This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/_GfFqUw5mWGbjc_mCBWnNfju97k.roa
File:                     _GfFqUw5mWGbjc_mCBWnNfju97k.roa (raw, json)
Hash identifier:          2siq+SOSG2tsLvn2PAlvw4ivV0pVSjLxvVW1AegSSYg=
Subject key identifier:   FC:67:C5:A9:4C:39:99:61:9B:8D:CF:E6:08:15:A7:35:F8:EE:F7:B9
Certificate issuer:       /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial:       019B77595A815BB5BB00B4F253303EC7C9CB
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/_GfFqUw5mWGbjc_mCBWnNfju97k.roa
Signing time:             Thu 01 Jan 2026 02:18:23 +0000
ROA not before:           Thu 01 Jan 2026 02:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47348
IP address blocks:        185.143.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:5a:81:5b:b5:bb:00:b4:f2:53:30:3e:c7:c9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
        Validity
            Not Before: Jan  1 02:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc67c5a94c3999619b8dcfe60815a735f8eef7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5e:35:3d:7a:e9:87:e0:33:51:aa:9a:a4:04:
                    46:ec:57:b1:6b:e6:38:f5:2b:86:46:a3:c7:09:22:
                    68:27:e0:2f:13:dd:df:c1:84:03:16:53:d6:84:68:
                    14:a9:14:41:8d:19:e5:c6:79:a3:f8:4a:a9:fc:19:
                    b6:4e:08:b2:55:bf:33:53:84:d3:e3:13:66:cd:77:
                    7e:2c:98:65:bd:f0:f2:4e:ac:7e:56:3d:85:b7:a1:
                    f0:27:8e:44:d4:29:67:cb:da:63:cd:2d:de:4c:f6:
                    70:f9:fb:a7:eb:45:ce:56:e1:06:76:e9:4f:7a:9d:
                    cf:92:48:33:41:71:36:51:91:00:71:8f:c4:1e:2b:
                    0b:a3:cd:b6:68:d1:b1:f1:a4:47:67:cf:69:e1:95:
                    7e:83:42:be:7f:ba:b5:2a:31:16:2e:1d:f9:d0:87:
                    53:80:fa:b5:f8:e8:4c:e4:83:ad:c9:cf:f7:25:eb:
                    a7:08:dc:e1:16:12:89:c6:19:48:75:ab:8d:f0:52:
                    6d:22:4b:85:e4:11:a6:c0:d4:bc:77:17:cc:18:b0:
                    cf:b5:21:87:59:e3:34:2c:dd:fe:1e:11:4f:49:a1:
                    0b:e3:7e:a5:06:39:a2:cd:59:5d:93:2f:af:dd:ca:
                    a3:2f:bc:35:e9:e3:82:2a:ad:c3:71:87:62:77:f1:
                    66:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:67:C5:A9:4C:39:99:61:9B:8D:CF:E6:08:15:A7:35:F8:EE:F7:B9
            X509v3 Authority Key Identifier:
                keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/_GfFqUw5mWGbjc_mCBWnNfju97k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:e6:ab:cc:64:4b:9e:bf:6c:e4:a8:d9:1a:ea:32:2b:93:f5:
         25:58:06:6f:55:e6:79:89:1d:42:1a:b9:97:9c:c2:51:ec:d6:
         6e:41:f5:a9:98:d9:46:33:b0:bb:68:04:5a:26:6b:1e:b8:2a:
         df:f5:8e:1f:3f:9a:5a:62:79:43:ce:f2:11:ad:59:b9:95:d2:
         14:86:e1:c9:9e:03:0c:52:bc:4a:01:6a:18:fb:8f:96:b1:9c:
         20:a6:6c:30:96:c1:ef:7f:61:99:7a:ee:83:7e:6c:8c:b3:f9:
         ef:06:10:44:34:34:68:46:ac:22:58:0a:b1:99:9f:3f:21:54:
         84:a0:91:40:28:a3:59:50:02:6d:6f:24:e6:de:85:fa:e7:f0:
         7b:11:ee:df:76:8f:1c:6a:92:5a:eb:4e:27:5d:1f:0f:99:0c:
         26:61:02:7c:77:49:5b:c1:68:4d:5a:01:40:b2:10:89:ef:0a:
         ac:a0:0c:c0:7c:30:7a:fa:24:e3:5f:b6:49:c0:d9:25:5a:69:
         26:79:72:75:a8:aa:e1:d2:43:e2:d5:20:61:92:fc:a4:c2:72:
         b2:68:00:a5:d5:78:89:43:c4:be:38:6f:4c:62:36:7b:b6:83:
         be:6d:75:c6:93:62:88:da:d1:a9:3b:1d:ed:63:c9:74:21:10:
         70:91:26:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WVqBW7W7ALTyUzA+x8nLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjYwMTAxMDIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY3YzVhOTRjMzk5OTYxOWI4ZGNmZTYwODE1YTczNWY4ZWVmN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV41PXrph+AzUaqapARG7Fexa+Y4
9SuGRqPHCSJoJ+AvE93fwYQDFlPWhGgUqRRBjRnlxnmj+Eqp/Bm2TgiyVb8zU4TT
4xNmzXd+LJhlvfDyTqx+Vj2Ft6HwJ45E1Clny9pjzS3eTPZw+fun60XOVuEGdulP
ep3PkkgzQXE2UZEAcY/EHisLo822aNGx8aRHZ89p4ZV+g0K+f7q1KjEWLh350IdT
gPq1+OhM5IOtyc/3JeunCNzhFhKJxhlIdauN8FJtIkuF5BGmwNS8dxfMGLDPtSGH
WeM0LN3+HhFPSaEL436lBjmizVldky+v3cqjL7w16eOCKq3DcYdid/FmMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxnxalMOZlhm43P5ggVpzX47ve5MB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvX0dmRnFVdzVtV0diamNfbUNCV25OZmp1OTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8gMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ5qvMZEuev2zkqNka6jIrk/UlWAZvVeZ5iR1CGrmX
nMJR7NZuQfWpmNlGM7C7aARaJmseuCrf9Y4fP5paYnlDzvIRrVm5ldIUhuHJngMM
UrxKAWoY+4+WsZwgpmwwlsHvf2GZeu6DfmyMs/nvBhBENDRoRqwiWAqxmZ8/IVSE
oJFAKKNZUAJtbyTm3oX65/B7Ee7fdo8capJa604nXR8PmQwmYQJ8d0lbwWhNWgFA
shCJ7wqsoAzAfDB6+iTjX7ZJwNklWmkmeXJ1qKrh0kPi1SBhkvykwnKyaACl1XiJ
Q8S+OG9MYjZ7toO+bXXGk2KI2tGpOx3tY8l0IRBwkSb5
-----END CERTIFICATE-----