This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/9hVZarMZXXFecBErtuPkYLQrriE.roa
File:                     9hVZarMZXXFecBErtuPkYLQrriE.roa (raw, json)
Hash identifier:          KsiiLeHicnzuMLdpx8BniCnY9e3C72b9G03ZzbEor1A=
Subject key identifier:   F6:15:59:6A:B3:19:5D:71:5E:70:11:2B:B6:E3:E4:60:B4:2B:AE:21
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019B7E37931CF01F3442AA6F65C6610FD12B
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/9hVZarMZXXFecBErtuPkYLQrriE.roa
Signing time:             Fri 02 Jan 2026 10:18:49 +0000
ROA not before:           Fri 02 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211439
IP address blocks:        185.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:93:1c:f0:1f:34:42:aa:6f:65:c6:61:0f:d1:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f615596ab3195d715e70112bb6e3e460b42bae21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:30:56:dd:e7:c2:b3:09:38:70:96:4e:63:ed:
                    11:7f:ed:f3:e2:16:3b:93:eb:5f:7d:92:c0:af:95:
                    1c:17:59:bb:b9:87:e7:99:f2:58:8f:f6:c1:ce:f2:
                    84:de:d5:c1:3c:1e:0b:68:b8:03:fe:08:71:61:00:
                    6e:07:19:cb:d4:2e:2a:4b:f9:db:1b:16:e1:30:db:
                    76:b1:f5:a4:29:fb:ed:38:d2:93:bf:31:04:81:9e:
                    9f:04:b2:44:89:7e:48:b5:55:40:6c:8c:00:b2:e9:
                    38:7f:fe:ad:02:23:2a:d5:f1:29:54:db:25:01:3d:
                    a9:fb:45:f7:39:d3:d1:60:2c:1b:76:b7:23:16:e5:
                    3b:1c:01:fd:a6:9d:7a:8e:84:61:03:45:9b:31:c2:
                    27:76:1f:7f:22:74:64:c5:14:11:6d:04:a9:b0:d1:
                    58:c7:a7:f3:af:fb:e1:ef:85:46:3f:a1:ea:5e:6c:
                    7a:e8:82:e7:97:ff:c5:8d:02:65:c3:8d:b1:db:eb:
                    8e:e1:aa:b7:19:04:05:b3:a7:10:dc:02:b4:78:ed:
                    e0:cf:33:6d:82:85:df:ad:6e:6e:1b:69:3e:d6:98:
                    74:c6:1f:5d:e7:0a:34:eb:cf:cf:3b:e1:9a:33:7a:
                    9b:68:35:9a:dc:86:81:35:01:b6:c0:a9:88:b0:5e:
                    16:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:15:59:6A:B3:19:5D:71:5E:70:11:2B:B6:E3:E4:60:B4:2B:AE:21
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/9hVZarMZXXFecBErtuPkYLQrriE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c0:b7:c2:6d:d9:87:0a:f2:b4:bb:cc:b0:fd:62:32:a1:10:
         8e:60:d4:8e:17:88:90:68:86:77:d1:b3:ea:56:81:02:5e:ed:
         ea:27:94:34:ac:b7:c2:c8:04:f1:f2:d6:09:7d:a6:83:46:31:
         37:cc:30:75:3c:fd:51:7e:ef:7a:d6:03:4d:16:26:01:40:2b:
         83:80:30:56:29:c4:f8:33:c8:1f:81:6d:e0:6e:1a:62:ef:0d:
         57:51:21:6b:1f:41:21:07:bc:47:b5:87:2b:0f:32:24:2f:5a:
         72:12:9b:16:17:ae:7e:a0:5a:3e:45:cc:38:05:82:0c:4d:cc:
         ca:ec:b6:5c:db:2f:78:b5:d6:6d:2b:91:08:49:18:9c:a3:ea:
         25:87:4b:51:8a:1f:fd:ab:bf:cd:d5:9d:fd:61:75:c1:82:3d:
         db:7c:34:ff:41:4b:eb:08:2d:8d:3f:3f:ee:f9:40:39:2a:d6:
         b3:e2:0a:ce:a9:64:74:de:78:a0:4a:a0:63:e9:a9:d2:8a:52:
         df:70:22:37:37:4f:ed:d5:3d:9a:d7:ac:29:7a:7d:ae:f2:08:
         4e:e8:ae:b7:26:b8:56:20:bb:80:8f:23:36:ac:b8:cc:e3:19:
         7a:56:dd:06:ec:36:63:a0:b5:3a:a2:a7:9e:20:71:8a:46:b4:
         50:c8:09:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N5Mc8B80QqpvZcZhD9ErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwMTAyMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE1NTk2YWIzMTk1ZDcxNWU3MDExMmJiNmUzZTQ2MGI0MmJhZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TBW3efCswk4cJZOY+0Rf+3z4hY7
k+tffZLAr5UcF1m7uYfnmfJYj/bBzvKE3tXBPB4LaLgD/ghxYQBuBxnL1C4qS/nb
GxbhMNt2sfWkKfvtONKTvzEEgZ6fBLJEiX5ItVVAbIwAsuk4f/6tAiMq1fEpVNsl
AT2p+0X3OdPRYCwbdrcjFuU7HAH9pp16joRhA0WbMcIndh9/InRkxRQRbQSpsNFY
x6fzr/vh74VGP6HqXmx66ILnl//FjQJlw42x2+uO4aq3GQQFs6cQ3AK0eO3gzzNt
goXfrW5uG2k+1ph0xh9d5wo068/PO+GaM3qbaDWa3IaBNQG2wKmIsF4WyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYVWWqzGV1xXnARK7bj5GC0K64hMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvOWhWWmFyTVpYWEZlY0JFcnR1UGtZTFFycmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRT/MA0G
CSqGSIb3DQEBCwUAA4IBAQBjwLfCbdmHCvK0u8yw/WIyoRCOYNSOF4iQaIZ30bPq
VoECXu3qJ5Q0rLfCyATx8tYJfaaDRjE3zDB1PP1Rfu961gNNFiYBQCuDgDBWKcT4
M8gfgW3gbhpi7w1XUSFrH0EhB7xHtYcrDzIkL1pyEpsWF65+oFo+Rcw4BYIMTczK
7LZc2y94tdZtK5EISRico+olh0tRih/9q7/N1Z39YXXBgj3bfDT/QUvrCC2NPz/u
+UA5Ktaz4grOqWR03nigSqBj6anSilLfcCI3N0/t1T2a16wpen2u8ghO6K63JrhW
ILuAjyM2rLjM4xl6Vt0G7DZjoLU6oqeeIHGKRrRQyAlD
-----END CERTIFICATE-----