This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/EGceg2KC2veG2ubJ67lLnyLOjtI.roa
File:                     EGceg2KC2veG2ubJ67lLnyLOjtI.roa (raw, json)
Hash identifier:          wY6zYtQUbn46Y33mgpfT8vGawedlaPHOCiudGF0vIQ4=
Subject key identifier:   10:67:1E:83:62:82:DA:F7:86:DA:E6:C9:EB:B9:4B:9F:22:CE:8E:D2
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       019B7E3933CB2A7285E9384D05FF18E96E2B
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/EGceg2KC2veG2ubJ67lLnyLOjtI.roa
Signing time:             Fri 02 Jan 2026 10:20:36 +0000
ROA not before:           Fri 02 Jan 2026 10:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        85.153.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:33:cb:2a:72:85:e9:38:4d:05:ff:18:e9:6e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jan  2 10:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10671e836282daf786dae6c9ebb94b9f22ce8ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9f:9c:3e:d5:7e:37:96:3a:3f:92:50:47:de:
                    b8:1d:db:52:75:f7:78:cf:d4:d5:c5:21:44:69:26:
                    0b:44:15:23:f7:3d:51:af:8b:d6:89:a4:fc:29:46:
                    34:ff:be:d4:fb:0e:5c:c2:a4:b4:3d:71:e3:ba:f5:
                    84:57:a8:bc:91:ad:5f:67:35:0d:5a:99:1b:1e:54:
                    dc:5d:e6:6c:37:6a:a6:9b:97:ee:f3:2d:95:25:ad:
                    d3:31:e7:a4:3d:8f:09:3c:b9:f0:32:5e:49:62:64:
                    b5:39:b8:66:e5:87:f4:aa:f7:53:d9:88:fe:da:c0:
                    34:83:72:cd:0c:e4:c8:97:4a:e9:65:1c:f2:88:0d:
                    16:d4:5a:95:e6:a1:79:f6:b8:f0:58:5d:dc:e7:d0:
                    09:d6:11:d8:16:52:68:6d:39:96:79:9a:35:78:b2:
                    ba:fb:9b:cb:43:56:50:86:bc:8a:ed:96:66:d1:ac:
                    1b:8c:30:39:48:07:56:49:2a:5f:86:a7:fa:32:15:
                    fe:29:33:fe:71:2c:54:91:e3:d8:29:cb:0b:4b:d7:
                    c5:86:95:61:20:87:e7:39:6b:58:21:a2:91:ea:9a:
                    ee:d9:ad:7f:8c:ed:8a:1c:e6:92:be:d4:5f:60:e1:
                    34:23:fe:b3:30:d5:8e:ca:df:35:dd:27:f3:d1:c0:
                    7c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:67:1E:83:62:82:DA:F7:86:DA:E6:C9:EB:B9:4B:9F:22:CE:8E:D2
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/EGceg2KC2veG2ubJ67lLnyLOjtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:25:5b:17:01:4a:68:b6:f8:a6:f8:b5:b1:a4:2a:69:00:c5:
         44:d0:4a:e3:1b:0e:fb:9b:c3:e4:bf:3b:80:4f:82:d2:d8:d5:
         ab:c8:03:46:13:62:41:55:b0:c8:d1:3a:04:84:f4:65:7b:13:
         8f:19:99:45:ce:22:70:1f:f2:f3:42:85:29:c8:5b:73:6b:28:
         05:c6:d1:a9:f2:8f:a1:8f:d8:1d:66:96:17:2d:e9:64:e3:45:
         cb:c6:a1:9f:4b:5a:98:5a:33:c6:12:ef:ff:a3:99:d8:b2:be:
         78:20:60:13:ad:71:65:2d:29:9b:2a:7d:ac:12:16:d6:af:92:
         32:ee:12:1c:82:f5:11:1a:20:49:bb:bb:e2:1a:5b:82:d9:33:
         39:2b:4b:ad:b6:1f:38:b2:a3:72:80:bc:81:39:04:d7:bc:a4:
         e2:2d:d9:9a:0c:dd:7e:79:55:c8:73:9d:de:25:3a:d9:89:69:
         e4:3f:a9:61:12:5c:48:b7:df:28:a3:95:16:33:d9:b3:3f:f9:
         d1:8d:71:4b:e2:f4:f5:8e:4f:64:c4:d5:fe:05:8a:1c:eb:2c:
         7c:75:f8:e2:b2:98:48:97:8d:e4:ac:12:27:f0:52:5c:0a:70:
         a0:ca:b2:e6:a8:46:c1:dc:90:90:d7:e2:4e:43:dd:c7:bd:0e:
         03:84:02:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTPLKnKF6ThNBf8Y6W4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjYwMTAyMTAyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY3MWU4MzYyODJkYWY3ODZkYWU2YzllYmI5NGI5ZjIyY2U4ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2p+cPtV+N5Y6P5JQR964HdtSdfd4
z9TVxSFEaSYLRBUj9z1Rr4vWiaT8KUY0/77U+w5cwqS0PXHjuvWEV6i8ka1fZzUN
WpkbHlTcXeZsN2qmm5fu8y2VJa3TMeekPY8JPLnwMl5JYmS1Obhm5Yf0qvdT2Yj+
2sA0g3LNDOTIl0rpZRzyiA0W1FqV5qF59rjwWF3c59AJ1hHYFlJobTmWeZo1eLK6
+5vLQ1ZQhryK7ZZm0awbjDA5SAdWSSpfhqf6MhX+KTP+cSxUkePYKcsLS9fFhpVh
IIfnOWtYIaKR6pru2a1/jO2KHOaSvtRfYOE0I/6zMNWOyt813Sfz0cB8qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBnHoNigtr3htrmyeu5S58izo7SMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvRUdjZWcyS0MydmVHMnViSjY3bExueUxPanRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZkLMA0G
CSqGSIb3DQEBCwUAA4IBAQCHJVsXAUpotvim+LWxpCppAMVE0ErjGw77m8PkvzuA
T4LS2NWryANGE2JBVbDI0ToEhPRlexOPGZlFziJwH/LzQoUpyFtzaygFxtGp8o+h
j9gdZpYXLelk40XLxqGfS1qYWjPGEu//o5nYsr54IGATrXFlLSmbKn2sEhbWr5Iy
7hIcgvURGiBJu7viGluC2TM5K0utth84sqNygLyBOQTXvKTiLdmaDN1+eVXIc53e
JTrZiWnkP6lhElxIt98oo5UWM9mzP/nRjXFL4vT1jk9kxNX+BYoc6yx8dfjisphI
l43krBIn8FJcCnCgyrLmqEbB3JCQ1+JOQ93HvQ4DhALs
-----END CERTIFICATE-----