This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/dToYhaIhncI2M7qUF8E5Z-MUY1M.roa
File:                     dToYhaIhncI2M7qUF8E5Z-MUY1M.roa (raw, json)
Hash identifier:          i3+aszgM830eFR0OQiZivcXRqqvq84jEAI5IvwlypUE=
Subject key identifier:   75:3A:18:85:A2:21:9D:C2:36:33:BA:94:17:C1:39:67:E3:14:63:53
Certificate issuer:       /CN=06c44b821ab5db542cc536c1f88b84baf0621654
Certificate serial:       019B7FF149D2878EF44D61E9C1DD0E35DBAE
Authority key identifier: 06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/dToYhaIhncI2M7qUF8E5Z-MUY1M.roa
Signing time:             Fri 02 Jan 2026 18:21:18 +0000
ROA not before:           Fri 02 Jan 2026 18:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215917
IP address blocks:        185.128.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:49:d2:87:8e:f4:4d:61:e9:c1:dd:0e:35:db:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c44b821ab5db542cc536c1f88b84baf0621654
        Validity
            Not Before: Jan  2 18:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=753a1885a2219dc23633ba9417c13967e3146353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8b:87:1a:9f:bf:ce:fb:b0:95:72:b0:2a:b2:
                    8e:52:15:9b:69:a0:56:83:1b:36:bd:43:54:a0:a5:
                    23:c8:16:7f:7b:91:5d:ae:6b:2f:be:f2:30:44:e8:
                    44:2c:1f:2d:ab:4c:70:7e:d0:ad:e9:9b:a6:d8:55:
                    ea:76:92:e8:23:5e:50:37:2a:37:a6:f0:45:f4:85:
                    a1:84:43:38:ca:45:aa:63:2d:8a:d5:07:90:26:2b:
                    f5:c3:a1:56:ac:02:b7:b1:e7:45:46:40:92:98:6c:
                    46:5f:3b:0e:8b:df:fd:08:7e:1e:bd:ab:e6:f6:2e:
                    2d:84:c9:48:86:9b:b9:e9:09:38:8e:94:3f:32:81:
                    39:63:a3:de:74:95:28:e7:9c:d1:56:c0:0a:5c:18:
                    88:99:c4:a2:73:a7:f1:45:dd:ed:39:83:4e:3b:d7:
                    07:14:3f:c4:df:17:12:fe:05:f1:5b:23:73:ff:15:
                    af:61:6e:d8:5f:23:a5:c2:c4:b4:e5:3b:bf:46:8a:
                    ee:60:39:36:d1:3d:5f:ad:af:b4:0e:b0:bd:6a:3b:
                    ae:21:a9:9a:f8:b1:66:45:a3:f9:79:e4:49:07:2a:
                    0b:4f:b2:0e:8e:9c:3e:11:d8:5d:1f:02:c0:a8:59:
                    0f:ec:b9:04:9e:94:81:06:2c:01:5b:22:b2:c5:6d:
                    70:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:3A:18:85:A2:21:9D:C2:36:33:BA:94:17:C1:39:67:E3:14:63:53
            X509v3 Authority Key Identifier:
                keyid:06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/dToYhaIhncI2M7qUF8E5Z-MUY1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:a5:7f:b4:38:79:35:58:64:54:7b:be:60:cb:cc:02:5e:b2:
         93:34:2e:cf:ac:64:98:17:2e:46:f4:4c:bf:ae:27:88:84:fb:
         b2:87:be:36:7e:a7:63:e6:01:46:b0:0b:12:7d:5a:a5:28:88:
         54:1b:a5:58:59:47:28:b3:d0:ee:9f:4d:df:35:89:66:e5:e7:
         a4:6a:ae:aa:0d:3f:5a:ae:92:36:1e:e4:2c:b4:76:7f:45:aa:
         75:cd:7d:e7:25:b8:07:1a:a6:cb:0c:b7:d3:1a:2d:ef:ab:8c:
         3e:25:39:43:6e:f4:ff:c8:58:ad:79:73:34:a7:32:0e:df:3e:
         fb:5b:09:5c:18:b2:2d:2c:85:58:d5:ee:5c:ff:a3:eb:4e:5f:
         43:92:7a:1a:1f:e7:24:a0:b7:8a:d4:ac:b2:84:8c:f2:bd:03:
         df:54:e9:8e:5b:ac:1b:a3:f3:fb:71:ed:d5:27:07:1f:8e:26:
         30:96:0a:1a:ed:7a:c4:10:93:26:80:70:45:f5:37:a7:e2:19:
         78:71:9e:7a:4d:0f:5f:08:d0:1b:f0:9d:55:3e:f2:6d:27:d4:
         0b:a1:ba:b6:d5:d8:ec:2c:3c:26:0e:bb:05:5e:9f:97:bf:70:
         e9:29:d5:3e:4d:fc:e2:12:22:6d:a4:b8:ac:11:fa:5b:72:63:
         56:1c:5b:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8UnSh470TWHpwd0ONduuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzQ0YjgyMWFiNWRiNTQyY2M1MzZjMWY4OGI4NGJhZjA2
MjE2NTQwHhcNMjYwMTAyMTgyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTNhMTg4NWEyMjE5ZGMyMzYzM2JhOTQxN2MxMzk2N2UzMTQ2MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApouHGp+/zvuwlXKwKrKOUhWbaaBW
gxs2vUNUoKUjyBZ/e5FdrmsvvvIwROhELB8tq0xwftCt6Zum2FXqdpLoI15QNyo3
pvBF9IWhhEM4ykWqYy2K1QeQJiv1w6FWrAK3sedFRkCSmGxGXzsOi9/9CH4evavm
9i4thMlIhpu56Qk4jpQ/MoE5Y6PedJUo55zRVsAKXBiImcSic6fxRd3tOYNOO9cH
FD/E3xcS/gXxWyNz/xWvYW7YXyOlwsS05Tu/RoruYDk20T1fra+0DrC9ajuuIama
+LFmRaP5eeRJByoLT7IOjpw+EdhdHwLAqFkP7LkEnpSBBiwBWyKyxW1wIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHU6GIWiIZ3CNjO6lBfBOWfjFGNTMB8GA1UdIwQY
MBaAFAbES4IatdtULMU2wfiLhLrwYhZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYt
ZGM5ODQyNjU1NjdkLzEvZFRvWWhhSWhuY0kyTTdxVUY4RTVaLU1VWTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYtZGM5ODQyNjU1Njdk
LzEvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYAmMA0G
CSqGSIb3DQEBCwUAA4IBAQAxpX+0OHk1WGRUe75gy8wCXrKTNC7PrGSYFy5G9Ey/
rieIhPuyh742fqdj5gFGsAsSfVqlKIhUG6VYWUcos9Dun03fNYlm5eekaq6qDT9a
rpI2HuQstHZ/Rap1zX3nJbgHGqbLDLfTGi3vq4w+JTlDbvT/yFiteXM0pzIO3z77
WwlcGLItLIVY1e5c/6PrTl9DknoaH+ckoLeK1KyyhIzyvQPfVOmOW6wbo/P7ce3V
JwcfjiYwlgoa7XrEEJMmgHBF9Ten4hl4cZ56TQ9fCNAb8J1VPvJtJ9QLobq21djs
LDwmDrsFXp+Xv3DpKdU+TfziEiJtpLisEfpbcmNWHFsm
-----END CERTIFICATE-----