This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/Ek07ovRM2Kh_Vc9JMXBQkpJ1Q9o.roa
File:                     Ek07ovRM2Kh_Vc9JMXBQkpJ1Q9o.roa (raw, json)
Hash identifier:          SY/fpD8jCYcf0UhkUzguL/mEf+0d9gsoahH2LNMAjv4=
Subject key identifier:   12:4D:3B:A2:F4:4C:D8:A8:7F:55:CF:49:31:70:50:92:92:75:43:DA
Certificate issuer:       /CN=98901c7cffd19a4fea78f79b1004999266dcc224
Certificate serial:       019B7DCAB18EA8AEC6D97DA4A2282D399195
Authority key identifier: 98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/Ek07ovRM2Kh_Vc9JMXBQkpJ1Q9o.roa
Signing time:             Fri 02 Jan 2026 08:19:54 +0000
ROA not before:           Fri 02 Jan 2026 08:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29550
IP address blocks:        185.43.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:b1:8e:a8:ae:c6:d9:7d:a4:a2:28:2d:39:91:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98901c7cffd19a4fea78f79b1004999266dcc224
        Validity
            Not Before: Jan  2 08:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=124d3ba2f44cd8a87f55cf4931705092927543da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8c:91:ef:98:ff:9c:5f:38:51:bb:ad:4d:63:
                    59:33:4e:df:b1:77:9d:49:89:80:7c:af:78:2b:df:
                    67:7d:64:90:36:22:65:10:b4:10:d4:89:b1:80:c6:
                    85:16:4b:c9:99:e2:40:b2:e0:a7:33:c8:1d:18:bb:
                    30:13:be:03:f1:92:bb:ba:67:b6:c3:e1:ed:e5:a1:
                    d9:9c:e1:8b:b9:11:75:98:f4:a5:84:e3:c6:3e:83:
                    44:a8:b0:b8:77:bf:2b:57:95:ef:c9:a3:6c:39:44:
                    33:a3:87:a8:f3:ba:5b:8e:a1:5f:b4:7f:4d:10:ff:
                    cf:ab:a1:63:f7:60:83:7a:8e:d7:05:a3:cf:1c:27:
                    5b:3d:67:df:d3:2a:fa:3d:4e:22:ec:1f:1a:a8:04:
                    15:53:15:25:e8:5d:37:cb:9e:13:67:0d:e6:01:32:
                    a8:52:c7:49:d7:8b:3d:e2:9f:38:77:f8:95:f8:ac:
                    c8:c7:43:a9:d0:58:4e:b7:cb:84:f9:ed:79:80:0f:
                    0a:99:9b:fe:93:79:6e:21:28:f7:5b:f3:0c:90:9a:
                    04:47:82:77:06:71:96:f5:0a:e8:a4:c5:bc:5d:42:
                    bc:9b:7c:e2:e1:2a:2a:64:0c:50:15:6f:69:76:4c:
                    5f:e8:a9:0d:0b:f7:17:79:bb:b0:34:0b:d7:54:cb:
                    6f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:4D:3B:A2:F4:4C:D8:A8:7F:55:CF:49:31:70:50:92:92:75:43:DA
            X509v3 Authority Key Identifier:
                keyid:98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/Ek07ovRM2Kh_Vc9JMXBQkpJ1Q9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:7f:16:e0:4b:7b:99:25:54:31:b6:22:24:5d:21:36:f3:87:
         8e:a9:3c:6a:f0:48:79:26:28:46:a7:dc:9a:2b:e2:b5:d8:d6:
         53:e8:dd:86:96:e7:78:7e:99:c1:02:b7:d7:e0:9d:d5:a9:45:
         64:9f:d0:cd:f0:81:b0:8b:4a:11:6c:6f:53:00:4b:44:6d:1f:
         4c:8d:11:8e:08:a5:f3:3a:53:ec:06:bf:17:05:53:3e:72:98:
         95:33:4d:73:34:fb:e1:25:b9:52:22:38:a5:bd:82:8d:da:fd:
         62:d3:39:c6:0b:17:39:a4:78:47:dd:45:64:a7:56:fd:ba:1f:
         02:08:41:cd:05:2d:bd:13:8f:68:fc:3b:a9:c3:e7:18:5b:12:
         92:e2:2e:4f:cf:85:46:b0:f5:f6:62:20:12:b1:f2:24:1e:61:
         81:c4:08:0c:51:b4:b8:9b:ad:82:13:37:0a:87:4d:e1:c8:80:
         46:c0:2d:18:5a:d6:4c:d4:8f:a6:9a:60:bc:14:6b:f6:e4:77:
         61:e1:72:b7:f3:9b:c8:21:6a:ba:63:6e:9d:cc:33:1d:6f:3c:
         46:4f:62:8a:17:b1:a2:86:f6:03:3f:5f:79:81:ad:e5:5f:9e:
         a2:ec:9b:dc:52:40:bb:da:82:25:e0:4b:bb:b6:e2:54:ac:b1:
         e4:62:4d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yrGOqK7G2X2koigtOZGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTAxYzdjZmZkMTlhNGZlYTc4Zjc5YjEwMDQ5OTkyNjZk
Y2MyMjQwHhcNMjYwMTAyMDgxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjRkM2JhMmY0NGNkOGE4N2Y1NWNmNDkzMTcwNTA5MjkyNzU0M2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4yR75j/nF84UbutTWNZM07fsXed
SYmAfK94K99nfWSQNiJlELQQ1ImxgMaFFkvJmeJAsuCnM8gdGLswE74D8ZK7ume2
w+Ht5aHZnOGLuRF1mPSlhOPGPoNEqLC4d78rV5XvyaNsOUQzo4eo87pbjqFftH9N
EP/Pq6Fj92CDeo7XBaPPHCdbPWff0yr6PU4i7B8aqAQVUxUl6F03y54TZw3mATKo
UsdJ14s94p84d/iV+KzIx0Op0FhOt8uE+e15gA8KmZv+k3luISj3W/MMkJoER4J3
BnGW9QropMW8XUK8m3zi4SoqZAxQFW9pdkxf6KkNC/cXebuwNAvXVMtvBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJNO6L0TNiof1XPSTFwUJKSdUPaMB8GA1UdIwQY
MBaAFJiQHHz/0ZpP6nj3mxAEmZJm3MIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYt
Y2JjMjc5N2MxZDBhLzEvRWswN292Uk0yS2hfVmM5Sk1YQlFrcEoxUTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYtY2JjMjc5N2MxZDBh
LzEvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvoMA0G
CSqGSIb3DQEBCwUAA4IBAQAyfxbgS3uZJVQxtiIkXSE284eOqTxq8Eh5JihGp9ya
K+K12NZT6N2Glud4fpnBArfX4J3VqUVkn9DN8IGwi0oRbG9TAEtEbR9MjRGOCKXz
OlPsBr8XBVM+cpiVM01zNPvhJblSIjilvYKN2v1i0znGCxc5pHhH3UVkp1b9uh8C
CEHNBS29E49o/Dupw+cYWxKS4i5Pz4VGsPX2YiASsfIkHmGBxAgMUbS4m62CEzcK
h03hyIBGwC0YWtZM1I+mmmC8FGv25Hdh4XK385vIIWq6Y26dzDMdbzxGT2KKF7Gi
hvYDP195ga3lX56i7JvcUkC72oIl4Eu7tuJUrLHkYk1s
-----END CERTIFICATE-----