This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/uNc9xxeMsmhjoPp_AoWS-X6p82U.roa
File:                     uNc9xxeMsmhjoPp_AoWS-X6p82U.roa (raw, json)
Hash identifier:          Ic5jIOaYkijIZKE1wsb+bGe4vb/8GZ2qRJh6Qu5nzIs=
Subject key identifier:   B8:D7:3D:C7:17:8C:B2:68:63:A0:FA:7F:02:85:92:F9:7E:A9:F3:65
Certificate issuer:       /CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
Certificate serial:       019B7DCB1ECC29CA4DF28268B49486B27155
Authority key identifier: 43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/uNc9xxeMsmhjoPp_AoWS-X6p82U.roa
Signing time:             Fri 02 Jan 2026 08:20:22 +0000
ROA not before:           Fri 02 Jan 2026 08:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200034
IP address blocks:        185.198.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:1e:cc:29:ca:4d:f2:82:68:b4:94:86:b2:71:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
        Validity
            Not Before: Jan  2 08:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8d73dc7178cb26863a0fa7f028592f97ea9f365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:84:70:c4:18:95:91:67:62:8c:09:89:13:a2:
                    9b:c5:fc:ab:bd:5d:77:86:b0:dd:75:17:c8:23:13:
                    2e:2a:a3:b9:7b:f3:7f:de:95:ed:e8:8a:c1:ae:06:
                    95:89:25:f4:06:d2:60:69:ba:54:45:ed:1f:af:95:
                    ea:70:94:0d:a2:e9:32:49:91:be:e5:f4:18:30:2b:
                    b0:7a:ed:73:e7:4a:2a:99:a3:21:32:00:00:f1:1c:
                    57:73:48:73:68:73:3b:b1:79:79:a0:6a:22:76:eb:
                    5a:9c:f4:fe:7e:bb:c0:e0:69:24:f3:0d:81:ef:f8:
                    70:a5:d8:55:30:24:24:8a:8a:56:f1:a4:cd:5c:48:
                    f6:24:1c:84:c8:a9:cc:93:db:43:c3:6b:f8:d0:13:
                    44:82:69:71:6d:dc:41:92:af:6d:da:dc:d3:6b:17:
                    2d:56:02:ad:47:ff:86:63:11:a8:b6:d1:a6:16:c8:
                    4d:28:53:55:89:b3:df:3e:c4:b0:04:fd:b2:d9:52:
                    72:53:c4:17:85:91:b5:e8:2d:ae:d7:89:90:4a:78:
                    61:07:32:7d:dc:75:a4:e8:fe:99:14:d0:fc:70:ad:
                    94:be:6f:a4:0a:5d:25:0d:5c:04:82:1c:03:b6:45:
                    cb:0a:25:46:e2:ad:c4:43:d6:3c:53:5d:f8:96:ce:
                    bd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D7:3D:C7:17:8C:B2:68:63:A0:FA:7F:02:85:92:F9:7E:A9:F3:65
            X509v3 Authority Key Identifier:
                keyid:43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/uNc9xxeMsmhjoPp_AoWS-X6p82U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:96:50:1a:1f:eb:bb:51:1b:30:91:8e:8f:96:4f:c1:f8:d6:
         81:eb:81:be:ff:99:63:ff:22:a9:94:95:f1:b9:bb:89:71:3d:
         0f:3a:2a:71:11:09:88:b1:42:f8:4d:35:1e:15:cb:4b:88:d0:
         f4:c8:19:78:6d:f2:b8:97:db:b9:46:95:ef:ca:94:fe:3d:2e:
         1b:d1:ae:90:a8:37:26:98:2f:29:bd:46:ec:91:3a:0b:4e:50:
         af:10:9f:86:d0:d1:f4:18:ee:7b:9b:b9:0a:b1:d0:04:6b:a9:
         03:cc:3e:83:78:ba:2c:e0:3f:b8:b3:19:da:47:f2:c3:67:72:
         6d:c4:27:f9:24:38:b7:4e:3f:be:14:13:34:d7:3e:35:e6:49:
         2b:98:66:28:ad:fb:f6:c7:6d:48:3a:79:27:67:0f:e3:a6:eb:
         c8:ab:16:0e:ad:ae:ae:a6:43:66:1c:bf:be:ef:e7:fd:15:d5:
         51:98:d6:aa:58:5b:97:d4:50:28:62:97:73:dc:a8:a1:e2:29:
         aa:75:cf:10:1e:87:6c:b8:28:27:70:50:fa:4e:54:f4:10:20:
         1d:ee:18:a0:35:29:83:7a:d3:52:ff:8b:15:16:28:9b:7a:19:
         f1:9c:9c:fa:ea:40:32:9e:f7:2c:eb:0e:8b:d5:11:6e:2b:ec:
         72:c9:9d:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yx7MKcpN8oJotJSGsnFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzODRmNmZhNmRlY2NlZDU1NzhhODVhNTFlMGJkNjU3MDFl
YTM0ZWMwHhcNMjYwMTAyMDgyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQ3M2RjNzE3OGNiMjY4NjNhMGZhN2YwMjg1OTJmOTdlYTlmMzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4RwxBiVkWdijAmJE6KbxfyrvV13
hrDddRfIIxMuKqO5e/N/3pXt6IrBrgaViSX0BtJgabpURe0fr5XqcJQNoukySZG+
5fQYMCuweu1z50oqmaMhMgAA8RxXc0hzaHM7sXl5oGoidutanPT+frvA4Gkk8w2B
7/hwpdhVMCQkiopW8aTNXEj2JByEyKnMk9tDw2v40BNEgmlxbdxBkq9t2tzTaxct
VgKtR/+GYxGottGmFshNKFNVibPfPsSwBP2y2VJyU8QXhZG16C2u14mQSnhhBzJ9
3HWk6P6ZFND8cK2Uvm+kCl0lDVwEghwDtkXLCiVG4q3EQ9Y8U134ls69yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjXPccXjLJoY6D6fwKFkvl+qfNlMB8GA1UdIwQY
MBaAFEOE9vpt7M7VV4qFpR4L1lcB6jTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMt
MWIxM2JkNDU2NmE1LzEvdU5jOXh4ZU1zbWhqb1BwX0FvV1MtWDZwODJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMtMWIxM2JkNDU2NmE1
LzEvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucbQMA0G
CSqGSIb3DQEBCwUAA4IBAQCVllAaH+u7URswkY6Plk/B+NaB64G+/5lj/yKplJXx
ubuJcT0POipxEQmIsUL4TTUeFctLiND0yBl4bfK4l9u5RpXvypT+PS4b0a6QqDcm
mC8pvUbskToLTlCvEJ+G0NH0GO57m7kKsdAEa6kDzD6DeLos4D+4sxnaR/LDZ3Jt
xCf5JDi3Tj++FBM01z415kkrmGYorfv2x21IOnknZw/jpuvIqxYOra6upkNmHL++
7+f9FdVRmNaqWFuX1FAoYpdz3Kih4imqdc8QHodsuCgncFD6TlT0ECAd7higNSmD
etNS/4sVFiibehnxnJz66kAynvcs6w6L1RFuK+xyyZ1U
-----END CERTIFICATE-----