This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/f_SNQq9ih8XyjYCtNdKbGO12bao.roa
File:                     f_SNQq9ih8XyjYCtNdKbGO12bao.roa (raw, json)
Hash identifier:          3sfsZ1MHSneAQBHVm0I+zNLi/Xzq20PueQfyZtlq5bs=
Subject key identifier:   7F:F4:8D:42:AF:62:87:C5:F2:8D:80:AD:35:D2:9B:18:ED:76:6D:AA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC7AB059B83ACCF1C211EB9E505EA2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/f_SNQq9ih8XyjYCtNdKbGO12bao.roa
Signing time:             Thu 01 Jan 2026 14:18:19 +0000
ROA not before:           Thu 01 Jan 2026 14:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214639
IP address blocks:        185.229.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:7a:b0:59:b8:3a:cc:f1:c2:11:eb:9e:50:5e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ff48d42af6287c5f28d80ad35d29b18ed766daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f0:c1:06:81:c8:c9:10:e0:47:5a:c7:e6:39:
                    0e:d2:60:54:32:90:1b:28:0f:60:0f:79:b8:08:86:
                    db:bb:1e:d5:4e:fc:b4:4d:97:be:b6:b6:af:fd:c7:
                    c0:7f:dc:2d:e8:ea:b8:f7:76:19:fc:bc:71:8e:1d:
                    ee:11:32:eb:7d:df:f7:ab:86:11:08:25:61:bc:cd:
                    cd:a2:2e:5e:80:a5:5e:64:76:25:9c:b9:b6:20:e3:
                    8a:0e:7d:92:b1:30:f6:31:8a:12:c0:a2:a3:0e:6e:
                    fc:2b:8a:72:de:ca:c4:5f:f5:16:08:69:39:bd:13:
                    35:0a:e6:24:e5:8f:27:4b:9b:fc:27:ef:74:21:8f:
                    23:d9:2c:9a:e9:bb:97:da:34:d8:2d:20:b7:ad:b9:
                    f1:79:3a:f6:d7:6f:3a:5e:eb:be:9c:80:72:e0:fd:
                    61:df:dd:39:48:5f:a9:3e:af:c2:1e:76:80:aa:e6:
                    4b:da:2b:55:e2:72:53:86:fd:de:ca:62:b9:d5:72:
                    e0:41:56:43:09:98:39:1d:cf:7a:4b:ad:a2:62:f8:
                    42:8c:d4:ce:09:5d:11:b1:0d:71:80:35:62:09:69:
                    e0:b4:c8:85:2a:d0:f9:50:db:d4:e5:1f:d6:d5:28:
                    86:d4:22:e2:80:1a:e5:25:5e:df:92:3f:b7:d0:83:
                    c2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F4:8D:42:AF:62:87:C5:F2:8D:80:AD:35:D2:9B:18:ED:76:6D:AA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/f_SNQq9ih8XyjYCtNdKbGO12bao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8e:19:0b:03:c7:05:09:6c:23:55:83:22:d5:67:71:ca:29:
         73:5a:7f:67:7a:75:2c:41:01:6a:4e:bb:1b:e9:2f:57:ca:c3:
         74:7c:68:cc:f5:d9:c9:8a:85:71:d0:5a:c9:c7:ad:db:cf:85:
         ec:98:88:50:6a:bf:9f:51:99:c9:5e:c6:5d:db:ee:66:ed:ca:
         97:8b:a7:46:26:bb:ce:06:86:42:f3:f3:93:0b:19:a2:42:a5:
         7a:d8:6a:da:b8:bc:78:ed:97:57:ba:3c:d7:ad:4b:fc:ee:20:
         be:ea:78:ba:da:43:0c:6b:26:56:08:a7:da:91:fe:0d:ce:ae:
         04:c2:b4:52:e6:ab:0c:27:f2:dd:28:d4:eb:4d:0a:43:c5:9a:
         40:bb:d9:76:2a:4a:fa:34:8c:53:01:0c:0d:51:40:b6:d1:37:
         6b:ae:92:36:0d:21:96:ec:d2:36:07:c4:cf:23:92:7c:a6:98:
         96:a4:2d:53:a1:1b:e6:27:f0:b2:c2:6b:a4:32:a3:48:1c:d5:
         27:7b:9e:5f:1a:60:85:5c:fd:f4:29:f2:09:9f:88:c4:67:d6:
         33:43:31:6d:19:39:23:00:18:0d:5a:a7:c8:d8:fd:49:2f:11:
         68:ad:71:05:b9:17:4f:1f:45:cc:c4:34:a8:08:6d:32:a6:64:
         de:a2:49:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57HqwWbg6zPHCEeueUF6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY0OGQ0MmFmNjI4N2M1ZjI4ZDgwYWQzNWQyOWIxOGVkNzY2ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPDBBoHIyRDgR1rH5jkO0mBUMpAb
KA9gD3m4CIbbux7VTvy0TZe+trav/cfAf9wt6Oq493YZ/Lxxjh3uETLrfd/3q4YR
CCVhvM3Noi5egKVeZHYlnLm2IOOKDn2SsTD2MYoSwKKjDm78K4py3srEX/UWCGk5
vRM1CuYk5Y8nS5v8J+90IY8j2Sya6buX2jTYLSC3rbnxeTr21286Xuu+nIBy4P1h
3905SF+pPq/CHnaAquZL2itV4nJThv3eymK51XLgQVZDCZg5Hc96S62iYvhCjNTO
CV0RsQ1xgDViCWngtMiFKtD5UNvU5R/W1SiG1CLigBrlJV7fkj+30IPCWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/0jUKvYofF8o2ArTXSmxjtdm2qMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZl9TTlFxOWloOFh5allDdE5kS2JHTzEyYmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXdMA0G
CSqGSIb3DQEBCwUAA4IBAQCGjhkLA8cFCWwjVYMi1WdxyilzWn9nenUsQQFqTrsb
6S9XysN0fGjM9dnJioVx0FrJx63bz4XsmIhQar+fUZnJXsZd2+5m7cqXi6dGJrvO
BoZC8/OTCxmiQqV62GrauLx47ZdXujzXrUv87iC+6ni62kMMayZWCKfakf4Nzq4E
wrRS5qsMJ/LdKNTrTQpDxZpAu9l2Kkr6NIxTAQwNUUC20TdrrpI2DSGW7NI2B8TP
I5J8ppiWpC1ToRvmJ/CywmukMqNIHNUne55fGmCFXP30KfIJn4jEZ9YzQzFtGTkj
ABgNWqfI2P1JLxForXEFuRdPH0XMxDSoCG0ypmTeokl2
-----END CERTIFICATE-----