoYty8X5A25dwaDW1YeYsQ8
vhY9cv3JzrMrPwoBpd7FT6xM8GI3iKwm2vmeUiliFEluBggu/eNeG7ZEg83iyByj
Oj1+95TyxcyRVF4H/yOzMsex2xrzt9vHxqvZRV0IE62VePs3Akkl0KjhTzC5Ia9u
yyh30CXgMHE6IvoiER6A0Opz7o1cSJbHcxjBkX9JJhob
-----END CERTIFICATE-----