This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lI-SGy6V9gbYheStfoup00TtjDg.roa
File:                     lI-SGy6V9gbYheStfoup00TtjDg.roa (raw, json)
Hash identifier:          j9/ph3cCY16/8Ag7j6nb1Eljp7GEHMNtLj6G3JeZuhg=
Subject key identifier:   94:8F:92:1B:2E:95:F6:06:D8:85:E4:AD:7E:8B:A9:D3:44:ED:8C:38
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       019B7E3890525FF4288F7963911269A79667
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lI-SGy6V9gbYheStfoup00TtjDg.roa
Signing time:             Fri 02 Jan 2026 10:19:54 +0000
ROA not before:           Fri 02 Jan 2026 10:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51500
IP address blocks:        185.17.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:90:52:5f:f4:28:8f:79:63:91:12:69:a7:96:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Jan  2 10:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=948f921b2e95f606d885e4ad7e8ba9d344ed8c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:78:d9:12:e8:69:c9:ff:d6:f7:ec:7b:51:ca:
                    21:ac:3e:01:90:ad:20:f0:d6:45:fd:34:d8:40:06:
                    eb:77:ed:82:12:b8:86:2f:84:a2:63:18:b0:1a:55:
                    04:87:d5:16:0c:5a:df:a9:67:ac:d8:11:4c:7b:8d:
                    71:4f:98:5c:fc:f3:c0:4d:fa:8d:56:98:44:41:51:
                    42:5a:34:63:81:a0:c6:c4:a1:cc:79:e3:21:ef:fb:
                    9a:1d:3d:0d:ef:fe:ae:93:e5:15:f7:68:42:77:05:
                    29:4a:a7:e8:33:7d:87:9e:8c:71:49:2d:c8:40:63:
                    d9:b4:97:84:68:4b:73:9e:1a:60:fc:3d:72:ef:b2:
                    1a:60:87:a1:70:b6:3e:ea:b2:1f:70:91:56:9f:5e:
                    66:03:64:e9:d3:54:c2:8f:4b:d2:07:30:8f:a9:d5:
                    31:28:7b:ff:93:be:96:6f:8e:16:dd:ab:ff:24:06:
                    58:5a:61:bd:8e:0a:f4:4f:f7:8b:05:fc:a5:c2:f4:
                    d1:12:7c:e6:91:ed:6e:12:7c:80:1c:6b:8e:16:ac:
                    13:c8:a0:44:71:04:04:ba:c7:d7:73:63:f9:fc:ef:
                    07:3e:26:7b:f6:f5:a2:0a:94:19:44:02:db:44:e8:
                    d1:84:98:58:4e:80:c4:47:ef:a5:7e:38:dc:30:1b:
                    4f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:8F:92:1B:2E:95:F6:06:D8:85:E4:AD:7E:8B:A9:D3:44:ED:8C:38
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/lI-SGy6V9gbYheStfoup00TtjDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:df:73:f6:35:c9:c8:a9:82:6e:f5:11:70:ef:c0:c1:33:db:
         39:59:95:cc:7b:42:9a:73:74:57:2b:61:3d:0e:8f:3c:71:e2:
         71:81:8b:6f:14:f5:17:10:63:49:8b:6c:4f:09:28:e2:5d:73:
         53:07:bc:f6:7c:55:e2:a5:64:b6:7d:13:c2:1a:99:40:1f:21:
         a0:ff:5c:5b:a1:cc:19:75:01:0c:b0:53:d0:53:50:2e:64:44:
         96:b8:9b:a3:93:39:5e:6b:cf:7a:35:67:53:5c:e1:0f:ca:f3:
         f6:a3:24:bd:ec:80:c5:d0:50:be:96:f8:b8:86:6e:9c:11:19:
         db:b8:d3:3e:21:16:b6:5d:ab:1b:57:f7:d7:d2:3a:f9:c1:16:
         0e:52:a6:81:86:2c:15:a1:ea:3a:38:de:6e:bf:88:01:72:11:
         a7:18:55:6a:e2:5c:cb:fb:02:ba:0b:82:b6:27:1b:12:cf:d6:
         35:83:a9:70:09:9b:09:e8:50:c5:e1:d8:13:41:2d:21:6d:bc:
         87:4f:1c:85:33:62:b2:f0:5b:eb:08:04:db:f5:ce:25:6c:17:
         ce:e9:0c:5e:4b:ac:4a:1b:2d:e0:21:ef:3c:74:9e:ac:75:ec:
         45:5e:a4:00:58:85:e7:68:56:b2:c4:7f:cf:67:f4:65:72:a5:
         4a:70:49:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJBSX/Qoj3ljkRJpp5ZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjYwMTAyMTAxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDhmOTIxYjJlOTVmNjA2ZDg4NWU0YWQ3ZThiYTlkMzQ0ZWQ4YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3jZEuhpyf/W9+x7UcohrD4BkK0g
8NZF/TTYQAbrd+2CEriGL4SiYxiwGlUEh9UWDFrfqWes2BFMe41xT5hc/PPATfqN
VphEQVFCWjRjgaDGxKHMeeMh7/uaHT0N7/6uk+UV92hCdwUpSqfoM32HnoxxSS3I
QGPZtJeEaEtznhpg/D1y77IaYIehcLY+6rIfcJFWn15mA2Tp01TCj0vSBzCPqdUx
KHv/k76Wb44W3av/JAZYWmG9jgr0T/eLBfylwvTREnzmke1uEnyAHGuOFqwTyKBE
cQQEusfXc2P5/O8HPiZ79vWiCpQZRALbROjRhJhYToDER++lfjjcMBtPTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSPkhsulfYG2IXkrX6LqdNE7Yw4MB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvbEktU0d5NlY5Z2JZaGVTdGZvdXAwMFR0akRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRF/MA0G
CSqGSIb3DQEBCwUAA4IBAQCO33P2NcnIqYJu9RFw78DBM9s5WZXMe0Kac3RXK2E9
Do88ceJxgYtvFPUXEGNJi2xPCSjiXXNTB7z2fFXipWS2fRPCGplAHyGg/1xbocwZ
dQEMsFPQU1AuZESWuJujkzlea896NWdTXOEPyvP2oyS97IDF0FC+lvi4hm6cERnb
uNM+IRa2XasbV/fX0jr5wRYOUqaBhiwVoeo6ON5uv4gBchGnGFVq4lzL+wK6C4K2
JxsSz9Y1g6lwCZsJ6FDF4dgTQS0hbbyHTxyFM2Ky8FvrCATb9c4lbBfO6QxeS6xK
Gy3gIe88dJ6sdexFXqQAWIXnaFayxH/PZ/RlcqVKcElX
-----END CERTIFICATE-----