This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IM3Sgf6n85MJ0JQ5zz3x973QECY.roa
File:                     IM3Sgf6n85MJ0JQ5zz3x973QECY.roa (raw, json)
Hash identifier:          RhRSY8YyTjB3zZVDnbDfxNa5aiv4sYD92KtaLzLLg4A=
Subject key identifier:   20:CD:D2:81:FE:A7:F3:93:09:D0:94:39:CF:3D:F1:F7:BD:D0:10:26
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       019BEAD780EC4A2F1D261F9D88857DEF5F8C
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IM3Sgf6n85MJ0JQ5zz3x973QECY.roa
Signing time:             Fri 23 Jan 2026 12:32:30 +0000
ROA not before:           Fri 23 Jan 2026 12:32:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202620
IP address blocks:        185.150.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ea:d7:80:ec:4a:2f:1d:26:1f:9d:88:85:7d:ef:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Jan 23 12:32:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20cdd281fea7f39309d09439cf3df1f7bdd01026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:22:2a:7b:be:86:28:0a:89:bf:9f:76:e3:a6:
                    d1:1f:69:66:8e:58:17:8b:45:b6:e2:77:93:e6:50:
                    7f:d5:99:d2:05:8e:b8:b7:10:bf:d4:05:74:14:dd:
                    7e:48:52:68:53:31:c1:ab:a2:29:cd:53:a3:f7:d5:
                    ce:ce:95:d9:bf:23:6a:29:a5:e7:d0:a2:2a:ba:9e:
                    b2:21:dc:4a:78:ee:ea:b2:db:44:5a:2f:9a:47:8b:
                    38:63:1d:78:36:28:42:b7:9e:38:db:2c:8e:32:cd:
                    88:be:96:94:f8:0b:1c:ba:e8:b0:8c:61:20:37:3e:
                    18:6d:05:74:1d:93:28:fd:f3:ec:1e:6e:6a:43:f3:
                    9d:f9:5a:89:aa:10:aa:a3:e2:14:8c:97:1a:36:64:
                    fd:bd:0a:db:68:48:d3:3f:de:5a:c4:cd:be:6c:81:
                    40:68:a1:f0:bd:88:33:e3:47:8d:3f:7c:30:94:f8:
                    c8:6b:55:cf:8e:04:4b:95:8b:a0:a5:77:4c:0e:47:
                    9e:4b:60:64:ea:31:18:c9:5b:01:14:a4:69:91:dc:
                    f1:05:db:23:ef:90:e1:0a:b9:cb:53:aa:53:c9:9e:
                    f6:20:f4:81:92:33:e9:cd:32:71:36:6a:8d:65:ab:
                    d3:05:cd:30:2c:bc:25:76:bd:ca:c2:84:a8:8c:a6:
                    b2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CD:D2:81:FE:A7:F3:93:09:D0:94:39:CF:3D:F1:F7:BD:D0:10:26
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/IM3Sgf6n85MJ0JQ5zz3x973QECY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b5:6e:8d:77:83:92:62:b6:92:b7:e2:3b:e2:d9:3c:96:2b:
         28:e8:1e:0c:bc:50:cc:46:ff:c0:88:19:e8:b8:c6:1e:ae:e3:
         a3:f7:7c:e0:fa:f2:44:68:6e:d4:c0:6e:be:4c:7b:3a:08:dc:
         c6:55:41:de:81:be:87:ea:13:d7:9e:6a:30:69:d3:4c:b8:16:
         fd:f8:a9:40:36:52:66:61:d5:c6:be:f3:cf:64:4f:22:e0:67:
         44:b0:f4:06:d3:c5:b8:34:c0:ae:75:04:35:12:9b:ba:c4:73:
         11:f4:5f:ab:77:ad:39:94:f6:12:ae:ca:fd:d7:0e:0a:34:6a:
         86:96:b4:aa:10:24:5b:64:e2:29:e4:e9:ec:c1:bf:87:fc:a6:
         31:f2:98:de:6a:07:82:b0:2c:d3:89:0e:7c:db:5e:cc:56:f4:
         88:fc:b5:5e:2e:8e:10:9a:99:39:07:97:8c:a9:9e:e5:90:1c:
         59:6d:c6:85:8d:da:69:28:07:41:18:f2:5d:b0:c9:4d:df:a8:
         4f:22:b4:5b:41:32:9a:fe:2b:1c:52:6a:19:f3:7e:e9:85:4f:
         91:8c:79:21:d9:a1:3b:f0:74:7f:97:c4:04:4f:bd:00:f3:d8:
         dd:fc:f9:18:c6:00:7e:f3:9b:85:12:07:4a:16:9d:f3:1d:1b:
         40:4f:73:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvq14DsSi8dJh+diIV971+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjYwMTIzMTIzMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNkZDI4MWZlYTdmMzkzMDlkMDk0MzljZjNkZjFmN2JkZDAxMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyIqe76GKAqJv59246bRH2lmjlgX
i0W24neT5lB/1ZnSBY64txC/1AV0FN1+SFJoUzHBq6IpzVOj99XOzpXZvyNqKaXn
0KIqup6yIdxKeO7qsttEWi+aR4s4Yx14NihCt5442yyOMs2IvpaU+AscuuiwjGEg
Nz4YbQV0HZMo/fPsHm5qQ/Od+VqJqhCqo+IUjJcaNmT9vQrbaEjTP95axM2+bIFA
aKHwvYgz40eNP3wwlPjIa1XPjgRLlYugpXdMDkeeS2Bk6jEYyVsBFKRpkdzxBdsj
75DhCrnLU6pTyZ72IPSBkjPpzTJxNmqNZavTBc0wLLwldr3KwoSojKayYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDN0oH+p/OTCdCUOc898fe90BAmMB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvSU0zU2dmNm44NU1KMEpRNXp6M3g5NzNRRUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZaAMA0G
CSqGSIb3DQEBCwUAA4IBAQA9tW6Nd4OSYraSt+I74tk8liso6B4MvFDMRv/AiBno
uMYeruOj93zg+vJEaG7UwG6+THs6CNzGVUHegb6H6hPXnmowadNMuBb9+KlANlJm
YdXGvvPPZE8i4GdEsPQG08W4NMCudQQ1Epu6xHMR9F+rd605lPYSrsr91w4KNGqG
lrSqECRbZOIp5Onswb+H/KYx8pjeageCsCzTiQ58217MVvSI/LVeLo4Qmpk5B5eM
qZ7lkBxZbcaFjdppKAdBGPJdsMlN36hPIrRbQTKa/iscUmoZ837phU+RjHkh2aE7
8HR/l8QET70A89jd/PkYxgB+85uFEgdKFp3zHRtAT3Ma
-----END CERTIFICATE-----