This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Z-ylfmdqBOcYXZY9cKfT5J6Cmxs.roa
File:                     Z-ylfmdqBOcYXZY9cKfT5J6Cmxs.roa (raw, json)
Hash identifier:          NFvDwf6pF5zNtBQi76+Pv7ngK7erBN5TLVUe5AzopaQ=
Subject key identifier:   67:EC:A5:7E:67:6A:04:E7:18:5D:96:3D:70:A7:D3:E4:9E:82:9B:1B
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB78CA13BC79A796F1C691FF3964DE
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Z-ylfmdqBOcYXZY9cKfT5J6Cmxs.roa
Signing time:             Thu 01 Jan 2026 00:18:21 +0000
ROA not before:           Thu 01 Jan 2026 00:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16312
IP address blocks:        185.116.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:78:ca:13:bc:79:a7:96:f1:c6:91:ff:39:64:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67eca57e676a04e7185d963d70a7d3e49e829b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:72:d9:0d:4a:68:aa:66:9c:1c:3b:5d:ad:
                    ca:cf:2c:a8:aa:50:44:2f:da:84:e5:93:98:6f:f8:
                    85:98:8c:12:7d:67:d7:24:7d:e2:79:4a:b3:1b:4f:
                    7f:3f:43:d3:10:fd:c2:bb:2d:6e:68:53:13:a8:9f:
                    f0:a3:3d:de:ee:eb:d8:37:ac:b6:01:55:f9:34:a1:
                    40:44:9e:65:ed:14:e4:8f:56:da:37:a6:75:2a:4c:
                    ce:df:c5:97:32:32:f9:12:ed:df:e3:2f:e8:76:f8:
                    b1:5d:cc:fb:48:26:1a:97:3e:23:5e:4f:79:52:0e:
                    27:5e:96:c3:17:af:34:3b:bd:1d:ca:9a:20:71:d9:
                    7b:22:ba:2b:84:d7:a2:d4:1f:ff:6b:12:3c:a4:7f:
                    d4:b8:fd:e8:6f:ae:9f:a6:13:fa:1a:d8:fd:96:93:
                    c8:15:ce:f5:c6:98:7d:9d:35:f8:50:01:0f:c6:c4:
                    3a:ee:2d:03:f9:f5:6e:0c:40:57:19:e6:2a:85:18:
                    54:25:27:59:f4:85:db:de:bd:f2:09:49:1c:c0:68:
                    2f:9a:8d:89:13:42:9e:6d:e1:bb:7f:95:4c:21:55:
                    7b:53:a2:b2:de:f2:c4:72:6d:7f:8a:b0:38:55:b9:
                    78:a8:b2:12:83:a4:79:97:3c:38:8a:8d:79:b4:e8:
                    2d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:EC:A5:7E:67:6A:04:E7:18:5D:96:3D:70:A7:D3:E4:9E:82:9B:1B
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Z-ylfmdqBOcYXZY9cKfT5J6Cmxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:10:1d:0c:40:03:06:df:63:3a:70:8b:79:7c:d3:c0:bb:21:
         12:ad:fc:09:04:8a:61:d2:20:37:30:5b:af:0f:15:c4:6f:7b:
         c0:a7:82:59:44:9b:5a:41:21:1f:5f:13:21:c9:e7:75:94:7d:
         da:8f:d6:7e:cc:7f:d9:fc:75:49:33:37:13:63:9b:73:f1:36:
         98:f2:bc:93:e7:e9:8d:6f:75:83:1a:cc:89:ac:25:80:8a:23:
         36:f1:c5:29:bd:9b:77:26:b6:3a:1b:09:6f:1a:a6:ef:20:04:
         5e:39:92:c7:b0:90:47:dd:aa:71:7a:db:30:8d:9e:be:9f:d4:
         15:2e:57:09:12:b0:2a:45:b2:f8:3b:98:6e:63:15:16:f5:ae:
         c5:18:f5:ee:f7:c5:a4:44:e1:30:4d:70:2f:4b:f4:a2:ec:4a:
         b8:fa:bf:c0:78:de:e1:28:e2:dd:05:fa:9e:6e:83:87:9e:06:
         93:3e:0d:b2:24:cb:d2:13:0e:6f:46:b5:54:f3:0c:63:d3:f6:
         00:10:34:40:07:67:83:40:17:a4:0e:84:19:8b:39:2d:91:67:
         18:24:06:b2:cd:d0:2d:95:4a:ee:7d:16:30:29:d2:26:26:78:
         5f:0c:e8:74:25:21:da:4a:6c:64:11:78:cc:42:ea:a5:8e:53:
         26:a3:9e:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt263jKE7x5p5bxxpH/OWTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2VjYTU3ZTY3NmEwNGU3MTg1ZDk2M2Q3MGE3ZDNlNDllODI5YjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeRy2Q1KaKpmnBw7Xa3KzyyoqlBE
L9qE5ZOYb/iFmIwSfWfXJH3ieUqzG09/P0PTEP3Cuy1uaFMTqJ/woz3e7uvYN6y2
AVX5NKFARJ5l7RTkj1baN6Z1KkzO38WXMjL5Eu3f4y/odvixXcz7SCYalz4jXk95
Ug4nXpbDF680O70dypogcdl7IrorhNei1B//axI8pH/UuP3ob66fphP6Gtj9lpPI
Fc71xph9nTX4UAEPxsQ67i0D+fVuDEBXGeYqhRhUJSdZ9IXb3r3yCUkcwGgvmo2J
E0KebeG7f5VMIVV7U6Ky3vLEcm1/irA4Vbl4qLISg6R5lzw4io15tOgtwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfspX5nagTnGF2WPXCn0+SegpsbMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvWi15bGZtZHFCT2NZWFpZOWNLZlQ1SjZDbXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXTwMA0G
CSqGSIb3DQEBCwUAA4IBAQAwEB0MQAMG32M6cIt5fNPAuyESrfwJBIph0iA3MFuv
DxXEb3vAp4JZRJtaQSEfXxMhyed1lH3aj9Z+zH/Z/HVJMzcTY5tz8TaY8ryT5+mN
b3WDGsyJrCWAiiM28cUpvZt3JrY6GwlvGqbvIAReOZLHsJBH3apxetswjZ6+n9QV
LlcJErAqRbL4O5huYxUW9a7FGPXu98WkROEwTXAvS/Si7Eq4+r/AeN7hKOLdBfqe
boOHngaTPg2yJMvSEw5vRrVU8wxj0/YAEDRAB2eDQBekDoQZizktkWcYJAayzdAt
lUrufRYwKdImJnhfDOh0JSHaSmxkEXjMQuqljlMmo577
-----END CERTIFICATE-----