This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/B858kg8THjaSoEIim6530sspUXs.roa
File:                     B858kg8THjaSoEIim6530sspUXs.roa (raw, json)
Hash identifier:          HCD5tBX+9y/cDnZBRIi513FjVWEfPLJ8ux8RH4V8Dpk=
Subject key identifier:   07:CE:7C:92:0F:13:1E:36:92:A0:42:22:9B:AE:77:D2:CB:29:51:7B
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       019B7AC794F502F529559B9CF5071EAB3E42
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/B858kg8THjaSoEIim6530sspUXs.roa
Signing time:             Thu 01 Jan 2026 18:17:38 +0000
ROA not before:           Thu 01 Jan 2026 18:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213541
IP address blocks:        185.240.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:94:f5:02:f5:29:55:9b:9c:f5:07:1e:ab:3e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Jan  1 18:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07ce7c920f131e3692a042229bae77d2cb29517b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:58:7b:24:ce:67:b8:fe:b0:1b:d5:ed:f6:ba:
                    4a:ac:f2:57:25:e3:e5:e0:13:5a:88:35:ed:5f:cb:
                    b4:22:db:95:4f:3e:1d:77:79:91:73:c9:32:c9:d1:
                    c5:18:f0:c7:6d:09:28:17:ad:af:c3:0e:35:d3:54:
                    d3:3d:95:b0:3a:4b:24:3c:66:11:b4:db:ce:65:77:
                    75:45:6e:5d:e2:0c:8d:fa:a4:48:25:a5:e1:3f:f9:
                    33:0c:a5:8b:c7:b3:ef:bd:9a:a6:12:70:96:92:b3:
                    ac:9d:00:2a:25:b7:2b:73:db:1c:62:5f:ef:d5:e0:
                    15:d5:e9:d3:95:5e:98:0b:88:ee:1b:e0:a1:f1:1c:
                    6c:81:f6:4f:36:a6:6f:ba:47:af:48:53:b6:91:5e:
                    7b:18:67:43:b6:d6:29:a0:c0:0d:b3:09:30:40:e6:
                    12:5f:dd:e0:28:88:a8:5e:d8:08:05:e4:9d:d8:f6:
                    42:61:6c:ec:6a:a2:0b:89:c9:10:4d:12:a5:aa:8e:
                    a4:f3:e9:08:51:18:d5:9a:54:58:25:76:ba:11:bd:
                    df:d4:05:6b:4a:46:3e:3c:1b:ed:25:4e:92:07:89:
                    f5:43:1c:93:45:93:cc:19:c9:c2:42:a5:0a:ae:03:
                    14:da:83:ba:b3:5e:c8:26:0a:50:1d:54:b1:d4:1b:
                    c6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CE:7C:92:0F:13:1E:36:92:A0:42:22:9B:AE:77:D2:CB:29:51:7B
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/B858kg8THjaSoEIim6530sspUXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:46:00:0c:a6:73:a5:9f:17:63:af:56:00:25:f1:16:76:09:
         33:da:f0:a4:29:5e:20:49:0e:79:e2:66:ed:3b:4d:76:e0:00:
         c8:bf:95:ff:5d:76:f6:63:28:ed:2c:e1:ab:7f:41:7d:94:d1:
         0e:df:5b:0c:79:95:63:22:a8:89:14:46:97:f2:99:59:4d:bc:
         a7:22:a7:25:ec:4a:5c:3b:44:45:40:9c:4b:e8:9f:0f:fe:ac:
         ea:3f:89:5b:58:bd:f2:d0:13:14:76:63:41:2a:75:9b:13:85:
         5b:66:e9:ef:68:cd:c5:2a:66:af:f0:c5:c6:da:fa:09:23:0f:
         9d:2f:64:ea:54:fb:6f:c6:a1:21:3d:ed:0b:26:bb:19:86:c4:
         d3:5b:96:fd:2e:bb:5e:fc:20:d3:49:a4:94:46:82:cb:57:69:
         51:c0:53:3c:3e:19:a9:61:fc:e2:5c:86:e9:86:3f:f2:76:4c:
         df:18:d4:aa:4f:6c:cb:18:97:bc:47:8d:0e:6c:42:ce:60:5b:
         fa:18:c2:1d:b2:eb:12:be:86:cf:a5:0d:bf:10:9f:61:95:83:
         9e:75:33:d5:5f:49:0e:b2:58:45:a7:f6:15:5c:94:1e:e6:3f:
         11:4b:70:fa:e0:66:3a:f1:f5:93:31:46:9d:8e:18:92:fc:bd:
         ee:4d:26:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5T1AvUpVZuc9Qceqz5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjYwMTAxMTgxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NlN2M5MjBmMTMxZTM2OTJhMDQyMjI5YmFlNzdkMmNiMjk1MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFh7JM5nuP6wG9Xt9rpKrPJXJePl
4BNaiDXtX8u0ItuVTz4dd3mRc8kyydHFGPDHbQkoF62vww4101TTPZWwOkskPGYR
tNvOZXd1RW5d4gyN+qRIJaXhP/kzDKWLx7PvvZqmEnCWkrOsnQAqJbcrc9scYl/v
1eAV1enTlV6YC4juG+Ch8RxsgfZPNqZvukevSFO2kV57GGdDttYpoMANswkwQOYS
X93gKIioXtgIBeSd2PZCYWzsaqILickQTRKlqo6k8+kIURjVmlRYJXa6Eb3f1AVr
SkY+PBvtJU6SB4n1QxyTRZPMGcnCQqUKrgMU2oO6s17IJgpQHVSx1BvGMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfOfJIPEx42kqBCIpuud9LLKVF7MB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvQjg1OGtnOFRIamFTb0VJaW02NTMwc3NwVVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufCAMA0G
CSqGSIb3DQEBCwUAA4IBAQBCRgAMpnOlnxdjr1YAJfEWdgkz2vCkKV4gSQ554mbt
O0124ADIv5X/XXb2YyjtLOGrf0F9lNEO31sMeZVjIqiJFEaX8plZTbynIqcl7Epc
O0RFQJxL6J8P/qzqP4lbWL3y0BMUdmNBKnWbE4VbZunvaM3FKmav8MXG2voJIw+d
L2TqVPtvxqEhPe0LJrsZhsTTW5b9Lrte/CDTSaSURoLLV2lRwFM8PhmpYfziXIbp
hj/ydkzfGNSqT2zLGJe8R40ObELOYFv6GMIdsusSvobPpQ2/EJ9hlYOedTPVX0kO
slhFp/YVXJQe5j8RS3D64GY68fWTMUadjhiS/L3uTSba
-----END CERTIFICATE-----