This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1fRolkRjd-APCzNnG-5bwuoOqNg.roa
File:                     1fRolkRjd-APCzNnG-5bwuoOqNg.roa (raw, json)
Hash identifier:          uECN6gUKiv+lFioLhpnkI4G1xAlKUZVG1VCjkCRQOjI=
Subject key identifier:   D5:F4:68:96:44:63:77:E0:0F:0B:33:67:1B:EE:5B:C2:EA:0E:A8:D8
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019B7AC7D054DE5BF8C5A82334B71021A732
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1fRolkRjd-APCzNnG-5bwuoOqNg.roa
Signing time:             Thu 01 Jan 2026 18:17:53 +0000
ROA not before:           Thu 01 Jan 2026 18:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     328543
IP address blocks:        185.80.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:d0:54:de:5b:f8:c5:a8:23:34:b7:10:21:a7:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 18:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5f46896446377e00f0b33671bee5bc2ea0ea8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:cf:6a:15:1d:a0:f4:56:75:ed:25:7f:92:
                    62:55:52:0c:73:71:80:6f:17:de:55:1f:74:4f:53:
                    d3:f6:69:e8:7d:98:93:31:4b:98:a7:66:39:46:0c:
                    6c:70:f9:76:1a:2c:c6:b9:d0:15:b3:5e:41:97:b5:
                    e8:85:f0:c9:3b:b8:16:6b:cf:90:25:a1:a9:a7:e0:
                    73:f4:55:b6:4a:36:8c:78:b1:49:99:c0:19:78:87:
                    cc:bc:35:72:87:b4:0e:a5:df:21:ba:7a:de:05:87:
                    13:c6:19:d0:4d:9c:22:b2:8f:13:a5:a2:a3:c3:58:
                    c4:b2:78:b4:20:a1:de:48:7e:ef:2f:52:75:7c:65:
                    2a:bc:23:55:b3:3c:7e:58:13:30:5b:2a:fc:29:b6:
                    fc:ab:74:34:94:fc:92:df:62:61:98:07:de:4f:19:
                    98:2b:0b:93:37:c6:53:d6:cb:03:81:10:eb:d3:47:
                    04:a2:8e:8d:49:04:0c:e9:f6:e4:74:40:da:91:ef:
                    af:23:14:b3:26:79:f8:ee:bb:01:a0:d1:be:f2:d7:
                    f8:89:73:60:41:0c:40:51:de:c5:0d:dc:f3:57:5f:
                    96:6f:63:2a:ce:d2:cd:8f:4e:5a:f1:87:75:0d:cd:
                    d8:b9:20:a3:4d:e7:e9:ad:5f:ca:5b:a0:f1:e4:f4:
                    ba:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F4:68:96:44:63:77:E0:0F:0B:33:67:1B:EE:5B:C2:EA:0E:A8:D8
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/1fRolkRjd-APCzNnG-5bwuoOqNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:15:32:c4:6b:7a:7e:02:90:7c:3f:1e:40:a0:51:89:2e:1e:
         7b:5b:b8:84:df:92:8d:92:64:e1:ec:80:48:ac:79:4c:e1:9f:
         e6:4e:55:41:31:88:62:3b:c1:dc:14:15:a3:44:7d:bc:57:fb:
         74:d5:07:80:90:98:6e:c3:24:31:f7:93:06:61:1b:50:a8:41:
         72:0c:5f:03:a7:6f:4d:6c:df:98:96:de:4e:d7:4f:fe:54:ed:
         60:00:cc:a8:bf:2d:ad:75:9a:ec:b8:a5:f2:ac:ed:2b:65:43:
         b5:f9:47:84:aa:b6:3a:19:23:db:c0:89:3a:54:f3:e7:60:10:
         cd:4c:84:95:ce:04:c4:ac:d1:7a:58:ec:9a:0d:cd:db:76:07:
         84:36:75:7e:03:d2:62:72:f2:68:c0:2f:4b:1e:8e:80:8c:ba:
         b8:d3:3f:b3:7a:8c:e3:c4:57:bc:73:24:a2:90:88:33:47:bf:
         19:87:d8:23:3f:7e:0b:bd:3b:f1:84:b6:2e:c9:d7:85:ce:21:
         8c:d6:96:36:65:5e:0b:f2:f5:09:63:19:91:03:68:fe:e0:d8:
         c0:db:a1:08:8f:25:c7:99:6d:b8:05:75:ca:26:c7:8a:44:42:
         42:b6:e4:b0:17:d4:26:d4:d6:54:64:20:b4:4a:3c:92:c6:49:
         86:10:34:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x9BU3lv4xagjNLcQIacyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwMTAxMTgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY0Njg5NjQ0NjM3N2UwMGYwYjMzNjcxYmVlNWJjMmVhMGVhOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyHPahUdoPRWde0lf5JiVVIMc3GA
bxfeVR90T1PT9mnofZiTMUuYp2Y5RgxscPl2GizGudAVs15Bl7XohfDJO7gWa8+Q
JaGpp+Bz9FW2SjaMeLFJmcAZeIfMvDVyh7QOpd8hunreBYcTxhnQTZwiso8TpaKj
w1jEsni0IKHeSH7vL1J1fGUqvCNVszx+WBMwWyr8Kbb8q3Q0lPyS32JhmAfeTxmY
KwuTN8ZT1ssDgRDr00cEoo6NSQQM6fbkdEDake+vIxSzJnn47rsBoNG+8tf4iXNg
QQxAUd7FDdzzV1+Wb2MqztLNj05a8Yd1Dc3YuSCjTefprV/KW6Dx5PS6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX0aJZEY3fgDwszZxvuW8LqDqjYMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvMWZSb2xrUmpkLUFQQ3pObkctNWJ3dW9PcU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVDIMA0G
CSqGSIb3DQEBCwUAA4IBAQARFTLEa3p+ApB8Px5AoFGJLh57W7iE35KNkmTh7IBI
rHlM4Z/mTlVBMYhiO8HcFBWjRH28V/t01QeAkJhuwyQx95MGYRtQqEFyDF8Dp29N
bN+Ylt5O10/+VO1gAMyovy2tdZrsuKXyrO0rZUO1+UeEqrY6GSPbwIk6VPPnYBDN
TISVzgTErNF6WOyaDc3bdgeENnV+A9JicvJowC9LHo6AjLq40z+zeozjxFe8cySi
kIgzR78Zh9gjP34LvTvxhLYuydeFziGM1pY2ZV4L8vUJYxmRA2j+4NjA26EIjyXH
mW24BXXKJseKREJCtuSwF9Qm1NZUZCC0SjySxkmGEDRY
-----END CERTIFICATE-----