This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/apYOCQON8Q50nYzp4ypso-jbqys.roa
File:                     apYOCQON8Q50nYzp4ypso-jbqys.roa (raw, json)
Hash identifier:          GBiBhZg5+hSaQBI+hKWqc24pEoVUkpkEuUna1OBDqxw=
Subject key identifier:   6A:96:0E:09:03:8D:F1:0E:74:9D:8C:E9:E3:2A:6C:A3:E8:DB:AB:2B
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       019B77C7258DD76416CFD72B69D84696973D
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/apYOCQON8Q50nYzp4ypso-jbqys.roa
Signing time:             Thu 01 Jan 2026 04:18:18 +0000
ROA not before:           Thu 01 Jan 2026 04:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50129
IP address blocks:        185.104.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:25:8d:d7:64:16:cf:d7:2b:69:d8:46:96:97:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan  1 04:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a960e09038df10e749d8ce9e32a6ca3e8dbab2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d5:90:93:24:13:8c:65:ce:02:6f:e1:c3:60:
                    df:69:25:75:57:0e:71:6d:8b:a4:8a:9b:f7:06:8c:
                    a5:50:34:6c:34:f7:81:97:0c:35:46:8b:22:54:61:
                    b4:cc:b5:bd:f2:bc:68:3d:c7:61:74:5c:af:8c:d9:
                    fb:34:5a:0f:17:30:13:0c:d2:b3:de:26:5c:28:f5:
                    29:bb:c8:62:69:0c:e4:6e:62:11:a6:33:d4:31:4a:
                    6c:19:d4:96:77:62:88:b5:7f:e5:3a:66:f4:22:7f:
                    00:60:58:a7:28:9d:14:fc:84:35:8e:d7:ca:1a:9d:
                    85:56:8a:b3:63:42:d1:72:9e:2f:94:cd:ba:41:aa:
                    8e:68:2a:80:20:33:f5:bc:7c:9c:75:af:8e:65:97:
                    9d:72:79:25:3e:3f:fd:cc:3b:db:b5:00:83:13:92:
                    08:d2:f6:53:39:e8:03:43:c6:59:67:c9:bf:83:47:
                    16:78:e8:23:40:bb:6e:f9:f4:8c:d3:73:76:4e:e2:
                    1e:99:66:e1:fe:bb:d0:1d:65:d0:40:11:03:42:c9:
                    bf:50:f8:7d:30:a0:40:a2:9f:a3:85:0d:1d:f1:3e:
                    38:de:12:1b:5d:d6:27:4a:c5:63:76:87:b1:19:d1:
                    73:eb:e2:e0:3c:e8:62:24:da:91:fa:1f:27:35:72:
                    d6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:96:0E:09:03:8D:F1:0E:74:9D:8C:E9:E3:2A:6C:A3:E8:DB:AB:2B
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/apYOCQON8Q50nYzp4ypso-jbqys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c1:f4:75:41:9d:f2:77:6a:67:d0:f3:60:63:f9:c9:7d:f9:
         21:67:31:e2:67:42:af:74:e7:03:fc:de:a7:e1:a9:4a:e7:11:
         7b:f1:a2:95:1c:5e:00:a5:6d:de:54:cb:a3:7c:e0:a4:57:88:
         d7:94:a6:4c:55:b4:82:bd:47:b7:67:7b:35:7f:28:88:35:97:
         6f:ec:64:cc:77:fd:44:b9:5c:f7:03:be:66:c3:28:01:a3:f8:
         4b:bb:6e:dc:3f:2d:33:7f:ea:71:29:6d:2b:22:1e:52:0a:aa:
         ae:5b:81:52:2a:47:e2:72:6b:c6:c9:e6:03:0f:5b:5a:f7:b3:
         37:77:f6:3e:4c:8e:3f:6f:62:36:be:8f:21:65:e7:78:1a:f8:
         72:e0:21:ac:2e:ae:50:15:5b:46:9a:04:40:ad:04:d4:b1:d2:
         07:14:84:4f:0d:16:bd:24:29:aa:6a:82:19:f0:15:bb:46:20:
         89:1e:b2:18:cc:4d:aa:48:3e:b9:2e:14:dd:7c:80:48:28:a1:
         63:1c:c5:96:3d:df:6d:88:97:c7:93:63:4d:2a:36:20:55:98:
         54:06:0e:dd:9f:8c:50:6b:7f:77:cf:97:49:ea:b1:cf:59:c8:
         61:b9:6d:53:f3:1c:54:82:69:29:52:be:8e:7c:50:5d:92:e0:
         d2:d1:e4:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyWN12QWz9cradhGlpc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjYwMTAxMDQxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk2MGUwOTAzOGRmMTBlNzQ5ZDhjZTllMzJhNmNhM2U4ZGJhYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNWQkyQTjGXOAm/hw2DfaSV1Vw5x
bYukipv3BoylUDRsNPeBlww1RosiVGG0zLW98rxoPcdhdFyvjNn7NFoPFzATDNKz
3iZcKPUpu8hiaQzkbmIRpjPUMUpsGdSWd2KItX/lOmb0In8AYFinKJ0U/IQ1jtfK
Gp2FVoqzY0LRcp4vlM26QaqOaCqAIDP1vHycda+OZZedcnklPj/9zDvbtQCDE5II
0vZTOegDQ8ZZZ8m/g0cWeOgjQLtu+fSM03N2TuIemWbh/rvQHWXQQBEDQsm/UPh9
MKBAop+jhQ0d8T443hIbXdYnSsVjdoexGdFz6+LgPOhiJNqR+h8nNXLWbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqWDgkDjfEOdJ2M6eMqbKPo26srMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvYXBZT0NRT044UTUwbll6cDR5cHNvLWpicXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWiZMA0G
CSqGSIb3DQEBCwUAA4IBAQCdwfR1QZ3yd2pn0PNgY/nJffkhZzHiZ0KvdOcD/N6n
4alK5xF78aKVHF4ApW3eVMujfOCkV4jXlKZMVbSCvUe3Z3s1fyiINZdv7GTMd/1E
uVz3A75mwygBo/hLu27cPy0zf+pxKW0rIh5SCqquW4FSKkficmvGyeYDD1ta97M3
d/Y+TI4/b2I2vo8hZed4Gvhy4CGsLq5QFVtGmgRArQTUsdIHFIRPDRa9JCmqaoIZ
8BW7RiCJHrIYzE2qSD65LhTdfIBIKKFjHMWWPd9tiJfHk2NNKjYgVZhUBg7dn4xQ
a393z5dJ6rHPWchhuW1T8xxUgmkpUr6OfFBdkuDS0eQF
-----END CERTIFICATE-----