This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Ko8NpcLG_AogYj3Bc2k5Nz4ZyyY.roa
File:                     Ko8NpcLG_AogYj3Bc2k5Nz4ZyyY.roa (raw, json)
Hash identifier:          lf7aD0SYGRXlZhSRDl+oj2HhMH2HQGI1V2RHXtUwGww=
Subject key identifier:   2A:8F:0D:A5:C2:C6:FC:0A:20:62:3D:C1:73:69:39:37:3E:19:CB:26
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019B7B36C3939856852706E5DF9F0AFA2467
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Ko8NpcLG_AogYj3Bc2k5Nz4ZyyY.roa
Signing time:             Thu 01 Jan 2026 20:19:05 +0000
ROA not before:           Thu 01 Jan 2026 20:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212669
IP address blocks:        185.199.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:c3:93:98:56:85:27:06:e5:df:9f:0a:fa:24:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 20:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a8f0da5c2c6fc0a20623dc1736939373e19cb26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8b:b6:31:41:91:be:25:7f:b7:d7:31:5c:12:
                    eb:25:88:cc:61:de:9c:c9:c4:df:40:d8:09:47:5d:
                    c7:4d:94:f3:48:e3:82:9e:6a:a3:31:f8:31:b6:33:
                    24:93:0e:da:3a:bd:03:9e:c7:42:10:29:86:ef:90:
                    da:ba:5c:bc:18:5b:8f:f5:be:02:1c:a9:d5:d7:04:
                    76:9e:0e:50:25:61:35:80:37:eb:b5:a9:0e:47:c2:
                    18:6a:91:13:cb:5b:98:0d:05:be:54:a3:12:8a:0e:
                    5f:b0:c0:72:06:53:e9:b2:0b:33:17:23:f0:bb:eb:
                    e8:26:fd:9d:ef:1b:c0:df:ae:03:a7:3a:50:29:2c:
                    5c:aa:83:4a:a8:1f:aa:71:d6:77:af:b0:94:71:8a:
                    29:a2:a7:ce:fb:1c:83:0b:a1:fe:70:ad:f5:97:46:
                    36:bc:f4:0d:d6:b5:07:2e:37:82:d1:a8:06:c9:e5:
                    ec:ee:a8:eb:67:12:9b:bf:05:2b:02:58:43:94:03:
                    3f:d3:64:c4:29:53:86:ed:a9:9e:39:88:21:44:5d:
                    3e:cc:da:6a:fc:6a:1f:25:67:f6:69:ad:e0:21:ff:
                    57:56:29:16:d8:e9:c5:2e:44:4f:92:09:d7:95:be:
                    5d:a0:53:ea:01:05:28:b7:64:9b:d9:be:38:66:40:
                    64:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:8F:0D:A5:C2:C6:FC:0A:20:62:3D:C1:73:69:39:37:3E:19:CB:26
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Ko8NpcLG_AogYj3Bc2k5Nz4ZyyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:96:b7:48:5e:21:99:de:8e:03:b2:e9:5f:cb:e2:1f:a5:79:
         76:9c:f2:71:7e:15:87:88:24:95:0a:ef:56:9d:94:e2:60:3d:
         40:7f:54:e5:35:0d:a0:15:b7:66:27:e7:b3:3a:b4:b8:52:cf:
         52:08:49:e0:26:fc:f7:db:87:71:14:47:d0:24:88:70:31:c5:
         67:da:b6:61:b6:32:83:12:db:4a:27:84:65:c8:da:dd:ea:1b:
         63:3e:d3:a4:53:ca:4c:2d:91:b8:61:ac:6a:eb:9b:03:b7:2a:
         cb:a2:5b:74:d1:3f:bc:17:58:c7:16:58:cb:db:26:34:1f:ab:
         e1:07:98:d2:da:8f:8b:de:2c:44:7b:e6:e9:b8:f1:d5:ac:82:
         64:6c:61:39:f5:63:f5:e0:5e:8c:9d:b8:b8:b9:f8:b4:69:f2:
         1f:a9:0a:2b:9d:19:b2:5d:76:72:12:24:ac:7e:11:e7:16:0f:
         c5:c9:69:5c:86:af:b8:d3:68:7b:79:91:2d:68:c3:53:e6:3a:
         81:54:95:83:11:fa:27:32:73:81:15:2e:ff:ba:ef:d8:79:a6:
         10:83:fd:8c:3d:4a:8c:0a:a9:94:18:a3:a9:0b:35:af:36:8a:
         5d:8b:87:06:99:65:c6:f3:03:df:8d:e7:fb:0d:4d:c3:4b:00:
         48:fc:b4:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NsOTmFaFJwbl358K+iRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjYwMTAxMjAxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYThmMGRhNWMyYzZmYzBhMjA2MjNkYzE3MzY5MzkzNzNlMTljYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Iu2MUGRviV/t9cxXBLrJYjMYd6c
ycTfQNgJR13HTZTzSOOCnmqjMfgxtjMkkw7aOr0DnsdCECmG75Dauly8GFuP9b4C
HKnV1wR2ng5QJWE1gDfrtakOR8IYapETy1uYDQW+VKMSig5fsMByBlPpsgszFyPw
u+voJv2d7xvA364DpzpQKSxcqoNKqB+qcdZ3r7CUcYopoqfO+xyDC6H+cK31l0Y2
vPQN1rUHLjeC0agGyeXs7qjrZxKbvwUrAlhDlAM/02TEKVOG7ameOYghRF0+zNpq
/GofJWf2aa3gIf9XVikW2OnFLkRPkgnXlb5doFPqAQUot2Sb2b44ZkBklwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqPDaXCxvwKIGI9wXNpOTc+GcsmMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvS284TnBjTEdfQW9nWWozQmMyazVOejRaeXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuceWMA0G
CSqGSIb3DQEBCwUAA4IBAQBtlrdIXiGZ3o4Dsulfy+IfpXl2nPJxfhWHiCSVCu9W
nZTiYD1Af1TlNQ2gFbdmJ+ezOrS4Us9SCEngJvz324dxFEfQJIhwMcVn2rZhtjKD
EttKJ4RlyNrd6htjPtOkU8pMLZG4Yaxq65sDtyrLolt00T+8F1jHFljL2yY0H6vh
B5jS2o+L3ixEe+bpuPHVrIJkbGE59WP14F6Mnbi4ufi0afIfqQornRmyXXZyEiSs
fhHnFg/FyWlchq+402h7eZEtaMNT5jqBVJWDEfonMnOBFS7/uu/YeaYQg/2MPUqM
CqmUGKOpCzWvNopdi4cGmWXG8wPfjef7DU3DSwBI/LR1
-----END CERTIFICATE-----