This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/achjIHDKww_TLSJu-NnrKxU3--A.roa
File:                     achjIHDKww_TLSJu-NnrKxU3--A.roa (raw, json)
Hash identifier:          GHcbBAVqUMC4lX8HAJJpjhpVUyf1FlS4/jLemAj83YQ=
Subject key identifier:   69:C8:63:20:70:CA:C3:0F:D3:2D:22:6E:F8:D9:EB:2B:15:37:FB:E0
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       019B797F03F77AC2DEE2C68B98E6F46310E2
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/achjIHDKww_TLSJu-NnrKxU3--A.roa
Signing time:             Thu 01 Jan 2026 12:18:45 +0000
ROA not before:           Thu 01 Jan 2026 12:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205578
IP address blocks:        185.12.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:03:f7:7a:c2:de:e2:c6:8b:98:e6:f4:63:10:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Jan  1 12:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69c8632070cac30fd32d226ef8d9eb2b1537fbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bf:34:a1:17:aa:cc:23:3f:82:38:cb:04:51:
                    fc:78:74:da:c5:28:f5:06:53:a7:70:95:b0:19:e7:
                    71:7e:e9:47:ac:7c:e3:35:09:58:e3:67:3f:6e:87:
                    9d:dc:7f:3c:4c:20:38:87:f5:24:17:09:28:61:38:
                    81:84:30:b7:41:5c:89:56:b8:3c:2d:3c:78:c7:e4:
                    49:12:b9:f5:6b:10:00:24:75:57:05:6b:bd:e0:dc:
                    e2:4e:fa:1f:b2:3f:57:20:cd:89:4a:9d:3e:d1:68:
                    86:6f:c0:d4:db:5c:11:0f:8d:65:b3:fc:be:70:19:
                    fc:18:fd:be:be:68:6d:83:37:f0:3f:d1:77:c2:d3:
                    c5:dd:09:ef:cd:06:1f:5a:9c:ac:81:7c:32:28:e2:
                    61:a3:46:47:17:58:40:89:80:08:17:40:1b:5c:a7:
                    48:03:fe:e1:99:f0:1c:d1:2c:b6:44:d3:c4:27:4b:
                    d2:94:f8:53:4d:0d:ca:86:a4:ea:0a:af:f8:01:5b:
                    ed:b9:fe:f9:1e:6e:38:c5:80:f5:49:4b:c6:c5:ad:
                    b2:20:35:0d:62:62:c9:eb:4e:eb:92:92:ab:3c:fe:
                    cf:62:e6:df:3a:70:1f:d2:8a:40:e7:91:08:a5:f3:
                    8b:bb:4d:1c:20:a3:c8:76:e2:2c:fb:19:b4:50:4e:
                    63:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C8:63:20:70:CA:C3:0F:D3:2D:22:6E:F8:D9:EB:2B:15:37:FB:E0
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/achjIHDKww_TLSJu-NnrKxU3--A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:aa:6a:c5:5e:40:0f:58:54:39:98:39:4d:03:aa:90:87:48:
         36:a0:95:a9:69:d9:b3:58:5d:74:a0:7a:b0:da:25:2c:d6:ef:
         eb:38:2b:6c:8a:2b:46:7a:ea:86:b1:16:49:39:7a:f8:3e:1d:
         7a:ff:ca:2a:75:4c:67:cc:01:50:94:1f:12:9b:54:c0:fa:63:
         d8:2e:37:8e:08:22:2e:4b:90:5e:d6:36:1d:f9:2e:6f:e9:5a:
         5a:da:de:bf:d8:2c:d0:85:d2:0a:5d:ad:a4:ad:5a:fb:ec:23:
         ef:42:60:5e:b6:8a:d8:44:cf:22:ac:df:9a:46:b9:47:fa:e3:
         7f:99:b1:4b:93:a4:63:ff:9f:40:03:c4:5a:7d:52:e1:cf:f0:
         31:aa:90:ff:50:10:89:6d:e4:5a:1e:7f:d6:a0:c0:38:90:ff:
         35:13:cb:40:07:ec:3d:a1:59:9a:00:c2:fa:d5:05:f8:57:95:
         49:70:f5:91:8e:0b:36:80:5c:d9:33:39:b9:68:d9:40:65:81:
         ed:f2:9d:e6:4a:31:21:39:f8:06:54:d2:c7:e9:ed:c9:57:5b:
         5d:44:a1:f6:97:bd:30:1e:10:d7:c8:a7:c2:48:0e:9b:52:ca:
         b7:ab:41:49:49:0c:00:4f:a2:af:60:15:29:c1:f9:27:04:08:
         0f:e0:95:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwP3esLe4saLmOb0YxDiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjYwMTAxMTIxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM4NjMyMDcwY2FjMzBmZDMyZDIyNmVmOGQ5ZWIyYjE1MzdmYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlb80oReqzCM/gjjLBFH8eHTaxSj1
BlOncJWwGedxfulHrHzjNQlY42c/boed3H88TCA4h/UkFwkoYTiBhDC3QVyJVrg8
LTx4x+RJErn1axAAJHVXBWu94NziTvofsj9XIM2JSp0+0WiGb8DU21wRD41ls/y+
cBn8GP2+vmhtgzfwP9F3wtPF3QnvzQYfWpysgXwyKOJho0ZHF1hAiYAIF0AbXKdI
A/7hmfAc0Sy2RNPEJ0vSlPhTTQ3KhqTqCq/4AVvtuf75Hm44xYD1SUvGxa2yIDUN
YmLJ607rkpKrPP7PYubfOnAf0opA55EIpfOLu00cIKPIduIs+xm0UE5jPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnIYyBwysMP0y0ibvjZ6ysVN/vgMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvYWNoaklIREt3d19UTFNKdS1ObnJLeFUzLS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQzcMA0G
CSqGSIb3DQEBCwUAA4IBAQBLqmrFXkAPWFQ5mDlNA6qQh0g2oJWpadmzWF10oHqw
2iUs1u/rOCtsiitGeuqGsRZJOXr4Ph16/8oqdUxnzAFQlB8Sm1TA+mPYLjeOCCIu
S5Be1jYd+S5v6Vpa2t6/2CzQhdIKXa2krVr77CPvQmBetorYRM8irN+aRrlH+uN/
mbFLk6Rj/59AA8RafVLhz/AxqpD/UBCJbeRaHn/WoMA4kP81E8tAB+w9oVmaAML6
1QX4V5VJcPWRjgs2gFzZMzm5aNlAZYHt8p3mSjEhOfgGVNLH6e3JV1tdRKH2l70w
HhDXyKfCSA6bUsq3q0FJSQwAT6KvYBUpwfknBAgP4JVO
-----END CERTIFICATE-----