This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RIybT-9Q7ykMcsmI8__tQNJ1Krw.roa
File:                     RIybT-9Q7ykMcsmI8__tQNJ1Krw.roa (raw, json)
Hash identifier:          ZTRWR+1VPyurjHfaEG5V25WSjaqnqZnDP7VMI14y5V0=
Subject key identifier:   44:8C:9B:4F:EF:50:EF:29:0C:72:C9:88:F3:FF:ED:40:D2:75:2A:BC
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019B791006F980C7DB1E3FFF897D305A8965
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RIybT-9Q7ykMcsmI8__tQNJ1Krw.roa
Signing time:             Thu 01 Jan 2026 10:17:32 +0000
ROA not before:           Thu 01 Jan 2026 10:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210797
IP address blocks:        185.57.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:06:f9:80:c7:db:1e:3f:ff:89:7d:30:5a:89:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 10:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=448c9b4fef50ef290c72c988f3ffed40d2752abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5c:bd:ff:93:af:a2:91:49:ef:3b:08:3f:9d:
                    b1:2c:77:b8:e8:08:5e:75:37:02:f6:e2:43:4e:90:
                    55:ba:81:2c:48:43:fe:2e:27:65:19:77:4a:16:81:
                    42:7b:bd:1a:2d:ee:f5:cb:29:06:2e:8f:ff:d1:bf:
                    c3:d9:be:b5:ab:d4:07:7a:94:cf:a0:0d:39:a8:4f:
                    06:37:13:0f:87:54:78:c2:90:10:4c:d2:4f:da:42:
                    65:b3:e8:01:40:79:1e:88:3a:97:ed:4b:c3:5a:52:
                    9f:6d:12:9f:0b:ab:a8:a8:33:f2:27:b3:f7:e4:a2:
                    26:b5:4e:64:cd:d7:9b:3d:72:ea:39:19:6e:a1:9f:
                    83:73:39:8f:95:3a:f4:94:58:d8:4a:6f:20:39:29:
                    09:28:85:ed:b7:03:b4:ce:64:04:92:4b:dd:c2:94:
                    5e:a7:41:f2:f1:1f:58:17:16:4e:fb:6d:90:84:f2:
                    d7:63:a2:b3:4d:ac:7b:e3:c3:29:c9:34:4c:6d:93:
                    ba:1b:f7:2d:f6:4a:56:56:94:2d:3f:eb:1a:9c:2a:
                    98:ba:46:b1:4c:39:60:05:a4:49:9c:48:1c:ce:0a:
                    d7:ef:e8:01:8e:19:9a:4b:82:6d:7b:b9:38:43:d1:
                    90:dd:91:b0:5d:0b:bc:ec:0c:43:ce:54:9b:b2:43:
                    1f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8C:9B:4F:EF:50:EF:29:0C:72:C9:88:F3:FF:ED:40:D2:75:2A:BC
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RIybT-9Q7ykMcsmI8__tQNJ1Krw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:a4:ee:17:a7:ea:92:7e:0f:3f:ae:08:08:b5:5a:30:7c:fb:
         68:1f:f6:31:ba:7d:06:d7:ae:10:e4:de:e3:0f:9c:be:ab:13:
         29:7c:da:e7:5c:26:05:53:60:fe:36:0e:ef:2d:75:af:42:98:
         e9:e3:c4:b2:3b:62:18:01:04:21:bf:4a:61:db:09:b6:62:83:
         31:85:3f:b7:42:e3:7a:24:0a:60:e9:5e:f8:fa:e5:bc:01:cc:
         34:57:49:42:92:f4:8e:23:f8:bc:27:d0:d6:f0:44:ed:f1:89:
         7b:8a:9c:23:99:25:4f:27:77:24:63:dc:f6:69:94:45:ea:4d:
         4f:36:80:48:4e:06:1b:16:4b:e0:3f:6c:26:f3:e2:76:dd:1d:
         98:4a:3e:e6:c8:9d:f9:98:d4:a4:be:47:38:7e:32:1e:43:49:
         b9:b3:07:9b:f9:5c:bc:ed:a7:16:f1:e3:4a:5a:d0:03:e6:ea:
         fc:c8:1c:8b:5c:80:63:be:4c:11:2e:40:3d:99:72:c2:a7:56:
         6d:aa:e0:48:9c:dc:39:75:64:66:40:4d:5d:c8:5f:9b:39:90:
         1a:f8:6f:69:a5:61:cc:7d:ab:ac:5b:1f:53:46:c2:da:cd:2c:
         cc:76:9a:2a:72:a1:60:63:4e:c9:98:5a:d4:43:4a:b8:e2:83:
         61:bc:fb:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EAb5gMfbHj//iX0wWollMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwMTAxMTAxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhjOWI0ZmVmNTBlZjI5MGM3MmM5ODhmM2ZmZWQ0MGQyNzUyYWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFy9/5OvopFJ7zsIP52xLHe46Ahe
dTcC9uJDTpBVuoEsSEP+LidlGXdKFoFCe70aLe71yykGLo//0b/D2b61q9QHepTP
oA05qE8GNxMPh1R4wpAQTNJP2kJls+gBQHkeiDqX7UvDWlKfbRKfC6uoqDPyJ7P3
5KImtU5kzdebPXLqORluoZ+DczmPlTr0lFjYSm8gOSkJKIXttwO0zmQEkkvdwpRe
p0Hy8R9YFxZO+22QhPLXY6KzTax748MpyTRMbZO6G/ct9kpWVpQtP+sanCqYukax
TDlgBaRJnEgczgrX7+gBjhmaS4Jte7k4Q9GQ3ZGwXQu87AxDzlSbskMfCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESMm0/vUO8pDHLJiPP/7UDSdSq8MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvUkl5YlQtOVE3eWtNY3NtSThfX3RRTkoxS3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTnmMA0G
CSqGSIb3DQEBCwUAA4IBAQAZpO4Xp+qSfg8/rggItVowfPtoH/Yxun0G164Q5N7j
D5y+qxMpfNrnXCYFU2D+Ng7vLXWvQpjp48SyO2IYAQQhv0ph2wm2YoMxhT+3QuN6
JApg6V74+uW8Acw0V0lCkvSOI/i8J9DW8ETt8Yl7ipwjmSVPJ3ckY9z2aZRF6k1P
NoBITgYbFkvgP2wm8+J23R2YSj7myJ35mNSkvkc4fjIeQ0m5sweb+Vy87acW8eNK
WtAD5ur8yByLXIBjvkwRLkA9mXLCp1ZtquBInNw5dWRmQE1dyF+bOZAa+G9ppWHM
fausWx9TRsLazSzMdpoqcqFgY07JmFrUQ0q44oNhvPuO
-----END CERTIFICATE-----