This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/I3Cwe_JfIHDw-5FguYkJbkBPot8.roa
File:                     I3Cwe_JfIHDw-5FguYkJbkBPot8.roa (raw, json)
Hash identifier:          NhXNbLKSK6Zii6NTvjleq3atjNt9Qq9hOl62FzoteKA=
Subject key identifier:   23:70:B0:7B:F2:5F:20:70:F0:FB:91:60:B9:89:09:6E:40:4F:A2:DF
Certificate issuer:       /CN=f69527a06a035cbcaecf00daca2fd88399cf9d12
Certificate serial:       019B7E38780F91191A8D888ACFF9D432FF08
Authority key identifier: F6:95:27:A0:6A:03:5C:BC:AE:CF:00:DA:CA:2F:D8:83:99:CF:9D:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/I3Cwe_JfIHDw-5FguYkJbkBPot8.roa
Signing time:             Fri 02 Jan 2026 10:19:48 +0000
ROA not before:           Fri 02 Jan 2026 10:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44407
IP address blocks:        185.235.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:78:0f:91:19:1a:8d:88:8a:cf:f9:d4:32:ff:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f69527a06a035cbcaecf00daca2fd88399cf9d12
        Validity
            Not Before: Jan  2 10:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2370b07bf25f2070f0fb9160b989096e404fa2df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:30:13:38:cf:4a:18:8a:84:ec:92:e2:38:
                    7a:f5:c5:6d:66:b7:14:6e:e3:7c:94:ce:72:87:2a:
                    ca:b5:ba:6e:2a:b2:01:b0:ea:f6:e6:f2:ff:eb:00:
                    28:a6:30:4a:49:60:48:a1:ce:87:16:85:59:61:ad:
                    96:e2:71:c5:65:68:b2:df:7c:a5:f4:3e:1c:d9:1c:
                    a9:c5:1e:ad:78:bf:00:28:c8:db:aa:ee:2d:b6:10:
                    f2:9e:59:46:18:68:e8:b3:70:1c:74:92:64:ee:a2:
                    29:af:b6:5d:36:43:8a:8b:a5:26:f8:ee:4b:90:bf:
                    0d:93:9c:cd:9a:07:ac:06:47:1c:4a:5b:c4:75:45:
                    47:7e:ad:36:0a:1f:02:28:f7:01:df:15:b4:05:7e:
                    0b:ec:86:e5:d5:a8:15:4e:d4:46:c1:87:2f:c3:d8:
                    c2:6b:a5:eb:7d:59:79:54:ac:5a:8e:c6:f6:fb:85:
                    8e:26:6a:8b:0d:95:7d:87:bd:cf:76:1b:82:b1:d9:
                    28:db:4c:da:76:6e:55:4c:2f:41:80:e0:21:21:00:
                    6c:7a:d2:73:4f:cd:25:3f:86:04:47:9d:bf:b7:06:
                    01:41:cf:54:a9:b4:2f:bd:1d:27:2a:0b:67:fb:71:
                    89:b7:28:83:26:99:f8:53:c1:69:50:ad:30:9f:d6:
                    2d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:70:B0:7B:F2:5F:20:70:F0:FB:91:60:B9:89:09:6E:40:4F:A2:DF
            X509v3 Authority Key Identifier:
                keyid:F6:95:27:A0:6A:03:5C:BC:AE:CF:00:DA:CA:2F:D8:83:99:CF:9D:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/I3Cwe_JfIHDw-5FguYkJbkBPot8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:18:0f:9d:fb:bd:f2:4e:e9:a8:96:33:37:5b:bd:34:39:aa:
         95:21:a1:87:3c:3f:ca:1f:2b:de:57:54:88:11:9e:b4:bb:e3:
         74:8f:20:79:59:63:0c:5c:3e:eb:59:0c:30:bd:a6:15:22:8a:
         68:15:e0:99:dc:cf:cc:64:ab:65:9f:7a:55:01:cf:bd:f4:4b:
         19:69:12:2f:bf:74:18:9b:43:e7:f9:61:9f:d6:91:ab:a6:f3:
         c1:f5:1b:cf:e0:76:1e:4f:9e:c4:78:24:b7:52:af:d3:eb:94:
         74:d4:02:5a:0d:2e:da:e7:ae:af:a1:55:e4:3a:30:1a:43:b7:
         a2:58:3b:15:96:a4:56:8c:86:38:0f:fe:54:da:f9:ec:a3:06:
         8f:c8:9c:54:60:08:b5:b5:f9:33:f7:31:c4:d0:27:62:81:3b:
         06:cf:03:3b:f7:41:11:a9:75:30:0d:e1:84:41:8e:ce:cf:79:
         6c:81:c9:24:a5:e2:ed:e3:89:df:dd:c0:ff:c9:81:97:02:8c:
         fa:9f:3e:a0:15:a3:5f:0d:d3:84:9a:ca:72:35:8b:b5:eb:e9:
         7d:70:6b:19:6b:47:3f:df:08:69:19:9b:86:11:16:dc:2e:ae:
         10:57:56:d3:b1:12:ee:c3:df:db:66:a6:c7:57:d6:0d:de:3b:
         ce:4c:9e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHgPkRkajYiKz/nUMv8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTUyN2EwNmEwMzVjYmNhZWNmMDBkYWNhMmZkODgzOTlj
ZjlkMTIwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzcwYjA3YmYyNWYyMDcwZjBmYjkxNjBiOTg5MDk2ZTQwNGZhMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR8wEzjPShiKhOyS4jh69cVtZrcU
buN8lM5yhyrKtbpuKrIBsOr25vL/6wAopjBKSWBIoc6HFoVZYa2W4nHFZWiy33yl
9D4c2RypxR6teL8AKMjbqu4tthDynllGGGjos3AcdJJk7qIpr7ZdNkOKi6Um+O5L
kL8Nk5zNmgesBkccSlvEdUVHfq02Ch8CKPcB3xW0BX4L7Ibl1agVTtRGwYcvw9jC
a6XrfVl5VKxajsb2+4WOJmqLDZV9h73PdhuCsdko20zadm5VTC9BgOAhIQBsetJz
T80lP4YER52/twYBQc9UqbQvvR0nKgtn+3GJtyiDJpn4U8FpUK0wn9YtGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNwsHvyXyBw8PuRYLmJCW5AT6LfMB8GA1UdIwQY
MBaAFPaVJ6BqA1y8rs8A2sov2IOZz50SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBVbm9Hb0RYTHl1endEYXlpX1lnNW5QblJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kNDU1MzEtZDZjOC00ZGNlLWI2MDYt
ODVjODU1MjI3YjIzLzEvSTNDd2VfSmZJSER3LTVGZ3VZa0pia0JQb3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kNDU1MzEtZDZjOC00ZGNlLWI2MDYtODVjODU1MjI3YjIz
LzEvOXBVbm9Hb0RYTHl1endEYXlpX1lnNW5QblJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuetoMA0G
CSqGSIb3DQEBCwUAA4IBAQCCGA+d+73yTumoljM3W700OaqVIaGHPD/KHyveV1SI
EZ60u+N0jyB5WWMMXD7rWQwwvaYVIopoFeCZ3M/MZKtln3pVAc+99EsZaRIvv3QY
m0Pn+WGf1pGrpvPB9RvP4HYeT57EeCS3Uq/T65R01AJaDS7a566voVXkOjAaQ7ei
WDsVlqRWjIY4D/5U2vnsowaPyJxUYAi1tfkz9zHE0CdigTsGzwM790ERqXUwDeGE
QY7Oz3lsgckkpeLt44nf3cD/yYGXAoz6nz6gFaNfDdOEmspyNYu16+l9cGsZa0c/
3whpGZuGERbcLq4QV1bTsRLuw9/bZqbHV9YN3jvOTJ51
-----END CERTIFICATE-----