This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/fOoxZZXoKfFKbUE_dojmHZZTrYE.roa
File:                     fOoxZZXoKfFKbUE_dojmHZZTrYE.roa (raw, json)
Hash identifier:          gdRRDFEZsVqAvwZiFRI39sMYXzD71uw48Ip6EXeGQbw=
Subject key identifier:   7C:EA:31:65:95:E8:29:F1:4A:6D:41:3F:76:88:E6:1D:96:53:AD:81
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019B7C11856790CCB3A4D921723CDAFE61FD
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/fOoxZZXoKfFKbUE_dojmHZZTrYE.roa
Signing time:             Fri 02 Jan 2026 00:18:01 +0000
ROA not before:           Fri 02 Jan 2026 00:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210092
IP address blocks:        185.253.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:85:67:90:cc:b3:a4:d9:21:72:3c:da:fe:61:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan  2 00:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cea316595e829f14a6d413f7688e61d9653ad81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:35:73:11:f3:b5:6b:96:72:1e:a2:7d:5b:97:
                    92:be:1d:e4:1f:cc:8e:4f:74:33:d6:d2:e3:a6:91:
                    33:59:6e:fc:94:b2:e8:e5:be:79:a1:c2:59:9e:bb:
                    28:ce:c5:fe:60:2f:b9:80:5a:fc:b7:8d:74:16:ff:
                    82:01:03:98:a4:8b:24:fb:77:08:75:3f:ea:e0:fa:
                    15:85:7a:c6:ba:f1:7c:da:fe:c7:99:84:ec:1d:82:
                    5b:e9:df:34:55:0f:f4:e5:3e:d5:a8:49:94:70:5d:
                    c5:60:a6:ff:58:96:01:32:a5:a1:e6:2d:a4:de:5f:
                    32:8c:12:4d:6d:bb:d2:87:a2:30:0c:54:6f:ca:55:
                    dc:63:15:94:3c:85:0f:3e:3f:6b:c8:a2:1a:7b:7a:
                    76:c7:e0:b2:77:1d:f9:3e:4a:2f:aa:f5:f8:8e:04:
                    f8:1b:f7:41:35:a7:83:fe:a8:2b:dd:cd:51:98:d4:
                    7f:1c:1e:9b:67:4d:43:bc:6e:78:1b:4d:59:82:a8:
                    fc:4f:d3:91:b6:6a:88:5e:7e:52:df:9e:97:3c:28:
                    12:31:28:f4:f2:c7:60:4d:d9:16:9a:da:70:b1:c2:
                    a2:d3:1c:99:64:67:0c:13:25:a7:2a:19:f1:90:1a:
                    f3:ee:09:42:31:53:33:f9:66:2c:38:6b:ff:4a:ff:
                    25:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:EA:31:65:95:E8:29:F1:4A:6D:41:3F:76:88:E6:1D:96:53:AD:81
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/fOoxZZXoKfFKbUE_dojmHZZTrYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:db:2b:ec:6c:09:e7:5a:c8:32:3e:55:7d:cf:73:b1:26:b9:
         a9:e8:84:12:dd:60:49:58:cf:03:ff:bd:01:39:0e:a4:e7:12:
         3c:f9:d8:96:0e:f0:b3:b0:b2:d0:37:29:73:c0:01:d7:26:34:
         a4:70:1a:47:82:fa:e8:7d:29:36:c9:a5:e3:31:3f:19:65:17:
         fc:a9:64:c1:44:e6:a1:a0:fb:82:d5:5d:79:48:7d:51:4c:bc:
         3c:fb:cd:c4:bf:33:37:e3:1f:99:22:9d:6c:ac:50:b6:ea:78:
         22:89:b9:92:42:66:77:21:6b:eb:d5:f1:53:86:8f:f3:02:24:
         7e:ce:e6:d6:84:9e:85:8e:24:a8:d1:fd:b3:71:af:19:bc:d7:
         d4:c4:53:bd:8e:9a:0f:01:82:27:43:46:0b:a2:3c:78:88:88:
         03:5b:0e:03:87:e3:82:95:d9:1c:e7:73:c9:fc:65:37:7c:ab:
         0e:d9:28:83:bb:ca:e7:1f:23:f8:e6:36:e7:77:75:c2:4b:aa:
         2c:00:a9:a1:55:c8:88:4a:8b:66:ad:fc:87:2d:17:87:c2:c3:
         13:72:7b:d5:52:b6:db:3f:ed:b8:bb:5b:0b:9f:16:41:b1:3d:
         5c:5a:2e:0c:d1:d0:85:93:b0:d1:07:0a:2b:01:3a:1c:f6:9d:
         f8:bc:42:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EYVnkMyzpNkhcjza/mH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMTAyMDAxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VhMzE2NTk1ZTgyOWYxNGE2ZDQxM2Y3Njg4ZTYxZDk2NTNhZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTVzEfO1a5ZyHqJ9W5eSvh3kH8yO
T3Qz1tLjppEzWW78lLLo5b55ocJZnrsozsX+YC+5gFr8t410Fv+CAQOYpIsk+3cI
dT/q4PoVhXrGuvF82v7HmYTsHYJb6d80VQ/05T7VqEmUcF3FYKb/WJYBMqWh5i2k
3l8yjBJNbbvSh6IwDFRvylXcYxWUPIUPPj9ryKIae3p2x+Cydx35PkovqvX4jgT4
G/dBNaeD/qgr3c1RmNR/HB6bZ01DvG54G01Zgqj8T9ORtmqIXn5S356XPCgSMSj0
8sdgTdkWmtpwscKi0xyZZGcMEyWnKhnxkBrz7glCMVMz+WYsOGv/Sv8lMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzqMWWV6CnxSm1BP3aI5h2WU62BMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvZk9veFpaWG9LZkZLYlVFX2Rvam1IWlpUcllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf3YMA0G
CSqGSIb3DQEBCwUAA4IBAQCg2yvsbAnnWsgyPlV9z3OxJrmp6IQS3WBJWM8D/70B
OQ6k5xI8+diWDvCzsLLQNylzwAHXJjSkcBpHgvrofSk2yaXjMT8ZZRf8qWTBROah
oPuC1V15SH1RTLw8+83EvzM34x+ZIp1srFC26ngiibmSQmZ3IWvr1fFTho/zAiR+
zubWhJ6FjiSo0f2zca8ZvNfUxFO9jpoPAYInQ0YLojx4iIgDWw4Dh+OCldkc53PJ
/GU3fKsO2SiDu8rnHyP45jbnd3XCS6osAKmhVciISotmrfyHLReHwsMTcnvVUrbb
P+24u1sLnxZBsT1cWi4M0dCFk7DRBworAToc9p34vELg
-----END CERTIFICATE-----