This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/C28DWNXDejdL7MAcc4Gi6FPgeMM.roa
File:                     C28DWNXDejdL7MAcc4Gi6FPgeMM.roa (raw, json)
Hash identifier:          IsJNEkpniLV6uLgZ6ioRBU52pmL/v472ljfJA8Ci5sE=
Subject key identifier:   0B:6F:03:58:D5:C3:7A:37:4B:EC:C0:1C:73:81:A2:E8:53:E0:78:C3
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       019B7F145AF20FAA3ABEA04107FF07772946
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/C28DWNXDejdL7MAcc4Gi6FPgeMM.roa
Signing time:             Fri 02 Jan 2026 14:19:59 +0000
ROA not before:           Fri 02 Jan 2026 14:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12400
IP address blocks:        185.200.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:5a:f2:0f:aa:3a:be:a0:41:07:ff:07:77:29:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Jan  2 14:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b6f0358d5c37a374becc01c7381a2e853e078c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:de:3c:4d:0d:7e:37:33:df:90:5b:01:9b:
                    87:a7:4d:8e:83:9d:8a:e7:8f:cf:c9:ed:1e:d4:82:
                    d6:da:6c:cf:41:a2:d3:1c:f1:24:88:1d:cd:05:dd:
                    e4:c0:fe:cb:30:0e:d4:ed:86:1d:2b:98:d1:d5:9a:
                    64:5c:0e:ae:3f:fb:08:25:99:1c:40:a1:fc:4a:e9:
                    e9:a9:59:62:32:0e:65:73:af:d1:c4:60:ad:92:c7:
                    ef:05:8d:ed:4f:e0:fa:b0:77:ce:14:81:d1:56:8a:
                    97:8f:94:61:4b:26:8e:69:61:f8:33:58:f4:79:ae:
                    8d:2a:b5:61:2b:6a:68:a7:e9:85:11:0b:8e:45:ec:
                    41:60:07:ca:72:1b:b7:47:f3:36:24:9f:d6:6b:11:
                    d0:fb:01:08:0e:99:a6:4c:ed:b1:c9:46:ba:45:c7:
                    f7:c6:de:8c:58:24:7f:a9:08:53:70:88:12:fc:a6:
                    8f:07:04:2b:fe:76:5e:55:58:68:8e:7f:63:b6:d4:
                    d5:84:9f:5e:97:64:51:16:a9:fe:81:11:5d:7d:5d:
                    80:92:78:a8:ce:e8:bf:94:74:e1:6a:83:f5:85:ee:
                    d3:df:97:1d:0d:44:9a:3f:a6:52:50:85:f4:c4:88:
                    e1:12:94:e5:76:00:e8:6d:d2:87:22:9a:bb:7a:9e:
                    68:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:6F:03:58:D5:C3:7A:37:4B:EC:C0:1C:73:81:A2:E8:53:E0:78:C3
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/C28DWNXDejdL7MAcc4Gi6FPgeMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:45:1b:6c:40:ba:bf:e2:92:ef:cf:bd:ee:b3:c9:84:3e:c2:
         ea:cb:ae:0f:59:2d:ff:39:83:7b:6d:33:72:6f:2f:18:b8:0d:
         fd:6a:a0:ac:48:84:f5:3b:16:a7:c5:2c:24:d0:22:e5:26:de:
         02:73:01:8c:dc:c0:df:26:63:70:fb:eb:a5:11:64:85:55:5a:
         ef:01:13:20:81:ef:7b:51:2b:89:01:28:00:aa:60:7d:b2:cf:
         5c:c0:49:c5:99:c7:4d:d8:cc:ec:8c:f2:0a:de:53:d0:f3:2a:
         58:63:99:77:a3:f5:73:41:64:c7:72:82:4c:16:55:5e:c3:37:
         af:d9:0c:50:f1:dc:61:c4:b7:b5:c5:8c:ee:98:58:47:32:9e:
         c8:be:9a:2b:fe:a9:22:e9:3b:79:70:a0:8d:9c:1b:eb:3a:64:
         f2:80:ae:cc:43:95:9f:5a:47:75:aa:83:9b:55:28:1b:9e:b5:
         5f:fd:3f:0e:27:5c:58:ef:c7:25:e6:9e:fe:de:a9:b9:bc:64:
         5f:cc:fd:9e:51:75:45:c1:a3:bb:17:db:4d:ec:1d:a2:33:12:
         f9:26:14:ec:ab:55:25:81:c1:32:d9:77:4b:ca:fd:d7:61:47:
         06:9d:68:61:65:e1:62:28:ea:af:cc:77:82:17:27:9d:b8:77:
         d6:ff:b2:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFryD6o6vqBBB/8HdylGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjYwMTAyMTQxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjZmMDM1OGQ1YzM3YTM3NGJlY2MwMWM3MzgxYTJlODUzZTA3OGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaLePE0Nfjcz35BbAZuHp02Og52K
54/Pye0e1ILW2mzPQaLTHPEkiB3NBd3kwP7LMA7U7YYdK5jR1ZpkXA6uP/sIJZkc
QKH8SunpqVliMg5lc6/RxGCtksfvBY3tT+D6sHfOFIHRVoqXj5RhSyaOaWH4M1j0
ea6NKrVhK2pop+mFEQuORexBYAfKchu3R/M2JJ/WaxHQ+wEIDpmmTO2xyUa6Rcf3
xt6MWCR/qQhTcIgS/KaPBwQr/nZeVVhojn9jttTVhJ9el2RRFqn+gRFdfV2Aknio
zui/lHThaoP1he7T35cdDUSaP6ZSUIX0xIjhEpTldgDobdKHIpq7ep5oewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtvA1jVw3o3S+zAHHOBouhT4HjDMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvQzI4RFdOWERlamRMN01BY2M0R2k2RlBnZU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucj3MA0G
CSqGSIb3DQEBCwUAA4IBAQBpRRtsQLq/4pLvz73us8mEPsLqy64PWS3/OYN7bTNy
by8YuA39aqCsSIT1OxanxSwk0CLlJt4CcwGM3MDfJmNw++ulEWSFVVrvARMgge97
USuJASgAqmB9ss9cwEnFmcdN2MzsjPIK3lPQ8ypYY5l3o/VzQWTHcoJMFlVewzev
2QxQ8dxhxLe1xYzumFhHMp7Ivpor/qki6Tt5cKCNnBvrOmTygK7MQ5WfWkd1qoOb
VSgbnrVf/T8OJ1xY78cl5p7+3qm5vGRfzP2eUXVFwaO7F9tN7B2iMxL5JhTsq1Ul
gcEy2XdLyv3XYUcGnWhhZeFiKOqvzHeCFyeduHfW/7IJ
-----END CERTIFICATE-----