This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/04FKSiNEBSVxxBYiPtE8VcsRvqM.roa
File:                     04FKSiNEBSVxxBYiPtE8VcsRvqM.roa (raw, json)
Hash identifier:          iIsFB+u1yXou/MBTJQN92523XOZ49HIi4J+JzBjc0Vk=
Subject key identifier:   D3:81:4A:4A:23:44:05:25:71:C4:16:22:3E:D1:3C:55:CB:11:BE:A3
Certificate issuer:       /CN=89554780db25b243c0a2d361979b130a7f13c60d
Certificate serial:       019B7B35FDB644B8CF8F4426B4B3B9B32ABA
Authority key identifier: 89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/04FKSiNEBSVxxBYiPtE8VcsRvqM.roa
Signing time:             Thu 01 Jan 2026 20:18:14 +0000
ROA not before:           Thu 01 Jan 2026 20:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28878
IP address blocks:        185.75.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fd:b6:44:b8:cf:8f:44:26:b4:b3:b9:b3:2a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89554780db25b243c0a2d361979b130a7f13c60d
        Validity
            Not Before: Jan  1 20:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3814a4a2344052571c416223ed13c55cb11bea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ed:f9:02:77:7e:23:15:ef:89:79:1c:32:29:
                    aa:49:a6:e2:ea:d1:03:59:d8:2e:cd:d7:de:ca:21:
                    e7:27:9b:45:90:95:6f:78:0d:63:64:0d:4d:bf:66:
                    68:8e:bf:16:6b:e9:5b:9d:e7:6f:96:b5:68:b2:3f:
                    e3:cf:42:c6:a8:80:42:24:f9:1a:97:45:3c:84:bf:
                    83:68:21:8a:e1:cf:8e:51:f5:c6:24:50:74:7d:0c:
                    01:b2:0b:01:d6:58:ee:8e:00:6a:bd:f4:06:e8:a1:
                    8e:0d:94:34:8c:83:07:86:99:50:0b:49:78:dd:a7:
                    c9:27:4d:8c:3f:4b:84:f9:1c:16:8a:c9:fa:3d:0e:
                    08:78:33:8d:d7:c7:ed:ea:e7:3d:17:e4:81:2c:cc:
                    00:1d:0f:09:48:7f:8a:7d:d6:3a:45:26:33:51:76:
                    22:22:26:24:79:30:2b:e3:5a:15:bc:bf:55:ac:59:
                    1d:b8:86:1a:0d:b5:2c:39:a1:0e:43:84:d3:b3:11:
                    81:e5:4c:ac:48:1d:43:25:f6:8a:96:30:a1:85:80:
                    4f:45:b5:79:fb:28:44:b8:6f:c6:47:76:e1:a8:5f:
                    a9:0b:3b:a4:cc:94:4e:9e:65:a2:f5:7e:68:ff:f0:
                    5d:76:29:a1:26:1d:7d:9c:18:fa:24:c7:46:3e:c1:
                    a4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:81:4A:4A:23:44:05:25:71:C4:16:22:3E:D1:3C:55:CB:11:BE:A3
            X509v3 Authority Key Identifier:
                keyid:89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/04FKSiNEBSVxxBYiPtE8VcsRvqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:c0:ac:8e:10:61:11:f1:12:a7:66:56:37:6d:48:d8:8c:4b:
         4e:34:15:9c:08:0c:a0:3c:19:c4:f1:9f:a6:3d:8d:4b:db:bd:
         cd:d9:e9:f3:10:c3:ca:8c:16:a8:3b:08:4c:e6:d1:ad:7e:4a:
         0e:94:66:aa:16:b4:d0:e7:be:17:c1:1f:2b:8b:d6:75:1b:71:
         71:3c:a8:49:04:6a:c7:6c:2f:00:e7:39:58:7f:a2:01:02:8b:
         7a:c0:f7:07:69:ac:3f:eb:59:6a:3d:ba:23:43:a0:fd:86:96:
         f2:bc:36:5e:c9:6f:33:7f:88:f8:97:e3:94:c4:de:c8:cb:4b:
         fb:1d:17:99:a0:a4:10:d2:0a:d5:23:fa:7f:ee:3a:5c:bc:a1:
         00:e0:96:23:e6:21:ee:9d:27:ea:6e:ec:6d:34:a4:4c:11:5c:
         6a:b9:fc:63:4e:52:85:18:e9:44:8b:3b:e9:cf:c4:41:82:50:
         d8:6e:57:f1:ad:cb:69:1a:45:51:b9:e1:e1:fe:83:77:d1:38:
         a1:7c:d9:de:62:6f:27:e5:7d:91:bc:fa:d1:43:3c:0b:a8:15:
         c9:a8:33:f9:37:63:cf:c1:57:4b:d2:2d:46:2e:fa:09:ea:1f:
         a8:b2:9b:13:ba:c8:a5:3f:9b:28:be:6d:73:38:22:4d:31:e6:
         0e:11:10:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nf22RLjPj0QmtLO5syq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTU0NzgwZGIyNWIyNDNjMGEyZDM2MTk3OWIxMzBhN2Yx
M2M2MGQwHhcNMjYwMTAxMjAxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgxNGE0YTIzNDQwNTI1NzFjNDE2MjIzZWQxM2M1NWNiMTFiZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5O35And+IxXviXkcMimqSabi6tED
WdguzdfeyiHnJ5tFkJVveA1jZA1Nv2Zojr8Wa+lbnedvlrVosj/jz0LGqIBCJPka
l0U8hL+DaCGK4c+OUfXGJFB0fQwBsgsB1ljujgBqvfQG6KGODZQ0jIMHhplQC0l4
3afJJ02MP0uE+RwWisn6PQ4IeDON18ft6uc9F+SBLMwAHQ8JSH+KfdY6RSYzUXYi
IiYkeTAr41oVvL9VrFkduIYaDbUsOaEOQ4TTsxGB5UysSB1DJfaKljChhYBPRbV5
+yhEuG/GR3bhqF+pCzukzJROnmWi9X5o//BddimhJh19nBj6JMdGPsGk2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOBSkojRAUlccQWIj7RPFXLEb6jMB8GA1UdIwQY
MBaAFIlVR4DbJbJDwKLTYZebEwp/E8YNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGIt
ZGJhNGM5Yjg3MDZiLzEvMDRGS1NpTkVCU1Z4eEJZaVB0RThWY3NSdnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGItZGJhNGM5Yjg3MDZi
LzEvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUucMA0G
CSqGSIb3DQEBCwUAA4IBAQBqwKyOEGER8RKnZlY3bUjYjEtONBWcCAygPBnE8Z+m
PY1L273N2enzEMPKjBaoOwhM5tGtfkoOlGaqFrTQ574XwR8ri9Z1G3FxPKhJBGrH
bC8A5zlYf6IBAot6wPcHaaw/61lqPbojQ6D9hpbyvDZeyW8zf4j4l+OUxN7Iy0v7
HReZoKQQ0grVI/p/7jpcvKEA4JYj5iHunSfqbuxtNKRMEVxqufxjTlKFGOlEizvp
z8RBglDYblfxrctpGkVRueHh/oN30TihfNneYm8n5X2RvPrRQzwLqBXJqDP5N2PP
wVdL0i1GLvoJ6h+ospsTusilP5sovm1zOCJNMeYOERB/
-----END CERTIFICATE-----