This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/Ao4tPl0KDOwD2fTQaCXik9Mge2U.roa
File:                     Ao4tPl0KDOwD2fTQaCXik9Mge2U.roa (raw, json)
Hash identifier:          61/JPhEn5agbl9M1kpw2R6W8Sk9wD7VpGF8lP+w7aKs=
Subject key identifier:   02:8E:2D:3E:5D:0A:0C:EC:03:D9:F4:D0:68:25:E2:93:D3:20:7B:65
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019B77C66E598EEE1CAD00F3E876407BDF84
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/Ao4tPl0KDOwD2fTQaCXik9Mge2U.roa
Signing time:             Thu 01 Jan 2026 04:17:31 +0000
ROA not before:           Thu 01 Jan 2026 04:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198429
IP address blocks:        185.29.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:6e:59:8e:ee:1c:ad:00:f3:e8:76:40:7b:df:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Jan  1 04:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=028e2d3e5d0a0cec03d9f4d06825e293d3207b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a6:6e:19:ed:07:56:a0:23:ff:cb:29:b8:80:
                    d1:c5:e5:98:95:49:fb:f7:f3:2c:7c:a8:c1:c2:df:
                    05:45:ec:19:bb:a7:62:eb:f3:c0:f5:fe:59:26:53:
                    28:61:9f:82:32:91:44:f7:2b:29:fc:0c:d7:32:c4:
                    11:c4:28:ae:30:da:45:ef:64:d5:55:64:be:d2:0a:
                    b9:14:19:b7:5d:2f:54:15:e8:ff:01:b0:ae:58:3d:
                    90:04:31:b7:9b:da:ce:f2:6d:04:2f:8b:72:e8:1b:
                    be:dd:b7:d3:fe:37:ad:28:af:95:36:45:6d:8c:50:
                    3f:48:99:e9:10:ac:19:fe:32:01:30:5c:c8:f4:72:
                    c5:f3:95:bb:7e:44:30:a6:d2:39:96:23:5d:29:69:
                    32:96:ce:a3:6e:00:8b:8c:0a:18:3c:94:05:7a:31:
                    88:62:0c:94:fd:13:0e:fe:16:8c:6c:77:dd:35:ce:
                    be:a5:71:d4:47:d0:30:6f:65:3e:68:47:1d:9f:0a:
                    f1:9e:68:0e:85:2a:80:a8:49:63:45:11:d5:ce:a2:
                    d1:42:6d:9f:d9:f7:89:43:92:59:b4:b3:7d:07:c7:
                    d2:5f:de:25:62:86:40:c3:29:a0:88:21:dc:e0:5b:
                    70:6a:d7:51:64:e4:9a:d3:73:a2:00:7e:a6:d6:ae:
                    d3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8E:2D:3E:5D:0A:0C:EC:03:D9:F4:D0:68:25:E2:93:D3:20:7B:65
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/Ao4tPl0KDOwD2fTQaCXik9Mge2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:2a:d3:7b:9e:39:25:dc:13:36:bd:9c:73:68:21:39:c7:1d:
         80:b7:47:35:9b:9b:88:d7:d4:50:40:09:c1:ef:41:4b:b9:6a:
         69:bc:aa:06:48:0b:4c:74:47:80:76:9a:5b:db:51:83:6c:76:
         2b:3f:9c:65:93:3a:b5:3d:df:14:76:67:b1:c9:8e:7b:c5:01:
         19:c1:1f:10:30:3d:ed:cf:f6:0c:3c:28:8b:7c:16:b8:cb:af:
         cc:c4:aa:70:37:a5:e9:7f:8a:66:0d:2d:48:d4:87:c8:a5:87:
         c6:81:f2:de:9c:f9:6b:31:98:07:85:0f:38:f7:e5:e3:ab:39:
         99:00:cd:ea:a2:67:3e:0c:4b:11:a3:57:ce:c7:e4:0a:5f:6d:
         bc:c0:4c:76:07:81:71:2c:96:f0:46:9b:82:0e:bb:cf:23:08:
         72:bc:ee:9d:7b:a9:3c:8a:b2:d2:43:0c:6c:32:e8:ec:c1:b4:
         fd:f1:c4:94:64:51:12:f7:74:94:17:c7:5a:ca:10:8d:84:43:
         75:f6:49:eb:3c:39:30:79:de:4f:10:3e:bc:79:08:6e:e2:c8:
         6f:98:e4:a6:c2:5a:07:51:4f:d9:29:0d:87:9a:b8:c1:fa:96:
         c7:86:42:0d:d1:6f:97:1b:e3:49:d0:45:6a:75:d1:45:70:86:
         23:c7:6f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xm5Zju4crQDz6HZAe9+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwMTAxMDQxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhlMmQzZTVkMGEwY2VjMDNkOWY0ZDA2ODI1ZTI5M2QzMjA3YjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKZuGe0HVqAj/8spuIDRxeWYlUn7
9/MsfKjBwt8FRewZu6di6/PA9f5ZJlMoYZ+CMpFE9ysp/AzXMsQRxCiuMNpF72TV
VWS+0gq5FBm3XS9UFej/AbCuWD2QBDG3m9rO8m0EL4ty6Bu+3bfT/jetKK+VNkVt
jFA/SJnpEKwZ/jIBMFzI9HLF85W7fkQwptI5liNdKWkyls6jbgCLjAoYPJQFejGI
YgyU/RMO/haMbHfdNc6+pXHUR9Awb2U+aEcdnwrxnmgOhSqAqEljRRHVzqLRQm2f
2feJQ5JZtLN9B8fSX94lYoZAwymgiCHc4FtwatdRZOSa03OiAH6m1q7TSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKOLT5dCgzsA9n00Ggl4pPTIHtlMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvQW80dFBsMEtET3dEMmZUUWFDWGlrOU1nZTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR3+MA0G
CSqGSIb3DQEBCwUAA4IBAQA3KtN7njkl3BM2vZxzaCE5xx2At0c1m5uI19RQQAnB
70FLuWppvKoGSAtMdEeAdppb21GDbHYrP5xlkzq1Pd8UdmexyY57xQEZwR8QMD3t
z/YMPCiLfBa4y6/MxKpwN6Xpf4pmDS1I1IfIpYfGgfLenPlrMZgHhQ849+XjqzmZ
AM3qomc+DEsRo1fOx+QKX228wEx2B4FxLJbwRpuCDrvPIwhyvO6de6k8irLSQwxs
MujswbT98cSUZFES93SUF8dayhCNhEN19knrPDkwed5PED68eQhu4shvmOSmwloH
UU/ZKQ2HmrjB+pbHhkIN0W+XG+NJ0EVqddFFcIYjx29R
-----END CERTIFICATE-----