This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/b-KOOCgewsVhwidcvQfpRRWqU7I.roa
File:                     b-KOOCgewsVhwidcvQfpRRWqU7I.roa (raw, json)
Hash identifier:          X+AfcL5bK9mDooKI7JczwqJxSPkb+6057fPwNRB9rIo=
Subject key identifier:   6F:E2:8E:38:28:1E:C2:C5:61:C2:27:5C:BD:07:E9:45:15:AA:53:B2
Certificate issuer:       /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial:       019B7758DF22BECD7D56C30A406E0B01A9A5
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/b-KOOCgewsVhwidcvQfpRRWqU7I.roa
Signing time:             Thu 01 Jan 2026 02:17:51 +0000
ROA not before:           Thu 01 Jan 2026 02:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35024
IP address blocks:        185.55.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:df:22:be:cd:7d:56:c3:0a:40:6e:0b:01:a9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
        Validity
            Not Before: Jan  1 02:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fe28e38281ec2c561c2275cbd07e94515aa53b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:70:ac:2f:e3:81:29:a3:a4:b4:0f:0b:4e:
                    ac:a3:64:f1:bc:48:f2:a5:7c:9b:9e:a9:9c:d5:88:
                    09:ec:00:ad:a2:f4:38:4f:98:0e:8b:4f:33:3f:3e:
                    21:f6:7d:c1:ef:fc:50:87:54:30:1b:32:33:6c:47:
                    85:72:45:6d:bf:fe:0f:14:4f:95:52:dd:ff:69:f5:
                    5d:ec:9f:76:e5:1a:1b:5e:b8:3a:68:50:78:48:d7:
                    61:e5:a8:0a:47:14:d2:86:b7:e7:81:5b:dd:33:b9:
                    b8:1c:b3:02:85:00:58:53:6d:88:17:c1:67:60:ff:
                    ff:1c:3b:f3:56:7d:b1:52:5e:f4:13:9c:83:ec:9f:
                    e7:89:80:20:1c:46:e0:76:00:28:05:ae:0c:29:cd:
                    b2:fa:20:55:6f:bc:8c:ea:c0:ae:76:3b:8a:07:97:
                    da:ab:81:fe:55:9c:88:b9:9c:8e:c8:57:b2:8d:97:
                    62:30:df:01:66:f3:d6:fc:43:08:37:c3:5d:e4:6a:
                    da:56:0f:5a:f2:22:9c:f2:96:46:d3:95:2e:a5:a4:
                    ad:07:e6:46:76:29:b5:10:6d:27:71:14:af:45:ca:
                    33:75:24:a2:a6:98:9d:e0:3c:a1:1b:9b:81:2f:b0:
                    0b:b4:1d:9d:8b:93:ce:4d:69:92:7e:bd:42:3a:2b:
                    33:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E2:8E:38:28:1E:C2:C5:61:C2:27:5C:BD:07:E9:45:15:AA:53:B2
            X509v3 Authority Key Identifier:
                keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/b-KOOCgewsVhwidcvQfpRRWqU7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:1b:20:bc:20:43:79:1c:15:23:51:ae:b8:59:b6:13:35:ac:
         8e:28:97:b1:94:57:ca:02:11:e5:f3:d0:ff:16:ea:81:0a:67:
         71:57:1f:1d:33:34:30:8c:b7:11:1d:f9:69:55:44:56:72:cf:
         ff:62:7d:ea:f6:c2:6b:f6:cd:7e:e8:19:fa:31:14:0a:b5:98:
         e7:8b:3f:eb:39:24:0b:a6:ce:a4:9c:a0:96:1f:ca:26:bb:f7:
         36:f6:4d:68:47:c5:d3:f4:86:ef:73:3b:d7:a9:4c:78:45:8d:
         24:65:60:76:f0:3f:b6:b3:d5:09:9b:1b:cb:25:91:d8:81:08:
         92:3b:8a:e3:2f:1e:8e:4c:f8:26:ab:da:46:07:2d:d2:8a:ac:
         c6:40:24:f4:3e:c2:a6:36:08:73:6f:1b:96:14:d3:9f:2d:3b:
         7d:ea:64:e9:58:9c:76:27:f9:80:b2:61:22:45:1b:e6:24:ae:
         4b:3f:20:7e:66:b5:a2:da:85:f9:49:8b:c6:d2:d1:77:49:b9:
         3d:0b:e7:75:8f:71:62:1e:eb:73:fe:32:da:e3:32:69:80:de:
         5a:1d:59:49:a3:5a:8d:fc:be:5c:e1:ec:cb:35:99:f1:e0:63:
         14:74:ec:1f:e4:2b:8e:93:ef:86:e6:fb:b5:a9:d8:a1:dd:22:
         f5:b6:89:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WN8ivs19VsMKQG4LAamlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjYwMTAxMDIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmUyOGUzODI4MWVjMmM1NjFjMjI3NWNiZDA3ZTk0NTE1YWE1M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhRwrC/jgSmjpLQPC06so2TxvEjy
pXybnqmc1YgJ7ACtovQ4T5gOi08zPz4h9n3B7/xQh1QwGzIzbEeFckVtv/4PFE+V
Ut3/afVd7J925RobXrg6aFB4SNdh5agKRxTShrfngVvdM7m4HLMChQBYU22IF8Fn
YP//HDvzVn2xUl70E5yD7J/niYAgHEbgdgAoBa4MKc2y+iBVb7yM6sCudjuKB5fa
q4H+VZyIuZyOyFeyjZdiMN8BZvPW/EMIN8Nd5GraVg9a8iKc8pZG05UupaStB+ZG
dim1EG0ncRSvRcozdSSippid4DyhG5uBL7ALtB2di5POTWmSfr1COiszrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/ijjgoHsLFYcInXL0H6UUVqlOyMB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvYi1LT09DZ2V3c1Zod2lkY3ZRZnBSUldxVTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTfxMA0G
CSqGSIb3DQEBCwUAA4IBAQCmGyC8IEN5HBUjUa64WbYTNayOKJexlFfKAhHl89D/
FuqBCmdxVx8dMzQwjLcRHflpVURWcs//Yn3q9sJr9s1+6Bn6MRQKtZjniz/rOSQL
ps6knKCWH8omu/c29k1oR8XT9IbvczvXqUx4RY0kZWB28D+2s9UJmxvLJZHYgQiS
O4rjLx6OTPgmq9pGBy3SiqzGQCT0PsKmNghzbxuWFNOfLTt96mTpWJx2J/mAsmEi
RRvmJK5LPyB+ZrWi2oX5SYvG0tF3Sbk9C+d1j3FiHutz/jLa4zJpgN5aHVlJo1qN
/L5c4ezLNZnx4GMUdOwf5CuOk++G5vu1qdih3SL1tomd
-----END CERTIFICATE-----