This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Kw8ydkhlfzZHeJTkr7mnY0TC51Q.roa
File:                     Kw8ydkhlfzZHeJTkr7mnY0TC51Q.roa (raw, json)
Hash identifier:          A/++N69JbstSCEAobrMDwfyAGtA60/N4ZLrwg/2X2ok=
Subject key identifier:   2B:0F:32:76:48:65:7F:36:47:78:94:E4:AF:B9:A7:63:44:C2:E7:54
Certificate issuer:       /CN=85f4ee14f6d38a7cf071279dff7b391702e37135
Certificate serial:       019B7DCB510F274781BB4F3062496D3B27A8
Authority key identifier: 85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Kw8ydkhlfzZHeJTkr7mnY0TC51Q.roa
Signing time:             Fri 02 Jan 2026 08:20:35 +0000
ROA not before:           Fri 02 Jan 2026 08:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48659
IP address blocks:        185.146.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:51:0f:27:47:81:bb:4f:30:62:49:6d:3b:27:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85f4ee14f6d38a7cf071279dff7b391702e37135
        Validity
            Not Before: Jan  2 08:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b0f327648657f36477894e4afb9a76344c2e754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:31:9e:54:c4:be:0d:84:be:8b:82:34:2b:
                    e4:55:f8:fe:c5:68:dc:a0:a1:a8:13:a0:09:d5:3f:
                    d6:86:d8:d5:9f:fd:c5:a9:10:62:a9:27:1f:fd:5e:
                    84:f7:93:b2:46:17:fd:e0:8a:1a:da:78:ad:02:74:
                    77:8e:45:c8:0d:9e:dc:0f:85:29:de:f6:95:e1:b4:
                    01:7d:ba:2f:62:ce:51:f6:36:cf:cb:3e:fa:9b:80:
                    f6:b0:2a:0b:86:ce:57:b4:7b:d0:4e:55:11:90:07:
                    fc:73:73:fb:a4:56:d1:1c:7b:0c:40:99:97:fe:8d:
                    3f:7a:81:9f:ad:5e:0a:4c:13:51:18:82:65:4b:7d:
                    a0:7b:1a:be:26:4d:6b:7c:43:e3:0a:28:a6:36:ab:
                    97:2b:ce:da:f5:44:30:3e:e0:35:7f:cd:4b:6e:70:
                    98:f4:42:3b:8b:96:cd:a4:50:a8:7b:22:58:72:25:
                    20:c0:2c:b2:f3:fd:e0:20:ec:86:a2:71:63:e5:0c:
                    7d:7f:cc:9e:68:87:55:34:29:de:ad:b7:d6:e3:94:
                    96:fe:57:05:a0:1a:2e:98:1f:4e:1e:5a:b3:d1:b6:
                    e0:37:43:13:29:f9:fe:e3:e2:da:de:ec:48:17:04:
                    ca:54:bf:de:07:52:d9:14:94:67:e7:e9:3b:3b:c0:
                    3c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0F:32:76:48:65:7F:36:47:78:94:E4:AF:B9:A7:63:44:C2:E7:54
            X509v3 Authority Key Identifier:
                keyid:85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/Kw8ydkhlfzZHeJTkr7mnY0TC51Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:41:21:f1:84:5c:72:ae:ba:83:a1:8d:00:51:82:46:89:55:
         24:aa:9e:9b:89:cf:9d:63:2e:26:78:4b:f0:15:52:e3:48:37:
         99:6f:2a:cf:ff:a4:68:65:16:ed:f0:af:b5:ec:76:20:51:cd:
         bb:35:57:fe:e4:32:56:55:73:0d:67:11:a4:3d:b0:f2:01:5f:
         b1:0d:25:6d:e1:31:47:c9:ce:09:7d:78:0b:8f:aa:b9:b8:73:
         2c:e7:e0:b2:79:ee:f2:0d:0c:a5:07:7e:70:0a:d6:4f:de:0b:
         e1:6c:0f:e0:36:23:57:ed:24:18:e6:fb:cb:2b:b0:7a:35:a9:
         b6:94:7e:c8:d4:35:4e:73:70:28:e8:d6:3b:27:a5:fd:a4:14:
         25:c9:da:3a:75:0d:25:3e:b5:dd:06:4f:50:25:fc:d3:2b:14:
         33:cc:18:ef:fb:ba:05:25:4a:6b:cc:df:9c:31:0d:ff:e4:d0:
         7a:b5:4b:2d:db:2a:6f:a5:15:a6:7e:f3:39:97:14:fe:6b:03:
         5c:5a:fa:d6:85:19:f5:df:19:b6:50:66:b1:28:ac:01:18:f6:
         bd:13:cb:f2:ee:ac:de:30:e9:36:5d:c6:cf:2e:14:0d:f4:8f:
         bf:b0:a3:23:cb:55:b7:9d:1b:dc:1e:cf:75:d3:69:68:2e:40:
         16:8e:f6:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y1EPJ0eBu08wYkltOyeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZjRlZTE0ZjZkMzhhN2NmMDcxMjc5ZGZmN2IzOTE3MDJl
MzcxMzUwHhcNMjYwMTAyMDgyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBmMzI3NjQ4NjU3ZjM2NDc3ODk0ZTRhZmI5YTc2MzQ0YzJlNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjIxnlTEvg2EvouCNCvkVfj+xWjc
oKGoE6AJ1T/WhtjVn/3FqRBiqScf/V6E95OyRhf94Ioa2nitAnR3jkXIDZ7cD4Up
3vaV4bQBfbovYs5R9jbPyz76m4D2sCoLhs5XtHvQTlURkAf8c3P7pFbRHHsMQJmX
/o0/eoGfrV4KTBNRGIJlS32gexq+Jk1rfEPjCiimNquXK87a9UQwPuA1f81LbnCY
9EI7i5bNpFCoeyJYciUgwCyy8/3gIOyGonFj5Qx9f8yeaIdVNCnerbfW45SW/lcF
oBoumB9OHlqz0bbgN0MTKfn+4+La3uxIFwTKVL/eB1LZFJRn5+k7O8A8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsPMnZIZX82R3iU5K+5p2NEwudUMB8GA1UdIwQY
MBaAFIX07hT204p88HEnnf97ORcC43E1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUt
YmZkOTVhOWE2ZTY0LzEvS3c4eWRraGxmelpIZUpUa3I3bW5ZMFRDNTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUtYmZkOTVhOWE2ZTY0
LzEvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZLiMA0G
CSqGSIb3DQEBCwUAA4IBAQCLQSHxhFxyrrqDoY0AUYJGiVUkqp6bic+dYy4meEvw
FVLjSDeZbyrP/6RoZRbt8K+17HYgUc27NVf+5DJWVXMNZxGkPbDyAV+xDSVt4TFH
yc4JfXgLj6q5uHMs5+Cyee7yDQylB35wCtZP3gvhbA/gNiNX7SQY5vvLK7B6Nam2
lH7I1DVOc3Ao6NY7J6X9pBQlydo6dQ0lPrXdBk9QJfzTKxQzzBjv+7oFJUprzN+c
MQ3/5NB6tUst2ypvpRWmfvM5lxT+awNcWvrWhRn13xm2UGaxKKwBGPa9E8vy7qze
MOk2XcbPLhQN9I+/sKMjy1W3nRvcHs9102loLkAWjvZO
-----END CERTIFICATE-----