This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/43mZhZr44AIFJcFlEmjkEL_Qzjo.roa
File:                     43mZhZr44AIFJcFlEmjkEL_Qzjo.roa (raw, json)
Hash identifier:          GwcZdDMV/aXs2RqaKWm3srdiDr2ZSWOLhYiN6xh8X/w=
Subject key identifier:   E3:79:99:85:9A:F8:E0:02:05:25:C1:65:12:68:E4:10:BF:D0:CE:3A
Certificate issuer:       /CN=36e7cfdd129193e219c370121ca16250e429b58b
Certificate serial:       019B7D5C623FD6F98750F353C684F330EC6C
Authority key identifier: 36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/43mZhZr44AIFJcFlEmjkEL_Qzjo.roa
Signing time:             Fri 02 Jan 2026 06:19:24 +0000
ROA not before:           Fri 02 Jan 2026 06:19:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        185.206.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:62:3f:d6:f9:87:50:f3:53:c6:84:f3:30:ec:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e7cfdd129193e219c370121ca16250e429b58b
        Validity
            Not Before: Jan  2 06:19:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e37999859af8e0020525c1651268e410bfd0ce3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:19:20:dc:7f:bd:f5:42:27:31:1f:2d:31:27:
                    db:a3:aa:ad:4d:9c:cd:54:74:35:f4:cf:a5:a5:7d:
                    2a:c2:61:f3:55:79:f9:51:60:b5:a3:51:94:b4:b1:
                    52:78:e3:4c:17:dc:5e:08:0d:39:e0:b5:0a:6a:31:
                    d4:7e:aa:02:18:48:3e:cc:9c:8b:ee:f1:b8:92:5c:
                    b0:aa:ab:f9:cd:1b:db:25:f7:24:0d:49:3a:40:21:
                    76:2c:5e:a9:89:5f:2e:1a:bc:be:63:b6:18:a7:74:
                    4f:a5:8a:b3:90:85:a2:61:95:e8:bf:53:f2:cc:94:
                    d4:3a:4d:30:96:23:96:32:f0:ce:17:10:42:91:a6:
                    0d:a2:21:a8:be:ed:be:51:0f:fe:1a:9e:76:b1:ee:
                    fa:0f:fa:f9:b4:46:d5:53:81:7e:c3:25:fa:ac:ea:
                    37:c2:9c:62:1f:ba:24:e3:84:fa:76:c2:07:e0:c6:
                    b0:e9:00:04:ba:37:99:cf:16:4a:8d:b8:1f:fa:cc:
                    5e:71:04:94:95:e6:59:3f:63:7b:e5:db:da:50:82:
                    63:14:32:9f:9c:d0:98:3c:a9:f8:55:28:74:e7:23:
                    a4:28:16:64:ad:d0:ac:61:f2:e2:4a:da:e2:d9:02:
                    3e:38:ac:e1:ad:b4:4d:0e:b7:0c:73:b1:4f:44:49:
                    37:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:79:99:85:9A:F8:E0:02:05:25:C1:65:12:68:E4:10:BF:D0:CE:3A
            X509v3 Authority Key Identifier:
                keyid:36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/43mZhZr44AIFJcFlEmjkEL_Qzjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:4b:2f:f7:a2:4b:97:93:a1:b3:43:f6:68:16:10:97:15:b7:
         b5:fd:34:67:dc:bc:08:57:21:37:94:d2:a4:6e:a1:33:49:ae:
         eb:b2:73:46:37:48:74:74:e6:16:5a:73:d9:45:92:5e:1d:39:
         96:8f:c9:81:b4:69:60:47:70:9a:f5:9b:7a:61:8c:9f:d6:34:
         7a:3d:9f:52:67:3a:51:be:b3:6e:d1:8b:38:17:9d:74:4f:b4:
         35:de:86:92:c8:43:8b:f1:f3:36:2c:c5:bc:8f:6d:47:96:5e:
         ae:24:c5:a4:9e:99:e7:ef:e9:32:d4:fc:c0:be:6b:fb:dd:3c:
         df:3a:62:78:f3:cf:c9:a6:85:f3:1b:36:35:10:68:e5:b0:5a:
         31:ef:f0:b7:7c:12:f8:1e:f7:a9:2b:9d:76:29:32:cd:53:88:
         1d:db:e0:6f:9f:dd:f9:03:b0:65:bb:90:39:01:cd:88:e3:80:
         fc:64:7b:a7:36:f7:e7:a3:2c:a0:77:eb:f5:23:a1:37:da:4f:
         2f:80:95:13:13:99:af:31:be:7e:1a:85:1f:68:35:ae:31:c5:
         ec:73:fe:5a:e6:4a:2d:a4:c0:5c:54:5a:a3:70:d6:21:a6:b8:
         d5:50:3d:d1:7d:ce:e8:bb:73:3e:3a:24:d4:27:41:93:3a:7d:
         75:90:33:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XGI/1vmHUPNTxoTzMOxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTdjZmRkMTI5MTkzZTIxOWMzNzAxMjFjYTE2MjUwZTQy
OWI1OGIwHhcNMjYwMTAyMDYxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc5OTk4NTlhZjhlMDAyMDUyNWMxNjUxMjY4ZTQxMGJmZDBjZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hkg3H+99UInMR8tMSfbo6qtTZzN
VHQ19M+lpX0qwmHzVXn5UWC1o1GUtLFSeONMF9xeCA054LUKajHUfqoCGEg+zJyL
7vG4klywqqv5zRvbJfckDUk6QCF2LF6piV8uGry+Y7YYp3RPpYqzkIWiYZXov1Py
zJTUOk0wliOWMvDOFxBCkaYNoiGovu2+UQ/+Gp52se76D/r5tEbVU4F+wyX6rOo3
wpxiH7ok44T6dsIH4Maw6QAEujeZzxZKjbgf+sxecQSUleZZP2N75dvaUIJjFDKf
nNCYPKn4VSh05yOkKBZkrdCsYfLiStri2QI+OKzhrbRNDrcMc7FPREk37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON5mYWa+OACBSXBZRJo5BC/0M46MB8GA1UdIwQY
MBaAFDbnz90SkZPiGcNwEhyhYlDkKbWLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWIt
ZGQxN2JmZDY3Y2QzLzEvNDNtWmhacjQ0QUlGSmNGbEVtamtFTF9RempvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWItZGQxN2JmZDY3Y2Qz
LzEvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7kMA0G
CSqGSIb3DQEBCwUAA4IBAQBQSy/3okuXk6GzQ/ZoFhCXFbe1/TRn3LwIVyE3lNKk
bqEzSa7rsnNGN0h0dOYWWnPZRZJeHTmWj8mBtGlgR3Ca9Zt6YYyf1jR6PZ9SZzpR
vrNu0Ys4F510T7Q13oaSyEOL8fM2LMW8j21Hll6uJMWknpnn7+ky1PzAvmv73Tzf
OmJ488/JpoXzGzY1EGjlsFox7/C3fBL4HvepK512KTLNU4gd2+Bvn935A7Blu5A5
Ac2I44D8ZHunNvfnoyygd+v1I6E32k8vgJUTE5mvMb5+GoUfaDWuMcXsc/5a5kot
pMBcVFqjcNYhprjVUD3Rfc7ou3M+OiTUJ0GTOn11kDMV
-----END CERTIFICATE-----