This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/0_75cziqkrd_avFDUZ9rg7qilxA.roa
File:                     0_75cziqkrd_avFDUZ9rg7qilxA.roa (raw, json)
Hash identifier:          pSQt5ocfFcDKXdLoPRHR826k+pr8i3n1PKJhobyxS7Y=
Subject key identifier:   D3:FE:F9:73:38:AA:92:B7:7F:6A:F1:43:51:9F:6B:83:BA:A2:97:10
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       019B7A5A16CCF39033CE918517F4E9D2FAA5
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/0_75cziqkrd_avFDUZ9rg7qilxA.roa
Signing time:             Thu 01 Jan 2026 16:18:02 +0000
ROA not before:           Thu 01 Jan 2026 16:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60795
IP address blocks:        185.80.32.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:16:cc:f3:90:33:ce:91:85:17:f4:e9:d2:fa:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 16:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3fef97338aa92b77f6af143519f6b83baa29710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:94:66:96:bb:d9:f8:9e:5e:54:fd:41:42:1e:
                    be:29:1e:6e:1a:d1:ae:b5:81:cd:18:8d:e9:d1:86:
                    ae:5f:a1:c8:c9:c9:2c:49:45:2d:38:66:35:65:f6:
                    21:09:f5:29:55:5f:9c:ee:8c:0a:6c:95:d3:87:8b:
                    3b:42:35:5d:05:3d:4a:52:55:d1:24:7f:f4:f1:16:
                    12:5b:2b:7e:31:15:20:30:22:3c:05:11:5c:4c:e0:
                    ea:d8:09:e5:8b:de:d3:12:99:0e:51:d5:9e:6f:d1:
                    f9:02:d7:3d:9d:14:36:ce:82:3d:42:98:7d:4f:2d:
                    b9:a3:70:c0:ca:6b:2d:c3:db:69:31:63:b2:5b:02:
                    ba:09:3c:0d:0b:a0:18:62:b0:8f:c0:2f:57:5d:31:
                    01:9f:0f:25:da:4a:91:50:41:fa:d2:25:e8:13:6c:
                    52:e1:e0:aa:ae:fc:ec:1a:72:46:08:f4:33:4f:ff:
                    4a:86:e6:a4:a3:f1:cb:c0:e3:f6:ba:72:d0:37:e6:
                    06:39:cc:9f:51:70:50:9e:27:83:47:f5:ee:e7:ad:
                    d8:5b:b0:ec:be:47:0c:2b:9d:53:5b:34:f3:70:fb:
                    ef:2d:c5:18:4c:b6:26:a9:de:b1:46:11:46:e2:c9:
                    d8:4b:6a:88:27:6d:28:d0:83:d7:69:bd:f2:d0:4c:
                    95:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FE:F9:73:38:AA:92:B7:7F:6A:F1:43:51:9F:6B:83:BA:A2:97:10
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/0_75cziqkrd_avFDUZ9rg7qilxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:12:1b:23:9d:fa:d2:1f:b9:1e:6b:ad:11:bf:39:08:2f:c1:
         41:b0:19:0c:30:4b:51:b0:f9:10:ec:7a:93:fc:64:f3:26:ba:
         f0:f6:31:e5:7f:b5:e7:b5:6b:4b:45:22:5e:f9:b2:c8:35:f9:
         12:b7:f2:23:a4:b3:14:b0:89:b8:1a:2e:d7:75:7c:88:86:b5:
         0a:98:66:6a:41:fc:40:dd:0d:91:6c:4f:f3:26:ba:34:55:61:
         6a:a6:9e:e3:5d:fe:e1:0e:6e:6d:c3:2d:69:72:d3:ad:ec:87:
         ee:62:83:9f:a6:9d:14:ee:34:da:49:e2:1a:33:91:20:1e:06:
         e5:ed:bc:45:f6:d5:99:9e:03:be:5e:97:3a:e7:63:2c:ef:af:
         4e:fe:8e:5c:d1:29:e8:b1:24:4c:50:35:eb:f1:74:37:50:a0:
         c2:ce:ff:47:74:0b:18:7f:8a:f5:ea:67:fe:88:54:c8:b8:75:
         9d:d8:c7:eb:43:cc:bf:b0:8a:e5:d0:ef:b6:3e:15:15:ab:cd:
         8c:3c:c7:fc:01:cd:92:c3:af:3c:d4:5a:f8:d0:5f:78:2c:20:
         de:7c:86:15:76:3e:88:01:ae:02:68:bc:5b:82:51:9e:0c:e7:
         c0:9f:6c:f5:85:a4:fc:90:48:7e:36:21:72:1d:43:2c:a1:30:
         e0:c9:bb:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WhbM85AzzpGFF/Tp0vqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjYwMTAxMTYxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZlZjk3MzM4YWE5MmI3N2Y2YWYxNDM1MTlmNmI4M2JhYTI5NzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZRmlrvZ+J5eVP1BQh6+KR5uGtGu
tYHNGI3p0YauX6HIycksSUUtOGY1ZfYhCfUpVV+c7owKbJXTh4s7QjVdBT1KUlXR
JH/08RYSWyt+MRUgMCI8BRFcTODq2Anli97TEpkOUdWeb9H5Atc9nRQ2zoI9Qph9
Ty25o3DAymstw9tpMWOyWwK6CTwNC6AYYrCPwC9XXTEBnw8l2kqRUEH60iXoE2xS
4eCqrvzsGnJGCPQzT/9Khuako/HLwOP2unLQN+YGOcyfUXBQnieDR/Xu563YW7Ds
vkcMK51TWzTzcPvvLcUYTLYmqd6xRhFG4snYS2qIJ20o0IPXab3y0EyVxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP++XM4qpK3f2rxQ1Gfa4O6opcQMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvMF83NWN6aXFrcmRfYXZGRFVaOXJnN3FpbHhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVAgMA0G
CSqGSIb3DQEBCwUAA4IBAQAAEhsjnfrSH7kea60RvzkIL8FBsBkMMEtRsPkQ7HqT
/GTzJrrw9jHlf7XntWtLRSJe+bLINfkSt/IjpLMUsIm4Gi7XdXyIhrUKmGZqQfxA
3Q2RbE/zJro0VWFqpp7jXf7hDm5twy1pctOt7IfuYoOfpp0U7jTaSeIaM5EgHgbl
7bxF9tWZngO+Xpc652Ms769O/o5c0SnosSRMUDXr8XQ3UKDCzv9HdAsYf4r16mf+
iFTIuHWd2MfrQ8y/sIrl0O+2PhUVq82MPMf8Ac2Sw6881Fr40F94LCDefIYVdj6I
Aa4CaLxbglGeDOfAn2z1haT8kEh+NiFyHUMsoTDgybs8
-----END CERTIFICATE-----