This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/0sunuK8mYCHK4l0By1mDKNLTXQU.roa
File:                     0sunuK8mYCHK4l0By1mDKNLTXQU.roa (raw, json)
Hash identifier:          Bp/kxKZVCpRcoYpimQ/V45yUfQ2UHcCMtSwdBAO1PEo=
Subject key identifier:   D2:CB:A7:B8:AF:26:60:21:CA:E2:5D:01:CB:59:83:28:D2:D3:5D:05
Certificate issuer:       /CN=a18f02d5ebc9e8b9521af7132b12cb6bb65693c6
Certificate serial:       019B7BA35264754411A359C6874A9BA82F6D
Authority key identifier: A1:8F:02:D5:EB:C9:E8:B9:52:1A:F7:13:2B:12:CB:6B:B6:56:93:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/0sunuK8mYCHK4l0By1mDKNLTXQU.roa
Signing time:             Thu 01 Jan 2026 22:17:39 +0000
ROA not before:           Thu 01 Jan 2026 22:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216257
IP address blocks:        185.176.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:52:64:75:44:11:a3:59:c6:87:4a:9b:a8:2f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a18f02d5ebc9e8b9521af7132b12cb6bb65693c6
        Validity
            Not Before: Jan  1 22:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2cba7b8af266021cae25d01cb598328d2d35d05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:58:ef:e5:a3:ed:56:5a:fd:40:6f:b6:8b:15:
                    de:96:81:8c:ab:dd:66:af:99:e7:34:93:3b:68:05:
                    0f:38:55:43:13:f8:21:5b:27:97:9f:2d:e0:b2:fa:
                    be:c4:e4:67:13:f5:3f:1e:fe:59:aa:66:9e:98:3a:
                    83:9f:b6:1d:db:68:ad:00:01:4b:8c:f8:cb:82:23:
                    64:30:8a:1b:1e:5d:92:11:b2:50:64:3a:07:da:34:
                    32:fd:36:41:b6:4b:f1:12:a3:5a:2e:06:5b:6a:a4:
                    f8:b5:8e:44:de:90:b7:fa:60:1a:d1:c6:cd:d7:ab:
                    ed:0a:15:b6:98:d4:34:01:72:2a:98:ad:e1:ff:18:
                    b4:0c:0e:8e:a7:5f:00:6c:63:13:4a:5a:cc:70:1c:
                    a9:58:45:f1:33:b8:71:93:dd:6b:18:bb:d2:a2:a1:
                    e2:24:9b:24:ce:11:41:8a:96:af:23:d0:91:80:86:
                    5b:f9:95:ed:d6:90:2f:2d:3f:f0:87:4c:88:ad:6a:
                    25:e5:91:4f:8b:23:f9:93:95:7b:6f:85:7c:de:f2:
                    13:e1:fb:33:e0:50:0b:5d:bb:88:44:26:f9:8c:4f:
                    57:13:90:aa:79:00:37:1a:de:6c:46:52:ef:96:2a:
                    48:bf:5f:50:60:aa:1b:e7:40:dd:e8:c1:a3:e4:71:
                    67:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CB:A7:B8:AF:26:60:21:CA:E2:5D:01:CB:59:83:28:D2:D3:5D:05
            X509v3 Authority Key Identifier:
                keyid:A1:8F:02:D5:EB:C9:E8:B9:52:1A:F7:13:2B:12:CB:6B:B6:56:93:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/0sunuK8mYCHK4l0By1mDKNLTXQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:d1:a7:20:8a:9a:0c:73:f3:7d:fe:9b:75:90:37:38:c8:2b:
         03:97:35:16:75:ce:a1:52:c0:37:c0:c4:13:9e:36:3f:a2:92:
         18:d4:f3:08:03:14:1d:88:c3:82:6f:fb:ee:12:8a:5f:c7:ff:
         20:cd:65:07:28:b0:f4:d1:a1:2e:73:fc:22:36:08:70:ff:d1:
         ba:d2:a5:e1:09:8a:68:bf:d9:17:ef:bf:58:d0:42:80:d0:2f:
         a1:71:f5:71:dc:ce:c8:76:ce:05:74:3f:2a:86:32:ad:f8:0e:
         b2:f3:58:5c:e8:eb:c0:cd:e4:01:74:18:af:e9:27:f0:fe:2a:
         6e:43:34:b0:73:24:92:fd:b8:41:33:64:a8:3e:6c:e6:c9:ef:
         ef:90:e9:19:1b:4d:42:45:d8:dc:5c:9a:59:85:b9:9e:f4:74:
         9c:72:77:db:36:c8:5a:90:16:f8:ee:f6:44:85:cc:e4:f4:b3:
         d4:46:af:51:ed:7a:b2:c0:f2:ee:20:7e:7f:38:e9:8a:e7:53:
         06:6f:41:29:fa:f5:5f:8d:f4:99:fc:40:aa:94:b6:9a:cf:f9:
         c0:bc:d8:0c:04:e3:ce:8f:88:e6:c3:40:cf:e0:30:14:fe:ab:
         9f:cc:25:cd:9a:1d:6d:3c:78:b3:5d:6e:dd:e6:68:fb:53:ca:
         71:9a:36:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o1JkdUQRo1nGh0qbqC9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOGYwMmQ1ZWJjOWU4Yjk1MjFhZjcxMzJiMTJjYjZiYjY1
NjkzYzYwHhcNMjYwMTAxMjIxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmNiYTdiOGFmMjY2MDIxY2FlMjVkMDFjYjU5ODMyOGQyZDM1ZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFjv5aPtVlr9QG+2ixXeloGMq91m
r5nnNJM7aAUPOFVDE/ghWyeXny3gsvq+xORnE/U/Hv5ZqmaemDqDn7Yd22itAAFL
jPjLgiNkMIobHl2SEbJQZDoH2jQy/TZBtkvxEqNaLgZbaqT4tY5E3pC3+mAa0cbN
16vtChW2mNQ0AXIqmK3h/xi0DA6Op18AbGMTSlrMcBypWEXxM7hxk91rGLvSoqHi
JJskzhFBipavI9CRgIZb+ZXt1pAvLT/wh0yIrWol5ZFPiyP5k5V7b4V83vIT4fsz
4FALXbuIRCb5jE9XE5CqeQA3Gt5sRlLvlipIv19QYKob50Dd6MGj5HFntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLLp7ivJmAhyuJdActZgyjS010FMB8GA1UdIwQY
MBaAFKGPAtXryei5Uhr3EysSy2u2VpPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1k4QzFldko2TGxTR3ZjVEt4TExhN1pXazhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83MWE5N2MtMzVmNC00ZjIxLWE0M2Et
NzM5NmU0MmIxODMwLzEvMHN1bnVLOG1ZQ0hLNGwwQnkxbURLTkxUWFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83MWE5N2MtMzVmNC00ZjIxLWE0M2EtNzM5NmU0MmIxODMw
LzEvb1k4QzFldko2TGxTR3ZjVEt4TExhN1pXazhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubAUMA0G
CSqGSIb3DQEBCwUAA4IBAQBi0acgipoMc/N9/pt1kDc4yCsDlzUWdc6hUsA3wMQT
njY/opIY1PMIAxQdiMOCb/vuEopfx/8gzWUHKLD00aEuc/wiNghw/9G60qXhCYpo
v9kX779Y0EKA0C+hcfVx3M7Ids4FdD8qhjKt+A6y81hc6OvAzeQBdBiv6Sfw/ipu
QzSwcySS/bhBM2SoPmzmye/vkOkZG01CRdjcXJpZhbme9HSccnfbNshakBb47vZE
hczk9LPURq9R7XqywPLuIH5/OOmK51MGb0Ep+vVfjfSZ/ECqlLaaz/nAvNgMBOPO
j4jmw0DP4DAU/qufzCXNmh1tPHizXW7d5mj7U8pxmjZz
-----END CERTIFICATE-----