This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/cOY-DC2HVK8oGsGuJBqrFqkU9C8.roa
File:                     cOY-DC2HVK8oGsGuJBqrFqkU9C8.roa (raw, json)
Hash identifier:          MwPd12qekQ7oRDjQ5MzO5S3l6bIuuruJk/odjgKUjg4=
Subject key identifier:   70:E6:3E:0C:2D:87:54:AF:28:1A:C1:AE:24:1A:AB:16:A9:14:F4:2F
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019B7E37920BAA4C91833CE87A64507B95B4
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/cOY-DC2HVK8oGsGuJBqrFqkU9C8.roa
Signing time:             Fri 02 Jan 2026 10:18:49 +0000
ROA not before:           Fri 02 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58144
IP address blocks:        185.20.252.0/22 maxlen: 24
                          185.20.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:92:0b:aa:4c:91:83:3c:e8:7a:64:50:7b:95:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70e63e0c2d8754af281ac1ae241aab16a914f42f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e2:60:1e:97:d6:5c:42:39:20:41:14:f1:c3:
                    42:5e:c3:99:0d:92:f1:3e:5e:b7:f4:17:1c:b6:b6:
                    2a:b8:cc:50:34:f3:35:33:82:be:25:90:b1:85:c9:
                    d7:f0:27:32:60:28:5d:27:14:21:b4:80:44:40:6b:
                    ee:49:08:1a:63:da:ca:e0:97:25:b2:44:45:d3:ac:
                    7e:62:29:fa:09:96:51:1c:de:89:f4:e4:73:d7:96:
                    b5:80:ad:e3:1f:77:73:37:43:64:26:79:f6:9e:44:
                    a3:f7:ea:5f:99:0b:b5:b2:5a:47:ba:2a:94:9c:ca:
                    b1:7a:8e:c3:8a:57:6d:cd:a0:b6:07:db:a0:e7:85:
                    d7:bc:f4:88:45:97:78:50:cb:80:2a:5b:fa:75:29:
                    54:21:a9:c2:11:2e:cf:a8:e7:1d:70:00:83:c1:50:
                    b0:48:49:ca:da:18:5f:5f:b5:82:72:45:37:e1:f1:
                    0c:05:7a:14:ca:a1:e6:d7:03:15:22:68:9a:b7:3e:
                    97:cb:79:12:06:f0:f0:72:49:a8:14:5d:d7:d2:57:
                    e9:7a:a4:70:ea:71:ba:34:cf:f8:ea:da:88:fd:1b:
                    19:51:72:26:31:6e:0c:f5:3d:f9:cf:bf:19:5b:76:
                    cc:72:4d:95:7c:f3:6d:32:0d:69:43:22:5e:4b:a2:
                    f0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E6:3E:0C:2D:87:54:AF:28:1A:C1:AE:24:1A:AB:16:A9:14:F4:2F
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/cOY-DC2HVK8oGsGuJBqrFqkU9C8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:b3:20:00:3c:82:a9:3e:93:7f:be:7a:d5:1c:cc:84:93:62:
         f4:9c:23:7c:bd:bd:91:bd:ce:a9:21:5e:53:5a:76:88:ca:cf:
         9a:68:a3:e2:96:23:6b:b1:14:bc:c2:74:19:4a:62:8b:ae:03:
         f1:33:0f:3f:e3:e0:ce:57:ed:a7:e2:58:62:35:00:9f:ce:90:
         0e:f2:43:e6:33:70:11:e7:91:2e:60:d6:3d:51:e3:80:22:88:
         06:29:7d:e8:c8:60:1e:50:e0:b1:40:d4:27:b3:26:a9:3b:25:
         98:1b:91:31:70:24:9f:e6:19:ed:05:9f:7a:3d:20:e3:bd:ea:
         ac:63:b2:92:41:8e:44:48:0b:49:2d:63:78:5a:dc:87:1b:39:
         d3:45:5c:80:d7:79:9b:fa:26:58:dc:fe:84:65:86:ee:4a:52:
         6c:ca:7f:c9:36:d9:bf:0a:58:23:98:59:ad:ea:2b:74:0a:45:
         7b:63:61:cd:3e:15:80:39:48:33:4f:f6:ae:9f:80:c3:20:de:
         23:b0:5c:7b:d0:ee:a5:98:d6:3c:11:4c:40:a1:41:d5:48:a0:
         ca:35:ef:97:f7:b8:eb:eb:18:07:3f:c1:12:8a:0d:da:37:6f:
         e9:83:77:0c:8b:b5:49:12:d5:b4:6d:6f:d2:85:26:ab:58:15:
         4f:0b:11:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N5ILqkyRgzzoemRQe5W0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwMTAyMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU2M2UwYzJkODc1NGFmMjgxYWMxYWUyNDFhYWIxNmE5MTRmNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuJgHpfWXEI5IEEU8cNCXsOZDZLx
Pl639BcctrYquMxQNPM1M4K+JZCxhcnX8CcyYChdJxQhtIBEQGvuSQgaY9rK4Jcl
skRF06x+Yin6CZZRHN6J9ORz15a1gK3jH3dzN0NkJnn2nkSj9+pfmQu1slpHuiqU
nMqxeo7DildtzaC2B9ug54XXvPSIRZd4UMuAKlv6dSlUIanCES7PqOcdcACDwVCw
SEnK2hhfX7WCckU34fEMBXoUyqHm1wMVImiatz6Xy3kSBvDwckmoFF3X0lfpeqRw
6nG6NM/46tqI/RsZUXImMW4M9T35z78ZW3bMck2VfPNtMg1pQyJeS6LwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDmPgwth1SvKBrBriQaqxapFPQvMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvY09ZLURDMkhWSzhvR3NHdUpCcXJGcWtVOUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRT8MA0G
CSqGSIb3DQEBCwUAA4IBAQCSsyAAPIKpPpN/vnrVHMyEk2L0nCN8vb2Rvc6pIV5T
WnaIys+aaKPiliNrsRS8wnQZSmKLrgPxMw8/4+DOV+2n4lhiNQCfzpAO8kPmM3AR
55EuYNY9UeOAIogGKX3oyGAeUOCxQNQnsyapOyWYG5ExcCSf5hntBZ96PSDjveqs
Y7KSQY5ESAtJLWN4WtyHGznTRVyA13mb+iZY3P6EZYbuSlJsyn/JNtm/ClgjmFmt
6it0CkV7Y2HNPhWAOUgzT/aun4DDIN4jsFx70O6lmNY8EUxAoUHVSKDKNe+X97jr
6xgHP8ESig3aN2/pg3cMi7VJEtW0bW/ShSarWBVPCxE8
-----END CERTIFICATE-----