This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/t8mVoTfmckCvsyVdwBCx2WY3_SU.roa
File:                     t8mVoTfmckCvsyVdwBCx2WY3_SU.roa (raw, json)
Hash identifier:          punRHqDIXE83AX4muw8qvjP6n1JcfvmchVlgv85rsL0=
Subject key identifier:   B7:C9:95:A1:37:E6:72:40:AF:B3:25:5D:C0:10:B1:D9:66:37:FD:25
Certificate issuer:       /CN=638c509cb77b0149b6f66f5019f858b3acf942e9
Certificate serial:       019B7E38BC8FA23F9E6A6AA80A2EF55005C0
Authority key identifier: 63:8C:50:9C:B7:7B:01:49:B6:F6:6F:50:19:F8:58:B3:AC:F9:42:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4xQnLd7AUm29m9QGfhYs6z5Quk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/t8mVoTfmckCvsyVdwBCx2WY3_SU.roa
Signing time:             Fri 02 Jan 2026 10:20:06 +0000
ROA not before:           Fri 02 Jan 2026 10:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29562
IP address blocks:        185.2.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/Y4xQnLd7AUm29m9QGfhYs6z5Quk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/Y4xQnLd7AUm29m9QGfhYs6z5Quk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4xQnLd7AUm29m9QGfhYs6z5Quk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:bc:8f:a2:3f:9e:6a:6a:a8:0a:2e:f5:50:05:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=638c509cb77b0149b6f66f5019f858b3acf942e9
        Validity
            Not Before: Jan  2 10:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7c995a137e67240afb3255dc010b1d96637fd25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:b3:1d:ab:0a:a4:75:4a:20:23:fb:49:0f:
                    70:93:82:c4:31:c5:34:4b:cc:1c:29:bc:bb:9f:f0:
                    83:8a:f7:06:16:a8:c2:77:2f:3d:7a:ad:a6:b2:65:
                    d5:c7:f7:1e:c9:05:f4:0a:b6:d7:e1:1f:de:02:f2:
                    c9:1b:20:9e:c2:43:79:fb:c5:43:c5:c2:59:08:4b:
                    fa:b3:39:38:0d:77:26:a8:d7:0b:f7:6f:62:e5:10:
                    7f:59:15:21:5d:17:03:a9:66:e1:bb:6b:d5:44:e3:
                    ed:d9:99:13:fb:40:b5:35:71:a5:60:92:00:99:5d:
                    7e:3c:61:b6:09:ad:7d:b8:49:34:da:c3:03:56:be:
                    e9:04:c1:b4:2c:9a:3d:59:0c:e6:c9:66:e3:87:d6:
                    18:dc:8d:af:43:f1:13:8b:ca:8c:e2:94:c3:9c:36:
                    41:00:86:bf:ec:66:ba:b2:5a:fe:92:f6:8c:2b:75:
                    63:0e:26:7a:2a:d6:74:92:c4:dd:f6:50:8a:c1:c8:
                    41:41:b8:ed:c7:cd:01:b7:70:fd:6b:f1:48:f6:5f:
                    12:cd:fd:a6:02:9c:a3:fc:07:43:10:45:1d:59:86:
                    a7:5c:1b:5b:9b:88:b9:65:a3:0d:1d:09:c8:e6:64:
                    65:90:31:bc:df:33:03:20:73:cd:3a:f9:0d:98:79:
                    54:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C9:95:A1:37:E6:72:40:AF:B3:25:5D:C0:10:B1:D9:66:37:FD:25
            X509v3 Authority Key Identifier:
                keyid:63:8C:50:9C:B7:7B:01:49:B6:F6:6F:50:19:F8:58:B3:AC:F9:42:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4xQnLd7AUm29m9QGfhYs6z5Quk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/t8mVoTfmckCvsyVdwBCx2WY3_SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/Y4xQnLd7AUm29m9QGfhYs6z5Quk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:43:6b:a0:92:f6:d0:e2:b7:6e:34:32:d6:5f:dd:61:b4:fe:
         4b:7c:37:c3:50:1d:85:c0:92:fe:a4:ae:bb:09:60:fe:e9:c5:
         1d:84:9e:49:73:d9:82:99:05:c6:8d:3e:7c:69:fb:eb:82:1e:
         71:4c:b0:a6:6c:3b:43:f8:5a:a6:9e:1d:e6:ac:48:a8:aa:5e:
         50:f4:58:9e:0a:26:f7:79:94:00:b8:93:87:a4:ac:d0:aa:76:
         42:bb:22:d5:9c:48:49:7e:82:3d:e6:01:0b:ed:56:c7:fa:12:
         6e:3f:43:84:2f:95:ac:58:d6:91:6c:b2:eb:57:16:3a:0e:47:
         6a:04:4e:6c:41:74:cc:9a:38:fb:95:fb:5c:17:7b:b8:90:90:
         cc:7c:e4:48:74:db:56:e6:23:da:cf:59:78:97:64:a0:10:cc:
         f9:d4:c6:86:68:7a:3f:ea:65:74:03:ec:ec:b6:6b:98:a6:fb:
         b9:64:95:5f:08:62:53:03:9c:8e:09:aa:c6:6d:ab:8a:6f:ae:
         2e:56:b9:1a:53:78:ae:d3:8b:9a:08:3f:09:f8:7b:1c:4e:09:
         43:22:75:57:be:0e:88:bc:72:9a:d4:9e:88:8d:38:53:92:44:
         e7:aa:af:62:ef:13:d3:78:fd:2c:c7:e9:d9:e6:90:9d:56:07:
         ca:83:1a:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OLyPoj+eamqoCi71UAXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOGM1MDljYjc3YjAxNDliNmY2NmY1MDE5Zjg1OGIzYWNm
OTQyZTkwHhcNMjYwMTAyMTAyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2M5OTVhMTM3ZTY3MjQwYWZiMzI1NWRjMDEwYjFkOTY2MzdmZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMWzHasKpHVKICP7SQ9wk4LEMcU0
S8wcKby7n/CDivcGFqjCdy89eq2msmXVx/ceyQX0CrbX4R/eAvLJGyCewkN5+8VD
xcJZCEv6szk4DXcmqNcL929i5RB/WRUhXRcDqWbhu2vVROPt2ZkT+0C1NXGlYJIA
mV1+PGG2Ca19uEk02sMDVr7pBMG0LJo9WQzmyWbjh9YY3I2vQ/ETi8qM4pTDnDZB
AIa/7Ga6slr+kvaMK3VjDiZ6KtZ0ksTd9lCKwchBQbjtx80Bt3D9a/FI9l8Szf2m
Apyj/AdDEEUdWYanXBtbm4i5ZaMNHQnI5mRlkDG83zMDIHPNOvkNmHlUQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfJlaE35nJAr7MlXcAQsdlmN/0lMB8GA1UdIwQY
MBaAFGOMUJy3ewFJtvZvUBn4WLOs+ULpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTR4UW5MZDdBVW0yOW05UUdmaFlzNno1UXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84NjBhNWUtZTBkMC00NGY1LTljNTQt
M2NjNGZmOWFhMWJjLzEvdDhtVm9UZm1ja0N2c3lWZHdCQ3gyV1kzX1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84NjBhNWUtZTBkMC00NGY1LTljNTQtM2NjNGZmOWFhMWJj
LzEvWTR4UW5MZDdBVW0yOW05UUdmaFlzNno1UXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQKOMA0G
CSqGSIb3DQEBCwUAA4IBAQBjQ2ugkvbQ4rduNDLWX91htP5LfDfDUB2FwJL+pK67
CWD+6cUdhJ5Jc9mCmQXGjT58afvrgh5xTLCmbDtD+Fqmnh3mrEioql5Q9FieCib3
eZQAuJOHpKzQqnZCuyLVnEhJfoI95gEL7VbH+hJuP0OEL5WsWNaRbLLrVxY6Dkdq
BE5sQXTMmjj7lftcF3u4kJDMfORIdNtW5iPaz1l4l2SgEMz51MaGaHo/6mV0A+zs
tmuYpvu5ZJVfCGJTA5yOCarGbauKb64uVrkaU3iu04uaCD8J+HscTglDInVXvg6I
vHKa1J6IjThTkkTnqq9i7xPTeP0sx+nZ5pCdVgfKgxou
-----END CERTIFICATE-----