This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/8StX0WxvVxL5fDtFqnpRuPragb8.roa
File:                     8StX0WxvVxL5fDtFqnpRuPragb8.roa (raw, json)
Hash identifier:          KTc11CLRkDoDh2bPnpdqQKRTLCJiEbLK9vVpkNsL14o=
Subject key identifier:   F1:2B:57:D1:6C:6F:57:12:F9:7C:3B:45:AA:7A:51:B8:FA:DA:81:BF
Certificate issuer:       /CN=3b3a05dbb9c77fa16ed10469747a5c6e6eab88de
Certificate serial:       019B7A5AED9D6A5D8AE1FCA0E91F2266749A
Authority key identifier: 3B:3A:05:DB:B9:C7:7F:A1:6E:D1:04:69:74:7A:5C:6E:6E:AB:88:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/8StX0WxvVxL5fDtFqnpRuPragb8.roa
Signing time:             Thu 01 Jan 2026 16:18:57 +0000
ROA not before:           Thu 01 Jan 2026 16:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        185.133.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ed:9d:6a:5d:8a:e1:fc:a0:e9:1f:22:66:74:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b3a05dbb9c77fa16ed10469747a5c6e6eab88de
        Validity
            Not Before: Jan  1 16:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f12b57d16c6f5712f97c3b45aa7a51b8fada81bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:18:af:a9:6b:ac:67:f9:4b:ff:4f:5f:5e:b8:
                    25:1e:81:d4:45:20:54:a9:a3:40:b5:f7:11:a6:bd:
                    4a:0f:1d:c2:87:a0:da:a7:56:64:65:12:8e:40:fb:
                    1e:92:0b:59:d6:13:1f:89:08:2c:d9:c6:f7:5e:44:
                    1f:1d:8f:e3:26:91:46:9e:6f:97:73:e3:d3:4a:19:
                    42:90:2b:03:d1:b9:a0:8e:a9:52:ba:95:42:41:c7:
                    d0:32:2c:48:be:a6:aa:94:83:07:1a:5f:c5:93:47:
                    dc:42:1d:1d:da:71:2c:00:01:c3:3e:0d:42:27:90:
                    fc:82:d8:35:7c:4a:35:03:fd:b0:ed:2a:53:74:49:
                    f9:99:65:ed:db:e0:d0:f7:a6:80:9c:33:a4:7a:58:
                    18:ba:b2:4c:63:9e:2f:b1:ac:c8:58:a7:f0:38:a5:
                    25:bf:cc:81:8c:ab:3f:69:00:e7:cd:67:28:4d:f3:
                    37:6d:34:80:9b:06:68:9b:a4:c0:1a:dd:50:45:4c:
                    5a:e1:b5:36:cd:7f:e0:b4:59:ab:e8:48:37:50:9f:
                    ee:cb:65:73:e5:90:45:93:ea:0b:eb:e0:e0:40:57:
                    87:de:8a:ce:27:d5:74:b2:8a:03:02:59:bb:45:81:
                    d0:a3:3a:49:26:c2:e1:9b:56:56:13:aa:d9:8e:ac:
                    01:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2B:57:D1:6C:6F:57:12:F9:7C:3B:45:AA:7A:51:B8:FA:DA:81:BF
            X509v3 Authority Key Identifier:
                keyid:3B:3A:05:DB:B9:C7:7F:A1:6E:D1:04:69:74:7A:5C:6E:6E:AB:88:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/8StX0WxvVxL5fDtFqnpRuPragb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:9b:b6:38:41:26:68:6e:dd:ec:ce:d2:d7:ee:d9:75:4e:89:
         b9:54:be:df:f3:a0:f5:fd:a6:2a:31:c9:5e:ef:8f:b5:6e:cd:
         24:ba:9e:a9:7e:01:41:b7:6a:03:4d:15:09:35:27:9d:aa:61:
         83:74:ab:dd:03:72:1e:32:cd:33:a4:ff:0d:6d:e5:03:0d:da:
         7e:10:8b:0f:91:82:10:27:f7:41:37:25:41:04:e5:91:bb:d2:
         63:67:20:2a:31:da:0a:a0:bd:9b:ca:11:51:0f:52:06:0f:11:
         3d:1d:50:56:a0:3c:e5:5a:95:c4:62:c7:63:5a:31:54:a4:d5:
         86:16:5a:26:57:39:7f:e2:55:67:a1:ef:b0:ac:2f:2d:05:0d:
         32:5f:8d:89:0b:81:76:b0:24:86:4d:81:c0:f7:7a:cd:c7:ca:
         9e:d6:b6:68:e0:90:d9:00:1b:29:88:8d:c5:18:e4:53:0e:77:
         96:52:81:39:a4:6d:8e:c6:1a:35:ac:e8:a5:4f:7d:a9:31:ac:
         77:4f:d4:5e:5f:11:e4:b5:37:7b:38:1d:95:0d:75:c4:97:75:
         4a:2f:53:d3:c0:f7:96:fe:2a:d4:37:ce:fa:fb:f9:26:b6:6d:
         6b:19:cb:25:eb:98:29:99:89:69:80:68:7c:13:95:4b:69:a9:
         68:94:39:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wu2dal2K4fyg6R8iZnSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2EwNWRiYjljNzdmYTE2ZWQxMDQ2OTc0N2E1YzZlNmVh
Yjg4ZGUwHhcNMjYwMTAxMTYxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTJiNTdkMTZjNmY1NzEyZjk3YzNiNDVhYTdhNTFiOGZhZGE4MWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphivqWusZ/lL/09fXrglHoHURSBU
qaNAtfcRpr1KDx3Ch6Dap1ZkZRKOQPsekgtZ1hMfiQgs2cb3XkQfHY/jJpFGnm+X
c+PTShlCkCsD0bmgjqlSupVCQcfQMixIvqaqlIMHGl/Fk0fcQh0d2nEsAAHDPg1C
J5D8gtg1fEo1A/2w7SpTdEn5mWXt2+DQ96aAnDOkelgYurJMY54vsazIWKfwOKUl
v8yBjKs/aQDnzWcoTfM3bTSAmwZom6TAGt1QRUxa4bU2zX/gtFmr6Eg3UJ/uy2Vz
5ZBFk+oL6+DgQFeH3orOJ9V0sooDAlm7RYHQozpJJsLhm1ZWE6rZjqwB5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPErV9Fsb1cS+Xw7Rap6Ubj62oG/MB8GA1UdIwQY
MBaAFDs6Bdu5x3+hbtEEaXR6XG5uq4jeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pvRjI3bkhmNkZ1MFFScGRIcGNibTZyaU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS81YWEwNWEtNzIwZS00ZDU2LWEzYTgt
YTAxYzM3Yjg4NzI4LzEvOFN0WDBXeHZWeEw1ZkR0RnFucFJ1UHJhZ2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS81YWEwNWEtNzIwZS00ZDU2LWEzYTgtYTAxYzM3Yjg4NzI4
LzEvT3pvRjI3bkhmNkZ1MFFScGRIcGNibTZyaU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYV9MA0G
CSqGSIb3DQEBCwUAA4IBAQCgm7Y4QSZobt3sztLX7tl1Tom5VL7f86D1/aYqMcle
74+1bs0kup6pfgFBt2oDTRUJNSedqmGDdKvdA3IeMs0zpP8NbeUDDdp+EIsPkYIQ
J/dBNyVBBOWRu9JjZyAqMdoKoL2byhFRD1IGDxE9HVBWoDzlWpXEYsdjWjFUpNWG
FlomVzl/4lVnoe+wrC8tBQ0yX42JC4F2sCSGTYHA93rNx8qe1rZo4JDZABspiI3F
GORTDneWUoE5pG2Oxho1rOilT32pMax3T9ReXxHktTd7OB2VDXXEl3VKL1PTwPeW
/irUN876+/kmtm1rGcsl65gpmYlpgGh8E5VLaalolDkz
-----END CERTIFICATE-----