This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/wlQ0t9w-oLkcGuhWCMs9Bpc2jac.roa
File:                     wlQ0t9w-oLkcGuhWCMs9Bpc2jac.roa (raw, json)
Hash identifier:          3f94DHQ4ocfCNVkT9++XQcXx0yPrdObfv5lQ1Z9Etr8=
Subject key identifier:   C2:54:34:B7:DC:3E:A0:B9:1C:1A:E8:56:08:CB:3D:06:97:36:8D:A7
Certificate issuer:       /CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
Certificate serial:       019B78A22B14BAE37242C09549FDBEC62199
Authority key identifier: 53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/wlQ0t9w-oLkcGuhWCMs9Bpc2jac.roa
Signing time:             Thu 01 Jan 2026 08:17:32 +0000
ROA not before:           Thu 01 Jan 2026 08:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198247
IP address blocks:        185.12.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:2b:14:ba:e3:72:42:c0:95:49:fd:be:c6:21:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
        Validity
            Not Before: Jan  1 08:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c25434b7dc3ea0b91c1ae85608cb3d0697368da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:49:b7:72:e8:af:58:be:79:78:db:93:88:61:
                    96:57:25:7d:46:c9:79:ca:3a:be:75:32:53:85:1d:
                    a4:ce:1b:29:87:40:b0:27:bb:68:2e:56:ad:03:c2:
                    bc:94:bc:f1:a5:34:95:d7:b8:fc:5b:30:6c:d3:8f:
                    ef:eb:a3:d3:25:bc:e0:54:12:4b:88:1a:d0:03:1b:
                    22:d2:9e:3e:cf:a9:1b:90:b2:a6:c7:8c:ee:43:47:
                    8d:fb:16:8a:b5:f4:b2:1a:df:3a:c0:88:ba:82:b8:
                    e9:c6:6d:34:a4:e6:46:ce:0a:13:ec:d3:d8:7f:ee:
                    62:2c:f5:2b:e1:85:6e:77:8a:a3:42:fc:08:77:38:
                    42:d3:f4:f8:b3:f7:3b:79:ef:d0:a6:be:7f:56:a2:
                    4f:f3:c3:17:65:bb:48:78:ef:d2:13:cf:1f:4f:d8:
                    60:2c:9f:52:6b:25:5d:5a:6b:17:38:2e:55:f4:ac:
                    2f:57:7d:03:d1:85:74:df:66:a7:97:10:06:96:65:
                    1d:99:14:22:e7:7a:69:47:cc:a4:9d:6f:e2:eb:1c:
                    31:16:3d:84:41:14:b2:33:18:c0:c6:70:8c:67:ed:
                    fe:8a:09:4e:20:e1:ad:8a:e7:33:23:a2:9d:01:5c:
                    dc:76:96:0e:bb:28:63:ef:10:b3:4f:f8:ab:60:3f:
                    4d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:54:34:B7:DC:3E:A0:B9:1C:1A:E8:56:08:CB:3D:06:97:36:8D:A7
            X509v3 Authority Key Identifier:
                keyid:53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/wlQ0t9w-oLkcGuhWCMs9Bpc2jac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:94:c9:04:60:87:38:b0:5f:fd:3f:5d:6c:47:d0:e4:15:16:
         f7:2d:e7:04:a3:ac:06:e7:6d:22:7d:c1:6f:e0:f1:6f:b9:93:
         24:25:4e:73:88:2b:46:94:cf:d7:39:91:09:b1:b1:33:c1:75:
         2a:93:3a:73:b8:98:f8:45:32:9f:8d:8d:f0:d6:9a:73:85:fa:
         5d:bb:e1:20:14:ee:03:45:13:fb:70:e8:c4:7d:8e:9e:51:5f:
         19:1b:82:a7:8d:bc:f4:20:3c:68:c5:0c:5a:ff:53:41:ca:b6:
         8f:22:b6:15:1c:7c:12:c7:75:01:18:67:05:0d:a2:81:1d:b1:
         49:8c:04:22:22:74:84:2a:35:10:4e:57:9d:d2:1c:a1:dc:e1:
         ba:f4:46:9a:83:35:36:dd:07:2f:4a:bd:aa:f5:3b:8b:00:3a:
         9c:ff:60:52:a6:d3:56:08:bd:15:b1:ca:f2:57:58:a4:29:1c:
         41:44:c7:7d:04:13:46:aa:5b:2e:7f:06:72:89:c8:79:0a:24:
         0e:a6:4a:b2:14:73:f1:e6:1a:d2:29:b6:90:dc:90:17:58:66:
         7f:ad:4d:f0:4a:63:c6:76:fa:80:28:d5:64:4c:7b:e7:77:18:
         8c:a4:d5:fc:8e:85:66:6d:1c:8f:1b:ac:26:ad:df:df:16:45:
         28:e2:0b:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oisUuuNyQsCVSf2+xiGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODBjZDhhZDJmODRlMTRlOWI1YjY0MjM4OTM3YjZkNDIw
N2UyMjEwHhcNMjYwMTAxMDgxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjU0MzRiN2RjM2VhMGI5MWMxYWU4NTYwOGNiM2QwNjk3MzY4ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUm3cuivWL55eNuTiGGWVyV9Rsl5
yjq+dTJThR2kzhsph0CwJ7toLlatA8K8lLzxpTSV17j8WzBs04/v66PTJbzgVBJL
iBrQAxsi0p4+z6kbkLKmx4zuQ0eN+xaKtfSyGt86wIi6grjpxm00pOZGzgoT7NPY
f+5iLPUr4YVud4qjQvwIdzhC0/T4s/c7ee/Qpr5/VqJP88MXZbtIeO/SE88fT9hg
LJ9SayVdWmsXOC5V9KwvV30D0YV032anlxAGlmUdmRQi53ppR8yknW/i6xwxFj2E
QRSyMxjAxnCMZ+3+iglOIOGtiuczI6KdAVzcdpYOuyhj7xCzT/irYD9NnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJUNLfcPqC5HBroVgjLPQaXNo2nMB8GA1UdIwQY
MBaAFFOAzYrS+E4U6bW2QjiTe21CB+IhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQt
NWUzNmQxYjA4MjVlLzEvd2xRMHQ5dy1vTGtjR3VoV0NNczlCcGMyamFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQtNWUzNmQxYjA4MjVl
LzEvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwZMA0G
CSqGSIb3DQEBCwUAA4IBAQAzlMkEYIc4sF/9P11sR9DkFRb3LecEo6wG520ifcFv
4PFvuZMkJU5ziCtGlM/XOZEJsbEzwXUqkzpzuJj4RTKfjY3w1ppzhfpdu+EgFO4D
RRP7cOjEfY6eUV8ZG4Knjbz0IDxoxQxa/1NByraPIrYVHHwSx3UBGGcFDaKBHbFJ
jAQiInSEKjUQTled0hyh3OG69EaagzU23QcvSr2q9TuLADqc/2BSptNWCL0Vscry
V1ikKRxBRMd9BBNGqlsufwZyich5CiQOpkqyFHPx5hrSKbaQ3JAXWGZ/rU3wSmPG
dvqAKNVkTHvndxiMpNX8joVmbRyPG6wmrd/fFkUo4gvK
-----END CERTIFICATE-----