This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/1-BDF7EdL9hLHZ4qCs6jAWm3n8G8.roa
File:                     1-BDF7EdL9hLHZ4qCs6jAWm3n8G8.roa (raw, json)
Hash identifier:          3HI3L0u1gTr2C+yxlBAEamd5L6jvpyumi2g5XXRKy/k=
Subject key identifier:   F8:10:C5:EC:47:4B:F6:12:C7:67:8A:82:B3:A8:C0:5A:6D:E7:F0:6F
Certificate issuer:       /CN=ea2f671f10834dae48ea8d987342c375cab3316d
Certificate serial:       019B78A32309318C1277B7ECF440A786E6CF
Authority key identifier: EA:2F:67:1F:10:83:4D:AE:48:EA:8D:98:73:42:C3:75:CA:B3:31:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/1-BDF7EdL9hLHZ4qCs6jAWm3n8G8.roa
Signing time:             Thu 01 Jan 2026 08:18:35 +0000
ROA not before:           Thu 01 Jan 2026 08:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216054
IP address blocks:        185.235.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:23:09:31:8c:12:77:b7:ec:f4:40:a7:86:e6:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2f671f10834dae48ea8d987342c375cab3316d
        Validity
            Not Before: Jan  1 08:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f810c5ec474bf612c7678a82b3a8c05a6de7f06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c6:35:1d:bb:3e:2d:41:a1:43:68:f2:78:7a:
                    21:b7:c4:eb:52:91:41:b9:e1:ed:9b:07:80:78:b5:
                    1e:7f:da:40:19:d8:0d:7c:56:c2:bd:03:b1:81:96:
                    ca:2a:42:bb:b1:23:ea:7b:8e:08:9f:b5:ec:1c:62:
                    d0:c1:de:bf:c7:e5:e5:2d:4e:d3:5f:ba:be:6e:4a:
                    c1:e3:20:df:c0:0e:7a:85:8c:66:cd:36:ab:2f:d0:
                    22:5f:a3:0a:73:2b:9f:87:f6:aa:b7:06:45:cb:97:
                    2f:c7:cc:af:5b:bc:8c:1f:18:02:2a:61:9d:dc:d4:
                    58:47:c2:3c:98:27:68:c9:02:be:54:1f:dc:70:a7:
                    20:2e:4f:e0:bc:05:08:c1:a4:df:1c:34:85:59:66:
                    08:0f:25:fe:4e:88:75:cc:28:4c:a1:33:50:2a:ad:
                    ef:89:61:a2:7e:60:e7:4c:f7:cc:0e:f1:1f:6c:31:
                    44:02:67:6f:95:be:09:d8:d0:ae:d8:59:a8:f4:2c:
                    97:0a:8e:44:e0:3f:3d:44:dc:08:b0:d8:b5:92:b4:
                    fe:ee:5f:af:ce:db:f9:94:93:98:66:39:74:42:46:
                    bc:48:09:4e:09:43:26:3a:b8:9d:f2:9f:d5:6f:71:
                    31:c7:44:7d:5e:5e:cd:be:fc:97:18:33:b7:a9:9d:
                    2f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:10:C5:EC:47:4B:F6:12:C7:67:8A:82:B3:A8:C0:5A:6D:E7:F0:6F
            X509v3 Authority Key Identifier:
                keyid:EA:2F:67:1F:10:83:4D:AE:48:EA:8D:98:73:42:C3:75:CA:B3:31:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/1-BDF7EdL9hLHZ4qCs6jAWm3n8G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:14:9f:77:9b:fc:83:88:2e:b1:28:25:73:20:23:50:89:05:
         a8:d6:2f:1a:84:37:b3:1f:60:4f:b9:a7:ef:7d:43:64:34:3c:
         0b:10:d8:19:89:09:2a:0b:b4:ec:84:18:1f:c1:75:0a:dd:71:
         6e:7a:83:e6:97:5f:d5:24:b5:16:1b:ba:bd:67:2c:3e:a4:52:
         79:e3:46:ef:65:ab:0b:5a:58:4a:43:2c:0c:d2:cc:cf:77:a4:
         cb:bf:cc:e9:26:f8:a4:7c:7b:8b:dd:6f:90:60:42:f6:39:f6:
         4b:ed:47:d2:90:ee:4f:be:9b:e4:89:de:ba:4a:de:e3:47:6e:
         fc:af:4e:ab:3a:f2:dd:89:24:7f:b1:80:8e:ed:14:02:9d:35:
         32:02:09:4b:34:8e:ed:05:cc:e1:6d:0e:a2:b9:12:d1:69:ea:
         cb:86:72:b9:12:24:22:a1:8a:ed:d0:cd:e3:b4:ee:08:09:ee:
         4e:e0:d5:bc:4b:6b:a3:b5:08:a5:7b:30:45:d5:67:18:80:74:
         e4:7f:05:bc:61:d8:4c:27:1c:cd:67:ea:49:b8:0b:22:65:8d:
         e9:14:64:e9:5b:39:97:76:a9:15:88:d6:53:13:23:11:a6:e6:
         f9:50:07:1a:61:70:56:35:97:a4:5f:03:dc:13:21:c0:8e:c9:
         7f:d0:61:e7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4oyMJMYwSd7fs9ECnhubPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmY2NzFmMTA4MzRkYWU0OGVhOGQ5ODczNDJjMzc1Y2Fi
MzMxNmQwHhcNMjYwMTAxMDgxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODEwYzVlYzQ3NGJmNjEyYzc2NzhhODJiM2E4YzA1YTZkZTdmMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cY1Hbs+LUGhQ2jyeHoht8TrUpFB
ueHtmweAeLUef9pAGdgNfFbCvQOxgZbKKkK7sSPqe44In7XsHGLQwd6/x+XlLU7T
X7q+bkrB4yDfwA56hYxmzTarL9AiX6MKcyufh/aqtwZFy5cvx8yvW7yMHxgCKmGd
3NRYR8I8mCdoyQK+VB/ccKcgLk/gvAUIwaTfHDSFWWYIDyX+Toh1zChMoTNQKq3v
iWGifmDnTPfMDvEfbDFEAmdvlb4J2NCu2Fmo9CyXCo5E4D89RNwIsNi1krT+7l+v
ztv5lJOYZjl0Qka8SAlOCUMmOrid8p/Vb3Exx0R9Xl7NvvyXGDO3qZ0v/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgQxexHS/YSx2eKgrOowFpt5/BvMB8GA1UdIwQY
MBaAFOovZx8Qg02uSOqNmHNCw3XKszFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmk5bkh4Q0RUYTVJNm8yWWMwTERkY3F6TVcwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xMGJhNzMtYWViYy00NzcxLWEzYWMt
MWM0MjBmMDU1NzlmLzEvMS1CREY3RWRMOWhMSFo0cUNzNmpBV20zbjhHOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjEvMTBiYTczLWFlYmMtNDc3MS1hM2FjLTFjNDIwZjA1NTc5
Zi8xLzZpOW5IeENEVGE1STZvMlljMExEZGNxek1XMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnrxTAN
BgkqhkiG9w0BAQsFAAOCAQEAGhSfd5v8g4gusSglcyAjUIkFqNYvGoQ3sx9gT7mn
731DZDQ8CxDYGYkJKgu07IQYH8F1Ct1xbnqD5pdf1SS1Fhu6vWcsPqRSeeNG72Wr
C1pYSkMsDNLMz3eky7/M6Sb4pHx7i91vkGBC9jn2S+1H0pDuT76b5Ineukre40du
/K9Oqzry3Ykkf7GAju0UAp01MgIJSzSO7QXM4W0OorkS0Wnqy4ZyuRIkIqGK7dDN
47TuCAnuTuDVvEtro7UIpXswRdVnGIB05H8FvGHYTCcczWfqSbgLImWN6RRk6Vs5
l3apFYjWUxMjEabm+VAHGmFwVjWXpF8D3BMhwI7Jf9Bh5w==
-----END CERTIFICATE-----