This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/YF8tuWYG1Vw7dIaOMivXHZ0e1pU.roa
File:                     YF8tuWYG1Vw7dIaOMivXHZ0e1pU.roa (raw, json)
Hash identifier:          oIHlw0teS6yzCF5/spwSi4mwOeeMJuzSTSKfdSl5QBY=
Subject key identifier:   60:5F:2D:B9:66:06:D5:5C:3B:74:86:8E:32:2B:D7:1D:9D:1E:D6:95
Certificate issuer:       /CN=47f29d2bd15e024bb97e72b21242b523dc915181
Certificate serial:       019B7A5ACA98B53BDE032739DDABD07FB1D5
Authority key identifier: 47:F2:9D:2B:D1:5E:02:4B:B9:7E:72:B2:12:42:B5:23:DC:91:51:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/YF8tuWYG1Vw7dIaOMivXHZ0e1pU.roa
Signing time:             Thu 01 Jan 2026 16:18:49 +0000
ROA not before:           Thu 01 Jan 2026 16:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42473
IP address blocks:        185.53.108.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ca:98:b5:3b:de:03:27:39:dd:ab:d0:7f:b1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47f29d2bd15e024bb97e72b21242b523dc915181
        Validity
            Not Before: Jan  1 16:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=605f2db96606d55c3b74868e322bd71d9d1ed695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6c:9b:1d:a6:80:6b:8f:c2:1e:de:08:f1:20:
                    26:4f:53:43:3c:cf:09:c9:2d:4d:e6:92:4c:ec:24:
                    47:df:0a:3d:07:62:2d:15:4c:05:22:0c:b4:5b:28:
                    be:82:ed:a1:92:a3:01:46:cd:4b:83:66:07:af:01:
                    06:74:9f:d1:06:f1:d4:1e:f6:86:04:38:ed:6a:00:
                    af:3d:bc:86:e5:73:f5:aa:5c:51:e9:a2:1d:06:71:
                    25:0a:b8:9f:5e:45:d1:aa:24:93:d6:9b:20:7e:de:
                    eb:37:af:48:0e:59:9f:bc:6a:8d:e1:7a:1f:ba:81:
                    53:98:71:e3:4e:a0:0c:da:33:39:e3:a4:9d:41:93:
                    c8:6e:47:ba:f4:0e:cd:f5:59:b5:df:17:ba:05:42:
                    12:5f:15:55:bd:3f:bc:34:79:58:93:e0:a5:7c:e0:
                    e2:34:6c:b1:85:eb:02:a0:10:92:59:8c:dd:9d:1a:
                    2b:bc:c6:26:eb:25:fc:4f:e0:39:72:d2:5a:a3:63:
                    2b:8d:9e:ee:1d:98:72:cd:c2:7a:48:b6:81:a6:05:
                    3a:c0:99:0e:12:51:8a:be:74:f0:1e:01:b6:69:a0:
                    9c:d9:3c:9a:3e:fa:e8:8c:7c:fe:33:af:51:6c:84:
                    92:4c:4b:45:bb:6f:76:96:fe:a0:98:8b:8b:97:77:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5F:2D:B9:66:06:D5:5C:3B:74:86:8E:32:2B:D7:1D:9D:1E:D6:95
            X509v3 Authority Key Identifier:
                keyid:47:F2:9D:2B:D1:5E:02:4B:B9:7E:72:B2:12:42:B5:23:DC:91:51:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R_KdK9FeAku5fnKyEkK1I9yRUYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/YF8tuWYG1Vw7dIaOMivXHZ0e1pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c32598-2a95-43c4-9b6a-0166532dac56/1/R_KdK9FeAku5fnKyEkK1I9yRUYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:57:cb:46:a0:12:21:58:54:67:e0:cc:f2:53:37:43:f0:09:
         27:31:14:68:ce:74:b2:40:e2:fe:85:d6:9f:24:ea:82:3f:3f:
         16:54:02:0e:73:ce:43:6b:ca:f9:35:cd:ca:f6:51:83:7c:fc:
         90:0b:07:6d:63:21:76:a6:85:00:53:42:8e:7c:3c:ce:ce:be:
         6d:8c:2a:14:5f:c2:32:47:b0:33:03:a1:34:f0:47:ec:f1:a2:
         63:be:99:b9:1b:eb:e0:b2:a7:18:ff:02:eb:21:60:b4:a2:3b:
         d3:6c:49:cb:66:90:4d:ea:c8:e6:43:61:73:3d:f1:a2:d7:76:
         94:93:46:45:02:20:fe:5f:eb:d2:13:81:83:66:15:05:6a:32:
         e8:3d:2e:28:0f:c7:b1:3b:96:14:5a:ae:c9:91:b1:f7:79:3d:
         03:21:c9:75:17:81:33:f0:99:d4:4f:e9:09:3d:af:90:90:28:
         d3:66:22:eb:74:65:5f:ac:ce:1b:07:80:ae:4b:2c:a4:60:97:
         6b:16:6b:90:72:2f:1f:bc:6d:93:24:e9:b5:d0:37:31:83:38:
         ec:9f:3a:41:90:a8:db:c3:66:db:5d:15:6b:65:b1:63:57:9a:
         81:31:89:d4:28:b8:30:16:de:92:e5:d8:c5:20:88:d2:64:57:
         8b:fb:72:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WsqYtTveAyc53avQf7HVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZjI5ZDJiZDE1ZTAyNGJiOTdlNzJiMjEyNDJiNTIzZGM5
MTUxODEwHhcNMjYwMTAxMTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDVmMmRiOTY2MDZkNTVjM2I3NDg2OGUzMjJiZDcxZDlkMWVkNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGybHaaAa4/CHt4I8SAmT1NDPM8J
yS1N5pJM7CRH3wo9B2ItFUwFIgy0Wyi+gu2hkqMBRs1Lg2YHrwEGdJ/RBvHUHvaG
BDjtagCvPbyG5XP1qlxR6aIdBnElCrifXkXRqiST1psgft7rN69IDlmfvGqN4Xof
uoFTmHHjTqAM2jM546SdQZPIbke69A7N9Vm13xe6BUISXxVVvT+8NHlYk+ClfODi
NGyxhesCoBCSWYzdnRorvMYm6yX8T+A5ctJao2MrjZ7uHZhyzcJ6SLaBpgU6wJkO
ElGKvnTwHgG2aaCc2TyaPvrojHz+M69RbISSTEtFu292lv6gmIuLl3eJbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBfLblmBtVcO3SGjjIr1x2dHtaVMB8GA1UdIwQY
MBaAFEfynSvRXgJLuX5yshJCtSPckVGBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUl9LZEs5RmVBa3U1Zm5LeUVrSzFJOXlSVVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMzI1OTgtMmE5NS00M2M0LTliNmEt
MDE2NjUzMmRhYzU2LzEvWUY4dHVXWUcxVnc3ZElhT01pdlhIWjBlMXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMzI1OTgtMmE5NS00M2M0LTliNmEtMDE2NjUzMmRhYzU2
LzEvUl9LZEs5RmVBa3U1Zm5LeUVrSzFJOXlSVVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTVsMA0G
CSqGSIb3DQEBCwUAA4IBAQAxV8tGoBIhWFRn4MzyUzdD8AknMRRoznSyQOL+hdaf
JOqCPz8WVAIOc85Da8r5Nc3K9lGDfPyQCwdtYyF2poUAU0KOfDzOzr5tjCoUX8Iy
R7AzA6E08Efs8aJjvpm5G+vgsqcY/wLrIWC0ojvTbEnLZpBN6sjmQ2FzPfGi13aU
k0ZFAiD+X+vSE4GDZhUFajLoPS4oD8exO5YUWq7JkbH3eT0DIcl1F4Ez8JnUT+kJ
Pa+QkCjTZiLrdGVfrM4bB4CuSyykYJdrFmuQci8fvG2TJOm10DcxgzjsnzpBkKjb
w2bbXRVrZbFjV5qBMYnUKLgwFt6S5djFIIjSZFeL+3JZ
-----END CERTIFICATE-----