This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/t8_eAr8m1XQ9EztDOpyeXpfZBPU.roa
File:                     t8_eAr8m1XQ9EztDOpyeXpfZBPU.roa (raw, json)
Hash identifier:          0uzPzAl2BTt7yUaKYAhuSXCA7BbVVQEBGvtYZp9iO+0=
Subject key identifier:   B7:CF:DE:02:BF:26:D5:74:3D:13:3B:43:3A:9C:9E:5E:97:D9:04:F5
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       019B76EB271C17421900BB7273B24BFD2104
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/t8_eAr8m1XQ9EztDOpyeXpfZBPU.roa
Signing time:             Thu 01 Jan 2026 00:18:00 +0000
ROA not before:           Thu 01 Jan 2026 00:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58119
IP address blocks:        185.220.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:27:1c:17:42:19:00:bb:72:73:b2:4b:fd:21:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 00:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7cfde02bf26d5743d133b433a9c9e5e97d904f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:f3:f2:02:be:5c:95:a4:0b:e0:f0:fc:51:
                    32:94:1d:50:db:81:96:8d:5f:76:35:07:a3:86:39:
                    a4:46:95:4b:a7:a8:44:7d:28:d0:ce:f1:71:80:d8:
                    52:2b:0a:13:dd:f1:8d:4d:7e:a2:5f:aa:62:b4:90:
                    1c:7e:51:7a:91:dd:dd:94:80:46:d1:6c:1b:a6:c7:
                    9c:0e:69:00:b0:70:8e:f2:aa:02:0d:4c:0b:cb:a9:
                    4a:94:96:7c:6a:67:4e:df:e7:98:ac:89:a0:41:05:
                    1c:fc:b8:c5:c5:97:16:ef:56:91:ef:b9:53:35:34:
                    2c:63:e3:a3:70:dc:ca:44:4e:7e:5c:35:7e:f3:31:
                    f1:f5:70:d5:25:78:37:1a:8e:67:e8:fc:5f:92:3f:
                    88:32:5e:31:fa:1a:64:90:b9:11:90:0e:0b:5b:e0:
                    0f:0e:8a:8a:d1:74:62:b7:a1:35:f8:69:1d:99:87:
                    09:85:46:bc:fa:71:86:1d:89:e4:12:a6:b7:0a:ce:
                    ff:83:45:d9:51:7f:12:8d:23:68:ab:b1:7e:07:45:
                    3d:b1:f9:e9:5e:a0:31:c5:f7:31:df:98:3c:70:26:
                    50:ae:de:69:49:e7:95:63:c5:4e:a0:21:b6:97:2d:
                    16:95:e2:00:7a:b5:7a:f2:68:92:e4:21:81:51:f2:
                    6a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CF:DE:02:BF:26:D5:74:3D:13:3B:43:3A:9C:9E:5E:97:D9:04:F5
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/t8_eAr8m1XQ9EztDOpyeXpfZBPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:6a:7c:60:d7:24:ae:32:c6:21:6c:c4:e2:b4:4c:6c:2f:7e:
         0c:fd:2c:88:82:88:8f:08:25:5c:96:b5:fc:de:0a:53:af:63:
         d6:cf:c5:b4:38:d9:d3:c9:2e:33:b1:79:c1:5f:fb:c4:13:71:
         16:e4:35:26:4a:78:8a:83:7e:b8:c2:bb:52:dd:74:7e:2a:9a:
         19:db:69:99:d7:00:01:9f:86:6f:ec:4b:45:db:90:22:88:a4:
         1d:d1:30:84:68:98:79:d1:42:23:a1:11:e7:54:c3:46:c2:68:
         b0:36:5b:cb:43:3e:d9:26:80:99:7e:77:35:af:0f:10:e0:bb:
         ed:1f:3a:a2:93:fe:0d:db:c9:b1:fc:f9:cb:95:76:fb:53:e9:
         d6:a5:71:0b:52:10:e8:fd:96:f1:ba:e6:32:c1:ba:78:f5:63:
         62:99:41:25:27:2c:75:69:89:f0:5d:5e:38:a8:5f:c1:47:35:
         23:be:81:50:bb:2d:26:08:30:34:ed:69:99:2d:5e:a2:24:7b:
         cc:8d:c4:70:cd:9e:77:13:99:ee:4b:f6:69:fc:c5:8f:99:fe:
         67:68:a3:51:41:e4:53:a1:db:0f:e6:50:f8:63:ce:1e:09:e1:
         06:49:d1:3e:79:a3:65:a8:d7:1d:bc:d2:81:9f:c9:97:0f:cf:
         e4:49:75:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26yccF0IZALtyc7JL/SEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjYwMTAxMDAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2NmZGUwMmJmMjZkNTc0M2QxMzNiNDMzYTljOWU1ZTk3ZDkwNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8zz8gK+XJWkC+Dw/FEylB1Q24GW
jV92NQejhjmkRpVLp6hEfSjQzvFxgNhSKwoT3fGNTX6iX6pitJAcflF6kd3dlIBG
0WwbpsecDmkAsHCO8qoCDUwLy6lKlJZ8amdO3+eYrImgQQUc/LjFxZcW71aR77lT
NTQsY+OjcNzKRE5+XDV+8zHx9XDVJXg3Go5n6Pxfkj+IMl4x+hpkkLkRkA4LW+AP
DoqK0XRit6E1+GkdmYcJhUa8+nGGHYnkEqa3Cs7/g0XZUX8SjSNoq7F+B0U9sfnp
XqAxxfcx35g8cCZQrt5pSeeVY8VOoCG2ly0WleIAerV68miS5CGBUfJqmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfP3gK/JtV0PRM7Qzqcnl6X2QT1MB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvdDhfZUFyOG0xWFE5RXp0RE9weWVYcGZaQlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudyQMA0G
CSqGSIb3DQEBCwUAA4IBAQDmanxg1ySuMsYhbMTitExsL34M/SyIgoiPCCVclrX8
3gpTr2PWz8W0ONnTyS4zsXnBX/vEE3EW5DUmSniKg364wrtS3XR+KpoZ22mZ1wAB
n4Zv7EtF25AiiKQd0TCEaJh50UIjoRHnVMNGwmiwNlvLQz7ZJoCZfnc1rw8Q4Lvt
Hzqik/4N28mx/PnLlXb7U+nWpXELUhDo/ZbxuuYywbp49WNimUElJyx1aYnwXV44
qF/BRzUjvoFQuy0mCDA07WmZLV6iJHvMjcRwzZ53E5nuS/Zp/MWPmf5naKNRQeRT
odsP5lD4Y84eCeEGSdE+eaNlqNcdvNKBn8mXD8/kSXWN
-----END CERTIFICATE-----