This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DF7XYEsxSGOVzkqqnAAqrfyfVaA.roa
File:                     DF7XYEsxSGOVzkqqnAAqrfyfVaA.roa (raw, json)
Hash identifier:          qKJipQNm4wuCLejL+kCBCWe0DQKJnUetf/Q46lu1TV0=
Subject key identifier:   0C:5E:D7:60:4B:31:48:63:95:CE:4A:AA:9C:00:2A:AD:FC:9F:55:A0
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C137318EC651135562F2E2CCD1FAB14
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DF7XYEsxSGOVzkqqnAAqrfyfVaA.roa
Signing time:             Fri 02 Jan 2026 00:20:07 +0000
ROA not before:           Fri 02 Jan 2026 00:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54339
IP address blocks:        185.194.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:73:18:ec:65:11:35:56:2f:2e:2c:cd:1f:ab:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c5ed7604b31486395ce4aaa9c002aadfc9f55a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:03:d3:52:1d:e0:01:8d:c8:ea:5f:9e:01:b1:
                    9e:dc:e4:68:86:0f:38:d9:ef:94:5f:fc:1a:bf:54:
                    87:dd:4b:00:21:c6:51:2f:20:3c:c5:04:8d:85:93:
                    d9:eb:6e:48:44:c9:01:b8:d7:3d:1c:e4:4a:27:32:
                    fa:d7:be:68:3b:9f:a6:93:2d:94:1d:6b:72:f4:c3:
                    b1:8c:93:7f:9a:39:33:b8:79:74:63:b7:cf:cb:63:
                    ae:86:c3:3c:35:3d:74:56:ec:d0:05:77:bc:8d:57:
                    a5:42:c4:05:da:11:af:b2:f6:c3:74:98:c3:37:28:
                    dd:7c:38:05:a2:ae:2d:a9:8a:30:3f:2c:2e:b0:71:
                    e6:9a:58:fd:4b:01:f9:91:39:37:79:09:87:86:01:
                    18:84:cf:8b:aa:c9:92:74:47:0a:7f:60:78:c0:78:
                    82:a3:b0:f7:fd:d6:13:f4:73:e2:34:04:6c:1c:30:
                    f6:bb:74:e9:1b:6e:cb:7b:55:29:f8:e8:47:ea:1d:
                    38:e8:cd:ae:1d:63:f8:bc:ad:1b:78:e7:24:80:d7:
                    6d:8b:e1:29:b2:bc:ec:7e:70:43:0b:b8:7e:e7:11:
                    29:09:c8:90:21:ac:94:71:e1:e6:2e:39:7a:17:7e:
                    d3:1b:86:73:fe:bc:da:93:fd:79:2a:95:6f:e9:cf:
                    a8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5E:D7:60:4B:31:48:63:95:CE:4A:AA:9C:00:2A:AD:FC:9F:55:A0
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DF7XYEsxSGOVzkqqnAAqrfyfVaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9f:81:5c:d7:13:5e:3d:6c:fb:09:72:d9:46:c2:c6:dc:a8:
         02:8d:71:09:50:0b:5d:13:86:2c:67:b7:dd:c2:bf:9c:95:c6:
         59:d5:ea:0a:5c:1d:00:4b:f4:90:4e:bf:e9:88:8a:94:8b:c5:
         1e:da:e9:cd:fd:f6:fd:1d:e8:4a:e7:27:c9:f4:fb:ee:84:5d:
         df:f3:2b:0e:2b:d0:2b:91:93:ac:c1:b2:ee:a6:27:39:7e:e5:
         b1:c3:ad:7c:80:3f:d9:79:84:5b:8e:eb:ae:de:d0:54:86:0a:
         79:32:2b:d5:68:74:42:3e:9d:94:41:69:a4:ec:d0:80:01:4d:
         6e:8d:3d:72:62:c7:55:e6:e9:6f:e7:39:3a:10:fe:99:45:09:
         aa:29:0e:34:90:3e:dd:5c:51:af:6b:37:d8:20:5f:5f:69:c4:
         7f:8b:71:b8:fd:f0:8d:13:fb:73:98:2c:63:0b:93:d2:42:a7:
         3c:6c:6e:b3:94:33:51:e6:d2:c1:75:2b:1c:36:2b:6a:f6:92:
         e9:d8:8c:6d:5d:9c:8a:04:60:b2:1e:45:73:d8:0e:bc:f3:54:
         60:88:34:93:d1:0a:b8:5e:cc:02:3c:e8:f0:33:6a:63:4f:3f:
         40:72:70:94:8b:66:77:67:46:4f:9d:3a:84:af:93:2d:e9:19:
         a5:63:4f:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E3MY7GURNVYvLizNH6sUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzVlZDc2MDRiMzE0ODYzOTVjZTRhYWE5YzAwMmFhZGZjOWY1NWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwPTUh3gAY3I6l+eAbGe3ORohg84
2e+UX/wav1SH3UsAIcZRLyA8xQSNhZPZ625IRMkBuNc9HORKJzL6175oO5+mky2U
HWty9MOxjJN/mjkzuHl0Y7fPy2OuhsM8NT10VuzQBXe8jVelQsQF2hGvsvbDdJjD
NyjdfDgFoq4tqYowPywusHHmmlj9SwH5kTk3eQmHhgEYhM+LqsmSdEcKf2B4wHiC
o7D3/dYT9HPiNARsHDD2u3TpG27Le1Up+OhH6h046M2uHWP4vK0beOckgNdti+Ep
srzsfnBDC7h+5xEpCciQIayUceHmLjl6F37TG4Zz/rzak/15KpVv6c+o+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxe12BLMUhjlc5KqpwAKq38n1WgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvREY3WFlFc3hTR09WemtxcW5BQXFyZnlmVmFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIdMA0G
CSqGSIb3DQEBCwUAA4IBAQBSn4Fc1xNePWz7CXLZRsLG3KgCjXEJUAtdE4YsZ7fd
wr+clcZZ1eoKXB0AS/SQTr/piIqUi8Ue2unN/fb9HehK5yfJ9PvuhF3f8ysOK9Ar
kZOswbLupic5fuWxw618gD/ZeYRbjuuu3tBUhgp5MivVaHRCPp2UQWmk7NCAAU1u
jT1yYsdV5ulv5zk6EP6ZRQmqKQ40kD7dXFGvazfYIF9facR/i3G4/fCNE/tzmCxj
C5PSQqc8bG6zlDNR5tLBdSscNitq9pLp2IxtXZyKBGCyHkVz2A6881RgiDST0Qq4
XswCPOjwM2pjTz9AcnCUi2Z3Z0ZPnTqEr5Mt6RmlY08K
-----END CERTIFICATE-----