This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/jThJ8zyPfDON0l1aonw1ID8g1mg.roa
File:                     jThJ8zyPfDON0l1aonw1ID8g1mg.roa (raw, json)
Hash identifier:          jThi472vhZRzgny5FoiQHNxN0cWcyfPRCG/AaRi78ZE=
Subject key identifier:   8D:38:49:F3:3C:8F:7C:33:8D:D2:5D:5A:A2:7C:35:20:3F:20:D6:68
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019B7BA535CF4A48288EC97A5465D07C058F
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/jThJ8zyPfDON0l1aonw1ID8g1mg.roa
Signing time:             Thu 01 Jan 2026 22:19:43 +0000
ROA not before:           Thu 01 Jan 2026 22:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53616
IP address blocks:        185.219.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:35:cf:4a:48:28:8e:c9:7a:54:65:d0:7c:05:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jan  1 22:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d3849f33c8f7c338dd25d5aa27c35203f20d668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e4:87:b6:2a:e3:52:3f:46:19:ff:c7:03:f7:
                    87:4f:5f:29:fa:c0:4a:ca:23:f6:87:68:03:c6:22:
                    29:62:28:a5:78:91:78:c9:32:05:0f:c7:e4:1d:66:
                    01:d7:48:10:28:a2:3e:89:a3:3a:51:57:6a:34:73:
                    06:6c:f9:36:1e:7f:8c:c8:1f:50:2b:5c:4f:f7:ae:
                    4b:f3:60:7b:75:4b:8c:d3:d8:64:d3:ae:78:3d:1c:
                    0e:65:37:54:d2:93:89:6a:9f:22:1a:47:da:27:63:
                    14:eb:cc:1f:b0:d8:2f:b4:ae:e3:ff:48:a6:79:a9:
                    f6:f3:87:a2:fa:3f:6c:51:75:53:3f:4b:12:7b:1d:
                    b5:ef:49:3a:91:b0:83:e6:25:84:34:d4:bc:d1:46:
                    df:6a:51:75:ab:e2:7d:16:a2:95:ac:e2:13:26:14:
                    20:0a:45:5b:ae:e1:6a:bb:1c:ef:81:d8:c7:f0:e6:
                    97:ca:29:ed:59:c0:40:7d:c0:95:91:74:28:ba:9d:
                    10:2e:fd:3d:30:16:1f:45:9a:89:b2:0e:a7:f1:36:
                    80:8f:84:87:ee:ba:29:27:5d:71:8b:51:8a:26:85:
                    70:41:2d:d7:73:cd:f2:7b:12:82:ec:b0:31:91:0e:
                    1f:66:89:65:b8:1d:df:6d:85:6e:9e:6e:ec:4f:18:
                    ec:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:38:49:F3:3C:8F:7C:33:8D:D2:5D:5A:A2:7C:35:20:3F:20:D6:68
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/jThJ8zyPfDON0l1aonw1ID8g1mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:bf:75:f1:eb:27:da:d3:35:56:e4:68:8d:d0:cb:5d:42:69:
         ad:56:8d:ac:f6:d5:d7:37:34:c6:7e:b2:1d:15:69:52:dd:a1:
         3d:cf:d6:85:a4:8a:14:e7:45:f0:88:2a:82:6f:27:db:88:b2:
         68:0e:ca:f9:b4:ba:28:29:cc:0a:35:af:e4:86:3c:11:f2:6f:
         59:a5:b9:d7:fe:61:c7:fb:00:7a:85:60:a1:55:0b:b1:fe:87:
         75:94:10:ce:22:27:bc:f4:d5:21:65:60:04:d6:48:64:48:2c:
         47:17:2d:9f:49:45:12:36:9b:bc:92:d7:44:8b:3c:7b:56:07:
         3a:6d:63:33:0e:b0:77:37:56:94:cc:7c:02:f6:57:a4:aa:4a:
         8f:79:43:79:16:2c:aa:59:cd:2f:ef:f8:71:98:a6:2e:9b:e9:
         71:05:2e:d5:68:c3:3d:33:06:d3:89:fc:2c:c9:5c:1a:8f:27:
         d0:d4:4c:59:a8:73:61:24:24:ac:a4:1b:df:d7:40:b3:e3:6d:
         c9:f7:f0:ea:b6:15:a1:8d:0d:d5:6f:ff:59:79:26:3e:c7:60:
         af:89:05:6c:04:00:f5:16:64:04:cf:61:23:a5:83:ae:2d:9d:
         cc:6a:60:70:92:6e:bd:55:b9:0c:35:69:49:4b:db:75:d0:ec:
         1a:06:69:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTXPSkgojsl6VGXQfAWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMTAxMjIxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDM4NDlmMzNjOGY3YzMzOGRkMjVkNWFhMjdjMzUyMDNmMjBkNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOSHtirjUj9GGf/HA/eHT18p+sBK
yiP2h2gDxiIpYiileJF4yTIFD8fkHWYB10gQKKI+iaM6UVdqNHMGbPk2Hn+MyB9Q
K1xP965L82B7dUuM09hk0654PRwOZTdU0pOJap8iGkfaJ2MU68wfsNgvtK7j/0im
ean284ei+j9sUXVTP0sSex2170k6kbCD5iWENNS80UbfalF1q+J9FqKVrOITJhQg
CkVbruFquxzvgdjH8OaXyintWcBAfcCVkXQoup0QLv09MBYfRZqJsg6n8TaAj4SH
7ropJ11xi1GKJoVwQS3Xc83yexKC7LAxkQ4fZolluB3fbYVunm7sTxjsMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI04SfM8j3wzjdJdWqJ8NSA/INZoMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvalRoSjh6eVBmRE9OMGwxYW9udzFJRDhnMW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu9MA0G
CSqGSIb3DQEBCwUAA4IBAQAcv3Xx6yfa0zVW5GiN0MtdQmmtVo2s9tXXNzTGfrId
FWlS3aE9z9aFpIoU50XwiCqCbyfbiLJoDsr5tLooKcwKNa/khjwR8m9ZpbnX/mHH
+wB6hWChVQux/od1lBDOIie89NUhZWAE1khkSCxHFy2fSUUSNpu8ktdEizx7Vgc6
bWMzDrB3N1aUzHwC9lekqkqPeUN5FiyqWc0v7/hxmKYum+lxBS7VaMM9MwbTifws
yVwajyfQ1ExZqHNhJCSspBvf10Cz423J9/DqthWhjQ3Vb/9ZeSY+x2CviQVsBAD1
FmQEz2EjpYOuLZ3MamBwkm69VbkMNWlJS9t10OwaBmnG
-----END CERTIFICATE-----