This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/i3on9CwRWohnuAM4s2Rl9AhrdZE.roa
File:                     i3on9CwRWohnuAM4s2Rl9AhrdZE.roa (raw, json)
Hash identifier:          Vlh44JTlsnQVzIraEum+wSjubq+d+jDtdQXXZx3x8P8=
Subject key identifier:   8B:7A:27:F4:2C:11:5A:88:67:B8:03:38:B3:64:65:F4:08:6B:75:91
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019B7E39135C758E8A3DD0C93D04768E6442
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/i3on9CwRWohnuAM4s2Rl9AhrdZE.roa
Signing time:             Fri 02 Jan 2026 10:20:28 +0000
ROA not before:           Fri 02 Jan 2026 10:20:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203004
IP address blocks:        85.143.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:13:5c:75:8e:8a:3d:d0:c9:3d:04:76:8e:64:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  2 10:20:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b7a27f42c115a8867b80338b36465f4086b7591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6a:10:50:22:3f:8a:24:df:dd:9a:f2:79:b9:
                    66:ce:0c:31:dc:8f:eb:f2:16:bd:98:40:bf:c4:84:
                    83:9d:46:22:e5:f2:0a:fa:ce:6f:05:ed:c1:9a:ce:
                    95:7d:6e:70:06:8c:65:8d:6b:dc:70:59:15:2e:f7:
                    b3:6d:f1:36:3e:39:9c:75:34:58:97:fc:16:2c:f6:
                    0f:a6:70:ce:35:7e:b3:67:9e:03:49:ad:e3:4d:1f:
                    06:8f:d3:53:1d:47:fc:c5:12:59:f4:68:e4:d2:9c:
                    e0:06:11:b9:98:24:d6:0e:3c:75:a6:26:5d:13:22:
                    5e:43:e5:d4:c0:36:e2:ef:41:34:51:de:2b:56:8c:
                    9b:62:d7:d0:41:ea:c6:f4:33:12:2f:07:dc:95:60:
                    81:c2:92:23:7c:d3:7c:7a:85:73:cd:8f:3b:0d:d3:
                    2b:9a:6d:e3:74:08:f9:ba:9b:8e:8f:74:3c:82:a9:
                    37:e2:34:99:83:e3:1b:48:4e:c6:4c:73:c9:35:2f:
                    21:a7:73:94:75:e6:fd:bc:18:8d:6a:c7:cb:47:3b:
                    f6:74:3e:3d:00:cc:b7:8c:72:98:78:9f:4c:71:99:
                    d3:44:69:dd:6b:55:36:6f:0d:bb:20:47:51:d0:59:
                    6c:f0:65:9a:2a:24:b1:17:6d:57:8c:ee:74:b0:de:
                    2f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7A:27:F4:2C:11:5A:88:67:B8:03:38:B3:64:65:F4:08:6B:75:91
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/i3on9CwRWohnuAM4s2Rl9AhrdZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:2b:2d:bc:05:19:b0:1c:9c:97:0a:d9:23:f4:dc:b7:18:06:
         d7:4a:53:42:d3:7e:75:f9:98:95:9c:ee:52:b1:9b:e5:bd:ae:
         27:f9:8e:75:57:8e:50:3d:a3:da:23:53:5e:9d:5b:86:38:a9:
         54:5d:a1:2d:d7:8f:86:c9:e9:ca:25:9d:2c:53:0f:1e:18:5d:
         8c:3b:08:0c:62:a8:8b:19:d4:93:2e:a6:bc:7c:22:d3:5a:0b:
         fe:79:12:51:91:47:35:ec:d2:2e:df:ac:a4:21:60:17:ae:b9:
         14:91:f6:d2:02:92:3b:3f:4f:ed:5f:7e:49:9f:38:af:44:71:
         e2:1a:24:6a:4e:f7:eb:46:f8:a2:84:af:15:0e:12:2c:73:d8:
         61:21:98:b5:5e:c6:3f:a3:7d:7f:f8:02:6d:3d:1b:03:c4:19:
         2d:34:25:7b:18:bc:ca:c0:0f:99:15:36:ee:36:e5:74:09:7c:
         d3:25:ac:ed:81:7d:32:89:9a:76:f0:f6:7d:d3:c8:aa:df:d2:
         e6:0e:aa:f2:07:b6:ba:e4:eb:36:3a:26:7a:0d:55:04:51:a7:
         39:cf:b3:bb:e9:b2:0c:64:4e:44:33:00:81:e0:99:5c:6f:64:
         a4:12:9b:e0:7a:6e:85:54:76:b4:d0:13:80:6a:5e:78:ba:33:
         94:74:00:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ORNcdY6KPdDJPQR2jmRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMTAyMTAyMDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjdhMjdmNDJjMTE1YTg4NjdiODAzMzhiMzY0NjVmNDA4NmI3NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGoQUCI/iiTf3Zryeblmzgwx3I/r
8ha9mEC/xISDnUYi5fIK+s5vBe3Bms6VfW5wBoxljWvccFkVLvezbfE2PjmcdTRY
l/wWLPYPpnDONX6zZ54DSa3jTR8Gj9NTHUf8xRJZ9Gjk0pzgBhG5mCTWDjx1piZd
EyJeQ+XUwDbi70E0Ud4rVoybYtfQQerG9DMSLwfclWCBwpIjfNN8eoVzzY87DdMr
mm3jdAj5upuOj3Q8gqk34jSZg+MbSE7GTHPJNS8hp3OUdeb9vBiNasfLRzv2dD49
AMy3jHKYeJ9McZnTRGnda1U2bw27IEdR0Fls8GWaKiSxF21XjO50sN4vnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIt6J/QsEVqIZ7gDOLNkZfQIa3WRMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvaTNvbjlDd1JXb2hudUFNNHMyUmw5QWhyZFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/KMA0G
CSqGSIb3DQEBCwUAA4IBAQCYKy28BRmwHJyXCtkj9Ny3GAbXSlNC0351+ZiVnO5S
sZvlva4n+Y51V45QPaPaI1NenVuGOKlUXaEt14+GyenKJZ0sUw8eGF2MOwgMYqiL
GdSTLqa8fCLTWgv+eRJRkUc17NIu36ykIWAXrrkUkfbSApI7P0/tX35JnzivRHHi
GiRqTvfrRviihK8VDhIsc9hhIZi1XsY/o31/+AJtPRsDxBktNCV7GLzKwA+ZFTbu
NuV0CXzTJaztgX0yiZp28PZ908iq39LmDqryB7a65Os2OiZ6DVUEUac5z7O76bIM
ZE5EMwCB4Jlcb2SkEpvgem6FVHa00BOAal54ujOUdACg
-----END CERTIFICATE-----