This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Fbp_lxqUHehCSWbyl7sXqy6NV7c.roa
File:                     Fbp_lxqUHehCSWbyl7sXqy6NV7c.roa (raw, json)
Hash identifier:          2HfCb9kniGEaBDNnHz9GBiRgabhJI0HLcxsnmcMaKY8=
Subject key identifier:   15:BA:7F:97:1A:94:1D:E8:42:49:66:F2:97:BB:17:AB:2E:8D:57:B7
Certificate issuer:       /CN=85f4ee14f6d38a7cf071279dff7b391702e37135
Certificate serial:       019B7DCB53B51DBBF2CDA973A59E3EB04520
Authority key identifier: 85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Fbp_lxqUHehCSWbyl7sXqy6NV7c.roa
Signing time:             Fri 02 Jan 2026 08:20:35 +0000
ROA not before:           Fri 02 Jan 2026 08:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210301
IP address blocks:        185.146.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:53:b5:1d:bb:f2:cd:a9:73:a5:9e:3e:b0:45:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85f4ee14f6d38a7cf071279dff7b391702e37135
        Validity
            Not Before: Jan  2 08:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15ba7f971a941de8424966f297bb17ab2e8d57b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:46:1c:94:38:fe:8f:9c:ff:4f:48:a6:b6:58:
                    9a:25:0b:23:00:cd:5c:a5:de:ba:cd:eb:6f:a2:86:
                    cb:a5:bb:3d:6a:50:cf:2e:c5:6f:36:dc:4a:0d:46:
                    57:9b:30:18:31:cf:64:38:78:b8:23:4f:e9:13:ba:
                    54:96:d8:ee:d2:33:f4:03:88:3e:e3:ff:1b:ca:d5:
                    c0:a5:6a:13:9a:06:e2:a5:96:d9:61:79:ff:11:46:
                    5a:95:1b:52:3a:80:b0:8d:92:32:07:e3:97:d4:48:
                    f3:9f:5d:b6:6b:c1:67:0e:84:bb:e2:75:cd:76:2c:
                    97:7b:75:20:ae:db:bf:65:a1:78:c4:bc:60:a8:61:
                    c7:88:14:dd:66:3b:2c:0c:1a:b0:82:80:81:87:ff:
                    ff:22:97:04:e5:b7:ab:71:6e:5c:cd:d7:5f:d1:d9:
                    98:f6:33:58:c0:94:a0:55:06:b0:38:f8:d6:36:35:
                    e2:3f:0b:87:37:70:cf:75:14:01:8c:45:22:0a:30:
                    0f:e0:92:34:79:ca:b7:8a:e6:a4:ff:9f:c7:4c:69:
                    73:c8:40:13:f2:d2:e2:36:a0:b1:05:1c:1c:ee:10:
                    b5:be:fe:2a:ac:54:35:f1:84:09:88:8b:4a:75:bb:
                    6f:6f:aa:da:d7:38:4c:e5:df:c1:f9:67:d6:6b:3c:
                    5c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:BA:7F:97:1A:94:1D:E8:42:49:66:F2:97:BB:17:AB:2E:8D:57:B7
            X509v3 Authority Key Identifier:
                keyid:85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Fbp_lxqUHehCSWbyl7sXqy6NV7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:fc:b4:b3:04:1b:b0:c0:6b:40:93:a0:f6:1f:ab:be:f5:71:
         65:20:21:64:4e:ed:0f:51:b1:c6:05:a1:96:7a:14:24:e2:bb:
         4b:46:81:2d:87:7e:25:47:f3:e7:78:e1:4b:09:87:2b:49:ad:
         11:53:82:24:7d:4d:09:f3:ba:2d:2f:fe:2a:94:46:1a:8e:8f:
         38:08:3e:64:ab:b4:44:e6:df:4a:37:2b:24:09:d5:13:29:7f:
         64:88:90:fa:2a:26:22:7d:01:10:38:e6:f6:52:6e:0b:55:76:
         e3:aa:48:ec:fd:7f:08:37:5e:6e:f9:c0:b0:87:b9:72:93:68:
         ef:b1:44:28:84:a7:67:18:cd:00:e8:5f:fb:89:11:a7:6a:ec:
         be:4a:f1:cd:9d:d7:22:8d:7a:06:f7:4f:0e:b7:45:fc:a9:fa:
         ba:dd:bd:07:2a:75:6c:e5:83:6b:f8:d8:7d:ab:4c:4a:cb:00:
         a8:67:b4:94:37:ee:fb:98:23:3c:b2:d6:b9:ed:53:62:e8:35:
         b3:24:16:3c:c7:d1:8e:ec:70:5e:d6:17:5a:ef:ca:8f:cd:df:
         e0:86:ac:a6:7f:fd:3c:94:00:82:3f:05:2c:1d:42:28:7e:c9:
         42:42:e6:46:97:30:ed:be:a3:20:fc:d4:62:f0:2a:8b:7b:ca:
         4f:13:59:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y1O1HbvyzalzpZ4+sEUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZjRlZTE0ZjZkMzhhN2NmMDcxMjc5ZGZmN2IzOTE3MDJl
MzcxMzUwHhcNMjYwMTAyMDgyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJhN2Y5NzFhOTQxZGU4NDI0OTY2ZjI5N2JiMTdhYjJlOGQ1N2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UYclDj+j5z/T0imtliaJQsjAM1c
pd66zetvoobLpbs9alDPLsVvNtxKDUZXmzAYMc9kOHi4I0/pE7pUltju0jP0A4g+
4/8bytXApWoTmgbipZbZYXn/EUZalRtSOoCwjZIyB+OX1Ejzn122a8FnDoS74nXN
diyXe3Ugrtu/ZaF4xLxgqGHHiBTdZjssDBqwgoCBh///IpcE5bercW5czddf0dmY
9jNYwJSgVQawOPjWNjXiPwuHN3DPdRQBjEUiCjAP4JI0ecq3iuak/5/HTGlzyEAT
8tLiNqCxBRwc7hC1vv4qrFQ18YQJiItKdbtvb6ra1zhM5d/B+WfWazxcrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW6f5calB3oQklm8pe7F6sujVe3MB8GA1UdIwQY
MBaAFIX07hT204p88HEnnf97ORcC43E1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUt
YmZkOTVhOWE2ZTY0LzEvRmJwX2x4cVVIZWhDU1dieWw3c1hxeTZOVjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUtYmZkOTVhOWE2ZTY0
LzEvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZLjMA0G
CSqGSIb3DQEBCwUAA4IBAQAq/LSzBBuwwGtAk6D2H6u+9XFlICFkTu0PUbHGBaGW
ehQk4rtLRoEth34lR/PneOFLCYcrSa0RU4IkfU0J87otL/4qlEYajo84CD5kq7RE
5t9KNyskCdUTKX9kiJD6KiYifQEQOOb2Um4LVXbjqkjs/X8IN15u+cCwh7lyk2jv
sUQohKdnGM0A6F/7iRGnauy+SvHNndcijXoG908Ot0X8qfq63b0HKnVs5YNr+Nh9
q0xKywCoZ7SUN+77mCM8sta57VNi6DWzJBY8x9GO7HBe1hda78qPzd/ghqymf/08
lACCPwUsHUIofslCQuZGlzDtvqMg/NRi8CqLe8pPE1ma
-----END CERTIFICATE-----