This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/Kpq8EZf55_gV3FvEsn5mjf_dpBU.roa
File:                     Kpq8EZf55_gV3FvEsn5mjf_dpBU.roa (raw, json)
Hash identifier:          2nhGvk06IqlLqxKExuqHomEp9VHs4mN4Vn/X8wYfMBo=
Subject key identifier:   2A:9A:BC:11:97:F9:E7:F8:15:DC:5B:C4:B2:7E:66:8D:FF:DD:A4:15
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       019B7DCA456309C8E4A54B8429FC462985E9
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/Kpq8EZf55_gV3FvEsn5mjf_dpBU.roa
Signing time:             Fri 02 Jan 2026 08:19:26 +0000
ROA not before:           Fri 02 Jan 2026 08:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62306
IP address blocks:        185.221.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:45:63:09:c8:e4:a5:4b:84:29:fc:46:29:85:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  2 08:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a9abc1197f9e7f815dc5bc4b27e668dffdda415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1f:36:64:88:df:d3:0a:96:07:75:8c:0e:c6:
                    a4:79:21:6e:cb:26:a5:72:a8:d1:b1:a9:d8:88:ab:
                    35:dc:21:24:8a:bc:ad:00:0f:ff:e1:3d:d8:8e:3f:
                    91:6c:d4:a8:3c:6d:00:33:57:f9:e9:46:1e:1d:0b:
                    c1:67:84:dd:16:f3:57:f1:5a:d7:85:ba:41:b7:21:
                    ab:69:59:0c:53:03:6a:ef:dc:01:b5:c6:47:c6:d4:
                    04:8d:4f:66:09:5a:3a:1b:76:5b:3b:d8:04:7e:8b:
                    33:08:af:e6:f9:aa:83:b3:ef:ea:32:ca:60:0f:82:
                    2e:55:23:10:65:eb:95:c6:ea:19:b9:74:b9:d9:65:
                    85:e4:59:fa:65:18:b5:08:50:1b:25:83:f0:11:e3:
                    68:1d:1a:8d:b4:9f:e5:c0:c6:93:de:65:a6:7b:53:
                    71:8d:21:f9:bb:a5:3f:77:6b:4a:6e:2e:1a:0c:13:
                    f1:67:89:05:99:32:ac:8b:34:cf:88:83:de:20:f7:
                    2a:9b:b2:5c:2a:be:ba:25:4d:b3:82:4a:cc:29:d6:
                    87:0f:52:6b:b4:4a:48:a2:8d:e0:45:9f:90:f2:96:
                    9b:59:ae:82:fe:4c:8a:96:d3:9a:74:31:4e:c8:c7:
                    e7:81:a3:aa:60:f3:87:de:b4:02:35:8d:66:c3:ab:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9A:BC:11:97:F9:E7:F8:15:DC:5B:C4:B2:7E:66:8D:FF:DD:A4:15
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/Kpq8EZf55_gV3FvEsn5mjf_dpBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:51:bb:b0:cd:c2:a2:5c:91:a3:78:7f:16:2f:b1:35:ca:c0:
         6d:2a:8e:ef:ef:53:51:d1:63:dd:53:e9:ee:24:b2:dc:86:76:
         b3:3b:83:9f:97:52:da:e3:49:cc:1f:cf:02:c7:25:f7:9c:1a:
         f2:ff:22:3f:0b:4d:f1:97:9f:bf:fc:51:65:d7:42:0e:ad:e0:
         9b:a1:27:30:23:f4:6e:f2:c9:7f:80:bd:57:5d:77:bf:e5:21:
         4d:89:64:22:10:ec:ec:4f:c0:0f:44:70:ca:54:5e:3a:49:4f:
         98:d6:8d:38:8a:f5:7c:a3:c3:e3:70:7a:24:f5:e3:ca:fd:c3:
         7c:e7:52:9e:11:9b:90:07:38:77:e9:36:69:62:59:53:10:cd:
         70:1c:99:ce:e8:8e:b4:27:3f:bb:fe:d7:74:bb:99:5e:7b:15:
         28:cd:7a:46:d6:9e:69:cc:36:3b:f9:66:b1:27:b1:15:c8:e3:
         db:33:ee:bc:b3:dd:7e:c3:27:fd:d4:6d:30:51:5d:79:a8:f7:
         8b:f5:1d:7a:bf:84:0d:0e:7f:f2:d7:df:dc:74:66:35:3d:17:
         48:b3:fa:57:45:2b:70:59:4c:44:ec:91:20:21:e6:c5:0b:f7:
         a2:67:00:a9:cb:26:33:e7:38:84:58:90:9c:0c:2c:ce:9e:70:
         67:a6:e1:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ykVjCcjkpUuEKfxGKYXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjYwMTAyMDgxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlhYmMxMTk3ZjllN2Y4MTVkYzViYzRiMjdlNjY4ZGZmZGRhNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuh82ZIjf0wqWB3WMDsakeSFuyyal
cqjRsanYiKs13CEkirytAA//4T3Yjj+RbNSoPG0AM1f56UYeHQvBZ4TdFvNX8VrX
hbpBtyGraVkMUwNq79wBtcZHxtQEjU9mCVo6G3ZbO9gEfoszCK/m+aqDs+/qMspg
D4IuVSMQZeuVxuoZuXS52WWF5Fn6ZRi1CFAbJYPwEeNoHRqNtJ/lwMaT3mWme1Nx
jSH5u6U/d2tKbi4aDBPxZ4kFmTKsizTPiIPeIPcqm7JcKr66JU2zgkrMKdaHD1Jr
tEpIoo3gRZ+Q8pabWa6C/kyKltOadDFOyMfngaOqYPOH3rQCNY1mw6vGNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqavBGX+ef4FdxbxLJ+Zo3/3aQVMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvS3BxOEVaZjU1X2dWM0Z2RXNuNW1qZl9kcEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3cMA0G
CSqGSIb3DQEBCwUAA4IBAQA6UbuwzcKiXJGjeH8WL7E1ysBtKo7v71NR0WPdU+nu
JLLchnazO4Ofl1La40nMH88CxyX3nBry/yI/C03xl5+//FFl10IOreCboScwI/Ru
8sl/gL1XXXe/5SFNiWQiEOzsT8APRHDKVF46SU+Y1o04ivV8o8PjcHok9ePK/cN8
51KeEZuQBzh36TZpYllTEM1wHJnO6I60Jz+7/td0u5leexUozXpG1p5pzDY7+Wax
J7EVyOPbM+68s91+wyf91G0wUV15qPeL9R16v4QNDn/y19/cdGY1PRdIs/pXRStw
WUxE7JEgIebFC/eiZwCpyyYz5ziEWJCcDCzOnnBnpuEM
-----END CERTIFICATE-----