This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/dhB_IkqPVgi3yJTzlaxBzpa9CMs.roa
File:                     dhB_IkqPVgi3yJTzlaxBzpa9CMs.roa (raw, json)
Hash identifier:          /dJFhGziZtLlMMTjECful8AqChnK1t2jnoBopwI8PGs=
Subject key identifier:   76:10:7F:22:4A:8F:56:08:B7:C8:94:F3:95:AC:41:CE:96:BD:08:CB
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019B76EB1A4C09970D34F3180BC37DF99659
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/dhB_IkqPVgi3yJTzlaxBzpa9CMs.roa
Signing time:             Thu 01 Jan 2026 00:17:57 +0000
ROA not before:           Thu 01 Jan 2026 00:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207030
IP address blocks:        185.27.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:1a:4c:09:97:0d:34:f3:18:0b:c3:7d:f9:96:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 00:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76107f224a8f5608b7c894f395ac41ce96bd08cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f9:d2:14:00:b6:bb:3e:27:ea:cc:b9:01:e6:
                    51:dc:e4:fa:1f:33:cf:55:bc:b4:23:97:2d:3a:0a:
                    4f:0d:e9:9d:9b:db:83:b7:cc:c8:a4:cc:fb:12:e2:
                    3a:45:8a:bb:47:91:95:02:4e:1d:bc:67:62:b3:94:
                    3b:0b:7e:e1:0a:bf:3d:50:46:9b:21:39:1d:09:ae:
                    75:ae:a9:41:98:f8:05:96:92:de:29:dd:64:9b:34:
                    ab:29:75:7b:cf:49:0d:19:8d:b1:09:85:cd:f7:9b:
                    e9:9c:c7:81:5f:3b:26:d3:e9:88:89:f6:02:35:f7:
                    06:ac:0a:99:99:fa:37:7b:62:d8:bd:43:b6:06:b1:
                    90:8e:81:59:82:ab:f1:ea:36:a7:6e:cf:98:f7:a6:
                    85:a1:2d:8f:6d:9b:7d:a2:e0:21:40:48:d4:45:9e:
                    f8:94:c0:8c:61:87:0e:81:ad:3c:fc:91:00:61:d9:
                    dc:18:59:22:2e:63:49:d8:3a:f8:5e:91:92:40:2c:
                    05:c1:fd:69:2c:7c:aa:9d:e6:ea:57:7b:e8:b4:fa:
                    d6:d3:df:83:10:95:bf:33:4e:a7:b1:fe:67:28:da:
                    e7:10:81:e5:3a:cf:0f:03:b7:da:4e:85:4a:46:13:
                    a7:28:c5:bf:82:bc:c3:60:e0:6e:59:f6:27:ca:8a:
                    23:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:10:7F:22:4A:8F:56:08:B7:C8:94:F3:95:AC:41:CE:96:BD:08:CB
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/dhB_IkqPVgi3yJTzlaxBzpa9CMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:52:22:61:ab:da:3a:a1:e1:d9:62:9a:12:d6:5e:29:19:70:
         b6:92:a7:bc:f3:03:f2:e8:99:ee:47:67:04:92:3a:30:31:ca:
         d8:35:cc:4a:24:e8:b0:c7:41:5c:e0:32:31:85:ac:6d:80:3c:
         34:ef:17:aa:e1:53:fb:0f:26:7e:94:3e:37:0b:03:52:95:3f:
         fb:06:ee:24:d1:5c:e6:96:44:95:3f:41:94:c6:a6:02:67:1e:
         5d:92:b2:e0:5b:2a:3b:d9:67:c9:9c:e2:03:a3:f2:35:97:5c:
         b5:dc:e8:f5:c3:7f:b8:80:db:c8:1e:b4:a8:7b:cb:b6:96:77:
         eb:23:66:f7:98:a4:a3:21:4b:ac:52:bd:c7:c8:01:fe:7d:b6:
         cd:ab:e4:5d:70:06:bd:da:39:53:9e:d9:56:31:28:4e:86:d5:
         97:c4:01:72:d5:b3:bf:c2:55:36:ed:25:e2:dc:9e:a0:fc:e4:
         15:b5:73:05:ec:98:5f:d0:3a:51:12:89:92:15:2d:b8:05:34:
         4b:ad:01:92:d2:22:c5:24:a7:00:bd:2c:9c:14:49:46:52:cf:
         de:a8:72:98:72:f4:10:a7:88:5e:b4:d8:38:bf:67:a3:1d:5b:
         7a:77:e6:6f:b5:8d:2c:3f:01:fc:1f:9f:04:19:0b:6f:25:61:
         b8:97:82:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xpMCZcNNPMYC8N9+ZZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMTAxMDAxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjEwN2YyMjRhOGY1NjA4YjdjODk0ZjM5NWFjNDFjZTk2YmQwOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/nSFAC2uz4n6sy5AeZR3OT6HzPP
Vby0I5ctOgpPDemdm9uDt8zIpMz7EuI6RYq7R5GVAk4dvGdis5Q7C37hCr89UEab
ITkdCa51rqlBmPgFlpLeKd1kmzSrKXV7z0kNGY2xCYXN95vpnMeBXzsm0+mIifYC
NfcGrAqZmfo3e2LYvUO2BrGQjoFZgqvx6janbs+Y96aFoS2PbZt9ouAhQEjURZ74
lMCMYYcOga08/JEAYdncGFkiLmNJ2Dr4XpGSQCwFwf1pLHyqnebqV3votPrW09+D
EJW/M06nsf5nKNrnEIHlOs8PA7faToVKRhOnKMW/grzDYOBuWfYnyoojrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYQfyJKj1YIt8iU85WsQc6WvQjLMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvZGhCX0lrcVBWZ2kzeUpUemxheEJ6cGE5Q01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5UiJhq9o6oeHZYpoS1l4pGXC2kqe88wPy6JnuR2cE
kjowMcrYNcxKJOiwx0Fc4DIxhaxtgDw07xeq4VP7DyZ+lD43CwNSlT/7Bu4k0Vzm
lkSVP0GUxqYCZx5dkrLgWyo72WfJnOIDo/I1l1y13Oj1w3+4gNvIHrSoe8u2lnfr
I2b3mKSjIUusUr3HyAH+fbbNq+RdcAa92jlTntlWMShOhtWXxAFy1bO/wlU27SXi
3J6g/OQVtXMF7Jhf0DpREomSFS24BTRLrQGS0iLFJKcAvSycFElGUs/eqHKYcvQQ
p4hetNg4v2ejHVt6d+ZvtY0sPwH8H58EGQtvJWG4l4K2
-----END CERTIFICATE-----