This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/gF9egdIcd91P1OP4RPz2DkEHDD8.roa
File:                     gF9egdIcd91P1OP4RPz2DkEHDD8.roa (raw, json)
Hash identifier:          JDz8GS+aZf4wXrBiyWB1Bck1IR0dmoeHU/KEMVi1Ghc=
Subject key identifier:   80:5F:5E:81:D2:1C:77:DD:4F:D4:E3:F8:44:FC:F6:0E:41:07:0C:3F
Certificate issuer:       /CN=dce4a4c4840fc9a5fd214a619aa887b5b7624bf5
Certificate serial:       019B7CEDBF26CDEEF5AEEBF5BA1B417FDC03
Authority key identifier: DC:E4:A4:C4:84:0F:C9:A5:FD:21:4A:61:9A:A8:87:B5:B7:62:4B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/gF9egdIcd91P1OP4RPz2DkEHDD8.roa
Signing time:             Fri 02 Jan 2026 04:18:34 +0000
ROA not before:           Fri 02 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25540
IP address blocks:        185.3.168.0/24 maxlen: 24
                          185.3.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:bf:26:cd:ee:f5:ae:eb:f5:ba:1b:41:7f:dc:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce4a4c4840fc9a5fd214a619aa887b5b7624bf5
        Validity
            Not Before: Jan  2 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=805f5e81d21c77dd4fd4e3f844fcf60e41070c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:47:5d:6b:a4:99:ae:c2:8a:6c:08:26:9e:23:
                    11:1d:ce:8e:57:d4:1f:83:ce:53:6a:4c:f0:48:9d:
                    30:38:02:99:39:1b:3e:c6:b4:05:38:94:c2:64:38:
                    77:83:5c:3d:6a:ac:87:27:7f:6d:6b:70:5e:ca:f1:
                    70:f2:84:e0:78:b5:57:df:4d:ba:dd:84:1a:c6:74:
                    9e:ba:97:f9:70:99:cf:46:1c:46:39:b4:34:c8:e6:
                    18:bf:73:25:5e:08:77:6a:a5:92:91:3b:c6:7e:46:
                    bc:c6:45:9a:dd:36:8f:1f:14:37:ce:5a:1c:c4:9e:
                    1b:b0:fd:e5:4d:52:39:ea:b9:f7:f2:eb:8d:5f:26:
                    96:24:0a:31:bf:3b:6b:74:88:83:9e:25:60:00:a2:
                    7f:f7:a1:af:c5:0c:1b:73:d1:91:10:b3:d6:6d:af:
                    f9:53:90:76:9a:3f:c0:e0:95:c9:fb:61:7e:c7:f4:
                    23:70:ce:4a:fe:86:8a:e8:c0:ba:69:84:d3:e1:5d:
                    65:47:5b:b2:9c:60:97:8a:7e:06:51:ed:2d:ea:13:
                    82:73:d4:d7:e8:d2:e4:b7:21:4a:ca:e6:72:4c:ae:
                    cf:73:47:cb:ac:93:98:fd:11:fb:fe:e3:64:b4:b7:
                    54:63:3b:56:ef:ce:37:1a:ef:d8:2b:ac:cf:61:9f:
                    3d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5F:5E:81:D2:1C:77:DD:4F:D4:E3:F8:44:FC:F6:0E:41:07:0C:3F
            X509v3 Authority Key Identifier:
                keyid:DC:E4:A4:C4:84:0F:C9:A5:FD:21:4A:61:9A:A8:87:B5:B7:62:4B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OSkxIQPyaX9IUphmqiHtbdiS_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/gF9egdIcd91P1OP4RPz2DkEHDD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0140a8-01c0-4e36-bd01-2b7ae722011f/1/3OSkxIQPyaX9IUphmqiHtbdiS_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:1a:30:5b:ca:63:5f:fe:36:2e:ea:e5:41:09:83:19:c2:55:
         6f:e6:85:bc:bd:87:40:60:3b:8c:d4:48:aa:06:35:38:7d:68:
         64:13:87:c1:a0:7c:95:c8:8d:ef:2d:7d:a7:2a:19:e3:0b:45:
         94:9a:d1:4b:2b:c9:e1:bc:7a:33:25:72:54:cb:e5:c8:1d:ed:
         ba:3b:c1:e8:53:14:46:59:f0:64:fd:84:07:e1:95:e9:7c:44:
         8a:02:94:8a:77:65:d3:99:9b:10:18:29:35:a2:00:ee:e8:b7:
         4a:ed:e3:da:ba:27:35:31:ae:49:04:59:ef:24:db:34:b1:51:
         c8:6f:20:e4:89:12:20:ca:f8:d7:f2:b3:50:06:af:4e:6f:2c:
         c4:b0:93:b2:d8:32:e5:98:0b:d0:5b:f8:9e:cc:ac:e0:ed:49:
         17:73:75:6e:8a:14:fd:fa:32:a7:6a:c1:cf:1e:b3:68:fa:dc:
         4f:90:90:49:21:5b:45:ac:1e:f8:8a:cd:e6:98:2a:64:6a:38:
         d1:dd:1e:61:e8:de:56:8d:55:c4:e6:80:1a:3e:42:ea:81:c4:
         8d:6b:1e:e4:25:d7:5f:31:fd:51:e5:c4:8a:a3:d4:6b:15:65:
         46:27:52:c2:c8:25:da:55:b5:49:ff:e9:83:9b:67:6a:9e:34:
         d3:ec:cd:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87b8mze71ruv1uhtBf9wDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTRhNGM0ODQwZmM5YTVmZDIxNGE2MTlhYTg4N2I1Yjc2
MjRiZjUwHhcNMjYwMTAyMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDVmNWU4MWQyMWM3N2RkNGZkNGUzZjg0NGZjZjYwZTQxMDcwYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0dda6SZrsKKbAgmniMRHc6OV9Qf
g85TakzwSJ0wOAKZORs+xrQFOJTCZDh3g1w9aqyHJ39ta3BeyvFw8oTgeLVX3026
3YQaxnSeupf5cJnPRhxGObQ0yOYYv3MlXgh3aqWSkTvGfka8xkWa3TaPHxQ3zloc
xJ4bsP3lTVI56rn38uuNXyaWJAoxvztrdIiDniVgAKJ/96GvxQwbc9GRELPWba/5
U5B2mj/A4JXJ+2F+x/QjcM5K/oaK6MC6aYTT4V1lR1uynGCXin4GUe0t6hOCc9TX
6NLktyFKyuZyTK7Pc0fLrJOY/RH7/uNktLdUYztW7843Gu/YK6zPYZ89JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBfXoHSHHfdT9Tj+ET89g5BBww/MB8GA1UdIwQY
MBaAFNzkpMSED8ml/SFKYZqoh7W3Ykv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09Ta3hJUVB5YVg5SVVwaG1xaUh0YmRpU19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMTQwYTgtMDFjMC00ZTM2LWJkMDEt
MmI3YWU3MjIwMTFmLzEvZ0Y5ZWdkSWNkOTFQMU9QNFJQejJEa0VIREQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMTQwYTgtMDFjMC00ZTM2LWJkMDEtMmI3YWU3MjIwMTFm
LzEvM09Ta3hJUVB5YVg5SVVwaG1xaUh0YmRpU19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQOoMA0G
CSqGSIb3DQEBCwUAA4IBAQAyGjBbymNf/jYu6uVBCYMZwlVv5oW8vYdAYDuM1Eiq
BjU4fWhkE4fBoHyVyI3vLX2nKhnjC0WUmtFLK8nhvHozJXJUy+XIHe26O8HoUxRG
WfBk/YQH4ZXpfESKApSKd2XTmZsQGCk1ogDu6LdK7ePauic1Ma5JBFnvJNs0sVHI
byDkiRIgyvjX8rNQBq9ObyzEsJOy2DLlmAvQW/iezKzg7UkXc3VuihT9+jKnasHP
HrNo+txPkJBJIVtFrB74is3mmCpkajjR3R5h6N5WjVXE5oAaPkLqgcSNax7kJddf
Mf1R5cSKo9RrFWVGJ1LCyCXaVbVJ/+mDm2dqnjTT7M3o
-----END CERTIFICATE-----