This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/JXkrwkvLZXqvLpWo6GIqE9djHow.roa
File:                     JXkrwkvLZXqvLpWo6GIqE9djHow.roa (raw, json)
Hash identifier:          pvxp7edBiYpg9R4WGN/sBmyvZQpHSdt5YdDqPGYyoLU=
Subject key identifier:   25:79:2B:C2:4B:CB:65:7A:AF:2E:95:A8:E8:62:2A:13:D7:63:1E:8C
Certificate issuer:       /CN=d2622fdec8fadfca58e7575c29f10e73ae775715
Certificate serial:       019B7DCB30AD4A48919127CFCD2CCA6C2DB8
Authority key identifier: D2:62:2F:DE:C8:FA:DF:CA:58:E7:57:5C:29:F1:0E:73:AE:77:57:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/JXkrwkvLZXqvLpWo6GIqE9djHow.roa
Signing time:             Fri 02 Jan 2026 08:20:26 +0000
ROA not before:           Fri 02 Jan 2026 08:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205465
IP address blocks:        85.187.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:30:ad:4a:48:91:91:27:cf:cd:2c:ca:6c:2d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2622fdec8fadfca58e7575c29f10e73ae775715
        Validity
            Not Before: Jan  2 08:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25792bc24bcb657aaf2e95a8e8622a13d7631e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2e:ba:c8:f0:f6:73:a7:a5:99:5c:69:38:51:
                    87:76:e8:ad:7b:ad:10:de:70:43:d7:81:a5:d5:5c:
                    34:89:a6:b7:87:2f:fc:0f:ca:c2:5a:06:b6:f1:37:
                    b0:84:f8:6f:6a:4b:ce:fc:d2:64:78:99:97:9c:96:
                    09:08:32:8c:fe:75:d7:2d:ff:0d:e7:79:e4:cb:aa:
                    84:1a:1f:fc:f8:30:a3:dd:2c:a9:e0:70:2c:56:4c:
                    7f:8b:5f:ec:7f:33:e7:1e:04:cd:1b:8a:b2:33:a3:
                    a4:94:27:b9:83:4d:fe:83:3a:d9:46:8d:29:4a:1b:
                    46:b4:ac:61:78:80:3e:70:4e:52:af:6e:23:3b:a0:
                    18:47:52:5a:f4:c1:14:92:4f:c4:d7:32:85:7a:e0:
                    57:cf:4f:49:ae:81:00:c8:a4:64:fc:a2:9a:b1:c4:
                    66:09:79:cd:1f:a9:e0:87:1f:a5:2b:ef:50:7e:f3:
                    10:6c:f8:eb:1d:b6:3d:ad:d3:a6:5f:b3:47:78:b8:
                    87:13:db:e8:40:f0:8e:43:05:12:c3:8d:85:7b:d6:
                    1c:f0:cf:a3:5a:a1:de:dc:fe:e1:b3:69:75:30:9b:
                    9d:6c:c4:30:25:5d:71:e3:39:d9:5d:d9:36:48:57:
                    08:0a:e8:52:6f:be:1b:ea:78:c1:94:3a:a2:0e:1b:
                    47:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:79:2B:C2:4B:CB:65:7A:AF:2E:95:A8:E8:62:2A:13:D7:63:1E:8C
            X509v3 Authority Key Identifier:
                keyid:D2:62:2F:DE:C8:FA:DF:CA:58:E7:57:5C:29:F1:0E:73:AE:77:57:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/JXkrwkvLZXqvLpWo6GIqE9djHow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:6b:2f:ec:f9:60:bc:2c:50:de:4e:c0:c1:d9:24:f6:1c:6d:
         5b:33:04:5c:fa:ef:0c:3f:91:0b:8d:22:ec:6b:a7:76:ef:2f:
         cb:a9:f9:b6:2a:58:d9:86:6c:bd:10:d0:63:fc:1d:12:8a:e7:
         ff:e6:e1:2d:62:bd:38:03:e1:06:22:3e:87:86:25:8c:5c:fd:
         3d:e6:58:bf:e0:29:d9:4a:61:97:41:ab:5d:25:36:64:78:6e:
         67:1a:e8:54:a1:7d:62:64:1d:8c:33:11:fd:67:bf:0e:2e:a9:
         16:4d:73:02:98:23:45:c4:aa:8f:44:31:f9:9d:b4:bd:d4:ad:
         d8:77:53:8d:9a:dd:c6:e2:b0:50:26:69:5e:5b:7f:a3:05:f2:
         cf:7d:dd:bf:83:54:43:96:4e:cc:5e:d6:dc:f7:f3:06:8b:96:
         cf:70:55:1e:b2:fd:aa:d1:0a:9b:e4:00:6a:42:6b:3e:da:69:
         b6:75:84:5c:d1:cc:b1:83:3c:e9:2c:64:17:ed:30:f9:1b:49:
         5e:5b:5a:3b:ec:b3:30:e5:02:75:ef:6c:12:2d:b7:6a:96:61:
         bc:53:a2:b8:9d:10:b0:20:ab:fb:7e:bd:89:cb:06:80:b4:f3:
         76:3e:7c:fc:2c:b3:e4:a2:ac:a8:9e:1b:4e:b9:2d:93:9b:ee:
         82:51:c1:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yzCtSkiRkSfPzSzKbC24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjIyZmRlYzhmYWRmY2E1OGU3NTc1YzI5ZjEwZTczYWU3
NzU3MTUwHhcNMjYwMTAyMDgyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc5MmJjMjRiY2I2NTdhYWYyZTk1YThlODYyMmExM2Q3NjMxZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi66yPD2c6elmVxpOFGHduite60Q
3nBD14Gl1Vw0iaa3hy/8D8rCWga28TewhPhvakvO/NJkeJmXnJYJCDKM/nXXLf8N
53nky6qEGh/8+DCj3Syp4HAsVkx/i1/sfzPnHgTNG4qyM6OklCe5g03+gzrZRo0p
ShtGtKxheIA+cE5Sr24jO6AYR1Ja9MEUkk/E1zKFeuBXz09JroEAyKRk/KKascRm
CXnNH6nghx+lK+9QfvMQbPjrHbY9rdOmX7NHeLiHE9voQPCOQwUSw42Fe9Yc8M+j
WqHe3P7hs2l1MJudbMQwJV1x4znZXdk2SFcICuhSb74b6njBlDqiDhtHOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV5K8JLy2V6ry6VqOhiKhPXYx6MMB8GA1UdIwQY
MBaAFNJiL97I+t/KWOdXXCnxDnOud1cVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1JdjNzajYzOHBZNTFkY0tmRU9jNjUzVnhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NWYwMmUtZjFhYy00NGZiLTkyZWIt
ZjA1YWEyMjlkNjM4LzEvSlhrcndrdkxaWHF2THBXbzZHSXFFOWRqSG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NWYwMmUtZjFhYy00NGZiLTkyZWItZjA1YWEyMjlkNjM4
LzEvMG1JdjNzajYzOHBZNTFkY0tmRU9jNjUzVnhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVbs8MA0G
CSqGSIb3DQEBCwUAA4IBAQAZay/s+WC8LFDeTsDB2ST2HG1bMwRc+u8MP5ELjSLs
a6d27y/Lqfm2KljZhmy9ENBj/B0Siuf/5uEtYr04A+EGIj6HhiWMXP095li/4CnZ
SmGXQatdJTZkeG5nGuhUoX1iZB2MMxH9Z78OLqkWTXMCmCNFxKqPRDH5nbS91K3Y
d1ONmt3G4rBQJmleW3+jBfLPfd2/g1RDlk7MXtbc9/MGi5bPcFUesv2q0Qqb5ABq
Qms+2mm2dYRc0cyxgzzpLGQX7TD5G0leW1o77LMw5QJ172wSLbdqlmG8U6K4nRCw
IKv7fr2JywaAtPN2Pnz8LLPkoqyonhtOuS2Tm+6CUcES
-----END CERTIFICATE-----