This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/_rX0Pp7-maFWlmqvdtFQDE9VMd4.roa
File:                     _rX0Pp7-maFWlmqvdtFQDE9VMd4.roa (raw, json)
Hash identifier:          JcwoPPYbwcTSP2znNESFrTnQNOV0v0WHsf0jgmgiH6I=
Subject key identifier:   FE:B5:F4:3E:9E:FE:99:A1:56:96:6A:AF:76:D1:50:0C:4F:55:31:DE
Certificate issuer:       /CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
Certificate serial:       019B7DCABE5DF057D65CEBB5BF78F31C2035
Authority key identifier: 67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/_rX0Pp7-maFWlmqvdtFQDE9VMd4.roa
Signing time:             Fri 02 Jan 2026 08:19:57 +0000
ROA not before:           Fri 02 Jan 2026 08:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        185.18.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:be:5d:f0:57:d6:5c:eb:b5:bf:78:f3:1c:20:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=672f0e42b08aa451fc583a358ec370ffbd2dac68
        Validity
            Not Before: Jan  2 08:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=feb5f43e9efe99a156966aaf76d1500c4f5531de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e1:e6:da:68:24:85:44:95:4b:d0:42:58:b6:
                    df:04:f4:3d:80:c4:c8:71:53:6d:f9:93:87:7b:51:
                    d1:ed:cd:a7:f2:d4:d8:25:48:e4:49:a8:2f:24:05:
                    ac:d0:06:8c:3d:0a:74:16:f6:23:2c:86:af:4e:66:
                    e5:e8:f8:15:73:69:02:5c:8c:6b:f4:ba:7a:84:03:
                    a9:75:11:13:13:9a:2a:30:3e:63:4a:ea:88:0f:ff:
                    e6:ee:76:a3:a5:eb:8b:0e:d4:ca:ea:0e:49:06:2c:
                    a3:38:10:1e:69:a5:73:54:47:d7:ef:b9:b9:49:46:
                    bf:a7:ed:b8:51:1f:2f:76:58:cc:48:b3:fd:4f:dd:
                    a2:e7:49:0b:5f:49:d6:03:b1:c4:71:6d:93:4f:ac:
                    fb:d3:25:13:c9:e4:33:c3:47:a9:34:8e:57:23:6a:
                    54:f3:50:d9:0f:4d:d4:7a:5b:0b:76:9d:69:bb:06:
                    f8:f4:3e:9b:d8:e1:13:34:77:8c:fb:67:a9:a1:0b:
                    f1:b4:20:eb:f7:55:a8:0e:34:90:fa:06:0c:9a:61:
                    79:74:a7:31:6a:07:a7:6e:d8:06:3a:ed:81:da:0b:
                    09:04:f6:e8:b8:a0:5b:b8:81:21:c1:b3:3f:ea:0d:
                    49:b1:f5:27:64:e4:e9:1b:50:7e:33:13:55:ca:1c:
                    e9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B5:F4:3E:9E:FE:99:A1:56:96:6A:AF:76:D1:50:0C:4F:55:31:DE
            X509v3 Authority Key Identifier:
                keyid:67:2F:0E:42:B0:8A:A4:51:FC:58:3A:35:8E:C3:70:FF:BD:2D:AC:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zy8OQrCKpFH8WDo1jsNw_70trGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/_rX0Pp7-maFWlmqvdtFQDE9VMd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/59a6b9-cd20-4cd7-b4a7-f0b962f52414/1/Zy8OQrCKpFH8WDo1jsNw_70trGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:79:39:d2:f7:05:95:b2:6f:46:1d:d6:10:c7:b8:f8:8a:04:
         97:32:94:22:a9:ef:df:2f:6e:00:84:74:78:a5:aa:57:64:84:
         ae:8e:45:f1:71:c5:b9:07:b6:63:1a:4b:33:1e:d3:40:6e:ba:
         29:df:9f:84:3f:75:42:55:1d:95:ad:24:63:25:70:0a:69:ba:
         0c:cd:92:63:93:4d:56:f4:87:fc:ba:21:88:c5:fc:0a:55:ff:
         15:d7:87:fc:10:f7:65:e1:c7:4d:1f:d5:a8:06:d6:b1:d8:42:
         2e:1a:e2:59:ca:ba:3d:30:7b:83:c8:a9:c6:da:9a:ad:fb:03:
         53:a8:a9:63:93:bd:e1:60:c3:5d:98:7c:cf:9e:2e:dc:b8:10:
         68:cd:3e:a8:80:73:52:d0:57:d4:29:93:fc:5b:e1:8a:16:eb:
         7f:4d:32:ef:19:68:93:d5:8f:4b:5c:7e:cf:34:a8:a4:2a:a3:
         b2:f5:f3:e4:d6:82:94:26:0f:8d:a3:0b:8f:fb:3c:2e:ea:99:
         90:74:c7:90:14:b3:52:e1:df:3d:bc:02:00:73:d2:ee:28:46:
         10:4d:af:b0:d4:50:63:fe:17:71:e4:03:2a:e0:1b:26:9c:90:
         71:ae:f1:27:fb:3a:6a:f8:a5:73:a2:95:08:25:5a:b7:1a:62:
         83:f5:5b:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yr5d8FfWXOu1v3jzHCA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MmYwZTQyYjA4YWE0NTFmYzU4M2EzNThlYzM3MGZmYmQy
ZGFjNjgwHhcNMjYwMTAyMDgxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWI1ZjQzZTllZmU5OWExNTY5NjZhYWY3NmQxNTAwYzRmNTUzMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuHm2mgkhUSVS9BCWLbfBPQ9gMTI
cVNt+ZOHe1HR7c2n8tTYJUjkSagvJAWs0AaMPQp0FvYjLIavTmbl6PgVc2kCXIxr
9Lp6hAOpdRETE5oqMD5jSuqID//m7najpeuLDtTK6g5JBiyjOBAeaaVzVEfX77m5
SUa/p+24UR8vdljMSLP9T92i50kLX0nWA7HEcW2TT6z70yUTyeQzw0epNI5XI2pU
81DZD03UelsLdp1puwb49D6b2OETNHeM+2epoQvxtCDr91WoDjSQ+gYMmmF5dKcx
agenbtgGOu2B2gsJBPbouKBbuIEhwbM/6g1JsfUnZOTpG1B+MxNVyhzpMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP619D6e/pmhVpZqr3bRUAxPVTHeMB8GA1UdIwQY
MBaAFGcvDkKwiqRR/Fg6NY7DcP+9LaxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTct
ZjBiOTYyZjUyNDE0LzEvX3JYMFBwNy1tYUZXbG1xdmR0RlFERTlWTWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81OWE2YjktY2QyMC00Y2Q3LWI0YTctZjBiOTYyZjUyNDE0
LzEvWnk4T1FyQ0twRkg4V0RvMWpzTndfNzB0ckdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRL6MA0G
CSqGSIb3DQEBCwUAA4IBAQBYeTnS9wWVsm9GHdYQx7j4igSXMpQiqe/fL24AhHR4
papXZISujkXxccW5B7ZjGkszHtNAbrop35+EP3VCVR2VrSRjJXAKaboMzZJjk01W
9If8uiGIxfwKVf8V14f8EPdl4cdNH9WoBtax2EIuGuJZyro9MHuDyKnG2pqt+wNT
qKljk73hYMNdmHzPni7cuBBozT6ogHNS0FfUKZP8W+GKFut/TTLvGWiT1Y9LXH7P
NKikKqOy9fPk1oKUJg+NowuP+zwu6pmQdMeQFLNS4d89vAIAc9LuKEYQTa+w1FBj
/hdx5AMq4BsmnJBxrvEn+zpq+KVzopUIJVq3GmKD9Vta
-----END CERTIFICATE-----