This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/L-dZKs7Gv5awuPkD8k2OKSCLBBM.roa
File:                     L-dZKs7Gv5awuPkD8k2OKSCLBBM.roa (raw, json)
Hash identifier:          SW4s8toqxl4AR9io1btbqrYDz52JEywp816PRiPgh5E=
Subject key identifier:   2F:E7:59:2A:CE:C6:BF:96:B0:B8:F9:03:F2:4D:8E:29:20:8B:04:13
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019B7E37F078A8352D94C082E5F52B8B011B
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/L-dZKs7Gv5awuPkD8k2OKSCLBBM.roa
Signing time:             Fri 02 Jan 2026 10:19:13 +0000
ROA not before:           Fri 02 Jan 2026 10:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214192
IP address blocks:        185.215.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f0:78:a8:35:2d:94:c0:82:e5:f5:2b:8b:01:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 10:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2fe7592acec6bf96b0b8f903f24d8e29208b0413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ce:36:d2:b5:b2:e7:51:d8:24:8a:ae:aa:5a:
                    da:2f:8a:f8:f5:94:f9:34:03:91:ba:a3:e4:62:8f:
                    39:5b:d5:86:16:46:bc:0a:1f:e3:77:e9:ad:4d:13:
                    93:24:96:a2:1d:20:dc:67:27:cf:36:d9:05:66:70:
                    31:42:e9:86:cd:2e:c0:86:4b:65:7e:06:55:5e:ed:
                    e0:36:e7:7b:ed:64:31:4a:ee:c9:8a:23:bb:27:55:
                    2c:16:f8:8b:aa:af:02:a1:66:2e:d0:1e:be:86:f0:
                    5d:c4:2d:ca:54:bd:97:9f:15:9d:2a:d1:c2:64:a3:
                    a3:d7:ba:5f:15:f0:06:dc:f3:9a:62:2e:56:88:1a:
                    ac:a4:47:58:3a:cd:97:21:7c:d3:aa:e0:1a:29:97:
                    c0:e5:21:01:87:ef:e9:65:fd:88:28:11:a0:2b:4b:
                    5f:15:a1:dc:a2:14:1a:c4:1f:dd:e3:22:ba:2a:d8:
                    3f:7a:a9:f5:62:78:45:70:3f:35:74:c8:06:c8:20:
                    c8:04:07:18:cf:c5:29:4e:2a:66:9f:a8:95:c2:d2:
                    3e:9a:74:fc:ba:a7:bf:f6:86:60:7d:48:25:91:30:
                    ff:9b:bf:55:f7:c3:ae:0c:db:0b:49:68:43:04:36:
                    20:31:64:65:fb:b8:8e:51:48:98:c8:d6:03:2e:ff:
                    06:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E7:59:2A:CE:C6:BF:96:B0:B8:F9:03:F2:4D:8E:29:20:8B:04:13
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/L-dZKs7Gv5awuPkD8k2OKSCLBBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:45:3f:db:9a:ec:ef:5f:36:13:c1:79:cf:65:c3:4e:9b:4c:
         21:44:ba:bd:d9:a8:de:8c:8c:44:5c:33:3a:a6:e4:c0:64:d9:
         1c:7b:18:3e:cd:a4:15:d2:15:36:49:5c:ec:83:ca:f0:43:c5:
         62:65:cf:d4:f0:f1:fe:38:d9:47:18:18:6a:77:45:ec:34:e6:
         9b:3d:15:52:30:75:9d:aa:0b:9c:2b:33:d5:12:fb:0e:3f:3f:
         80:e8:eb:4d:54:59:3a:9e:f6:82:9a:a5:15:67:8f:37:7a:a3:
         50:dc:3c:e7:cf:ff:19:4a:e3:e7:5b:e9:a1:a3:c3:71:6c:39:
         eb:5d:bc:70:05:f4:59:1a:d8:fa:52:8c:3f:a5:52:fe:ec:e6:
         50:60:00:c3:76:c1:92:4b:9c:6d:3b:1f:0d:4c:e2:b2:20:3c:
         09:44:ba:e2:7e:e5:d4:d4:ae:b2:65:78:17:67:75:87:2c:d1:
         9e:bd:20:bf:50:2d:a8:8a:87:35:2a:72:06:cd:c3:1e:87:a7:
         72:2b:99:39:2b:45:d5:35:45:29:15:b0:1a:17:13:81:5f:27:
         40:4c:51:82:7c:c5:f7:49:6c:bf:3d:e4:06:35:17:b4:e4:30:
         2b:ff:82:6b:3a:96:f8:e9:d6:5e:f7:1f:2e:6a:26:7c:4b:e2:
         04:00:d4:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N/B4qDUtlMCC5fUriwEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMTAyMTAxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU3NTkyYWNlYzZiZjk2YjBiOGY5MDNmMjRkOGUyOTIwOGIwNDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs420rWy51HYJIquqlraL4r49ZT5
NAORuqPkYo85W9WGFka8Ch/jd+mtTROTJJaiHSDcZyfPNtkFZnAxQumGzS7Ahktl
fgZVXu3gNud77WQxSu7JiiO7J1UsFviLqq8CoWYu0B6+hvBdxC3KVL2XnxWdKtHC
ZKOj17pfFfAG3POaYi5WiBqspEdYOs2XIXzTquAaKZfA5SEBh+/pZf2IKBGgK0tf
FaHcohQaxB/d4yK6Ktg/eqn1YnhFcD81dMgGyCDIBAcYz8UpTipmn6iVwtI+mnT8
uqe/9oZgfUglkTD/m79V98OuDNsLSWhDBDYgMWRl+7iOUUiYyNYDLv8G6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/nWSrOxr+WsLj5A/JNjikgiwQTMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvTC1kWktzN0d2NWF3dVBrRDhrMk9LU0NMQkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudflMA0G
CSqGSIb3DQEBCwUAA4IBAQCDRT/bmuzvXzYTwXnPZcNOm0whRLq92ajejIxEXDM6
puTAZNkcexg+zaQV0hU2SVzsg8rwQ8ViZc/U8PH+ONlHGBhqd0XsNOabPRVSMHWd
qgucKzPVEvsOPz+A6OtNVFk6nvaCmqUVZ483eqNQ3Dznz/8ZSuPnW+mho8NxbDnr
XbxwBfRZGtj6Uow/pVL+7OZQYADDdsGSS5xtOx8NTOKyIDwJRLrifuXU1K6yZXgX
Z3WHLNGevSC/UC2oioc1KnIGzcMeh6dyK5k5K0XVNUUpFbAaFxOBXydATFGCfMX3
SWy/PeQGNRe05DAr/4JrOpb46dZe9x8uaiZ8S+IEANT9
-----END CERTIFICATE-----