This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/D1heTXn7CKy5zLZ_HwZK9LTU77c.roa
File:                     D1heTXn7CKy5zLZ_HwZK9LTU77c.roa (raw, json)
Hash identifier:          8+cYEf9ivILDKmKrQsHq9USPOFeHqeF4AHnuJu39UqI=
Subject key identifier:   0F:58:5E:4D:79:FB:08:AC:B9:CC:B6:7F:1F:06:4A:F4:B4:D4:EF:B7
Certificate issuer:       /CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
Certificate serial:       019B7910224F5A1932007D5BCBF3D57C72DE
Authority key identifier: 99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/D1heTXn7CKy5zLZ_HwZK9LTU77c.roa
Signing time:             Thu 01 Jan 2026 10:17:39 +0000
ROA not before:           Thu 01 Jan 2026 10:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16322
IP address blocks:        185.178.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:22:4f:5a:19:32:00:7d:5b:cb:f3:d5:7c:72:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
        Validity
            Not Before: Jan  1 10:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f585e4d79fb08acb9ccb67f1f064af4b4d4efb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:08:45:10:99:e6:db:77:71:10:27:9f:d1:a0:
                    fa:93:20:80:d2:10:03:e6:ad:76:21:82:f8:4d:81:
                    1a:8f:0b:a2:31:cf:03:d2:cc:f9:3d:4e:23:b0:a0:
                    1e:d4:e4:5b:36:a5:79:eb:bf:a7:29:33:55:83:4b:
                    f8:25:a9:46:ba:92:56:f4:61:6a:06:5f:83:70:a9:
                    ce:8d:be:79:4b:3e:86:ee:a2:c6:5f:96:51:24:ec:
                    eb:c0:56:6c:f9:6e:41:7f:4d:ac:e8:94:bd:23:b5:
                    7c:0f:cc:ee:58:48:fe:b0:bc:02:f5:bb:9d:10:1e:
                    53:20:2f:c5:ae:cf:c0:34:af:2e:d9:20:21:90:3e:
                    6e:5b:1a:3d:02:79:de:32:65:2f:bd:d7:91:51:1f:
                    b5:b9:bd:0d:1d:e6:48:e5:25:94:7b:48:b3:04:c3:
                    9c:d5:d8:19:78:9e:26:8e:26:43:c7:48:b8:70:18:
                    4d:36:54:59:b7:0e:43:fe:b5:25:9f:f5:ce:ca:68:
                    4e:69:b5:2b:46:73:1c:11:54:bd:58:82:90:0e:81:
                    22:2e:8f:6a:8d:a9:69:e0:09:8d:29:13:bd:69:01:
                    15:df:2a:63:83:22:49:bf:bf:40:ed:cc:94:3a:a8:
                    9f:ed:5c:2e:9d:84:be:9c:bf:ca:c5:08:a1:a4:85:
                    d5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:58:5E:4D:79:FB:08:AC:B9:CC:B6:7F:1F:06:4A:F4:B4:D4:EF:B7
            X509v3 Authority Key Identifier:
                keyid:99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/D1heTXn7CKy5zLZ_HwZK9LTU77c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:53:d0:82:60:63:17:28:9f:c3:6d:08:e7:ba:01:f3:2e:90:
         bf:33:e4:72:4f:69:48:14:2e:0e:60:b3:d2:f2:3d:a0:d5:ce:
         d3:9d:46:9c:5f:68:e7:1e:65:30:73:ea:80:67:cc:bf:10:90:
         71:f4:d7:5b:31:33:91:ef:9e:24:9e:08:e6:d7:fa:19:79:ed:
         6f:5f:69:35:3f:fb:64:fe:f0:53:0d:56:fd:d9:91:3e:6d:a8:
         97:cb:2b:1e:3c:8e:aa:34:d8:04:61:6e:6a:0f:e5:9d:60:2a:
         f1:7f:14:f8:d7:48:78:cb:e0:d2:4e:61:cd:aa:a0:b1:0e:e0:
         2c:7a:e9:50:7f:b1:4c:dd:21:aa:83:d1:90:82:d0:87:51:6b:
         74:a4:c7:04:7c:ab:80:5d:55:92:65:ce:60:db:dc:03:51:6e:
         4b:28:76:dc:0a:64:c0:36:91:6b:27:03:bf:50:b1:ce:c6:94:
         c1:57:1c:4e:dc:0f:54:99:53:63:98:72:42:a6:3e:94:b1:01:
         3c:8b:73:01:65:89:c2:10:df:18:ea:6b:79:10:f3:7f:69:4f:
         ee:89:be:fe:e7:32:d8:cd:20:e5:93:c0:f4:06:0f:75:f3:6b:
         3d:98:17:12:66:92:0e:88:d7:06:a3:71:b1:02:5b:c5:d6:01:
         2c:1e:d2:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECJPWhkyAH1by/PVfHLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTdmNzc3ZTcxYWMzNDEyMmVkYjM1ZWRkNjBjZjE0ZDc1
YjllZjYwHhcNMjYwMTAxMTAxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU4NWU0ZDc5ZmIwOGFjYjljY2I2N2YxZjA2NGFmNGI0ZDRlZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsghFEJnm23dxECef0aD6kyCA0hAD
5q12IYL4TYEajwuiMc8D0sz5PU4jsKAe1ORbNqV567+nKTNVg0v4JalGupJW9GFq
Bl+DcKnOjb55Sz6G7qLGX5ZRJOzrwFZs+W5Bf02s6JS9I7V8D8zuWEj+sLwC9bud
EB5TIC/Frs/ANK8u2SAhkD5uWxo9AnneMmUvvdeRUR+1ub0NHeZI5SWUe0izBMOc
1dgZeJ4mjiZDx0i4cBhNNlRZtw5D/rUln/XOymhOabUrRnMcEVS9WIKQDoEiLo9q
jalp4AmNKRO9aQEV3ypjgyJJv79A7cyUOqif7VwunYS+nL/KxQihpIXV+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9YXk15+wisucy2fx8GSvS01O+3MB8GA1UdIwQY
MBaAFJkX93fnGsNBIu2zXt1gzxTXW572MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTkt
YTg4ZjU3NDE1MmI2LzEvRDFoZVRYbjdDS3k1ekxaX0h3Wks5TFRVNzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTktYTg4ZjU3NDE1MmI2
LzEvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubJpMA0G
CSqGSIb3DQEBCwUAA4IBAQAWU9CCYGMXKJ/DbQjnugHzLpC/M+RyT2lIFC4OYLPS
8j2g1c7TnUacX2jnHmUwc+qAZ8y/EJBx9NdbMTOR754kngjm1/oZee1vX2k1P/tk
/vBTDVb92ZE+baiXyysePI6qNNgEYW5qD+WdYCrxfxT410h4y+DSTmHNqqCxDuAs
eulQf7FM3SGqg9GQgtCHUWt0pMcEfKuAXVWSZc5g29wDUW5LKHbcCmTANpFrJwO/
ULHOxpTBVxxO3A9UmVNjmHJCpj6UsQE8i3MBZYnCEN8Y6mt5EPN/aU/uib7+5zLY
zSDlk8D0Bg9182s9mBcSZpIOiNcGo3GxAlvF1gEsHtKM
-----END CERTIFICATE-----