This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fcMKvvIc-uKMyXaXItl6BhOvYAI.roa
File:                     fcMKvvIc-uKMyXaXItl6BhOvYAI.roa (raw, json)
Hash identifier:          bWIhwQ/lkTMKHU5pAtIRLA+s+dpO6uWcSZa145VsykM=
Subject key identifier:   7D:C3:0A:BE:F2:1C:FA:E2:8C:C9:76:97:22:D9:7A:06:13:AF:60:02
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019B77C71CAD7304F3BBE2769086E4EC1723
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fcMKvvIc-uKMyXaXItl6BhOvYAI.roa
Signing time:             Thu 01 Jan 2026 04:18:16 +0000
ROA not before:           Thu 01 Jan 2026 04:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214567
IP address blocks:        85.133.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:1c:ad:73:04:f3:bb:e2:76:90:86:e4:ec:17:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  1 04:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7dc30abef21cfae28cc9769722d97a0613af6002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:22:52:24:ee:14:ad:5a:1c:9d:20:15:6e:80:
                    1e:98:e2:8a:56:be:a3:a2:7d:58:55:d1:4d:54:9e:
                    0a:07:a2:73:a6:9b:93:5d:e9:80:a9:e0:b7:9b:0b:
                    ac:56:65:8f:96:cb:de:37:2c:19:5b:2e:19:5e:e2:
                    82:14:d0:b7:5e:b5:4a:d7:a9:84:24:ba:aa:81:48:
                    67:ac:a7:3e:c6:da:24:53:5a:12:8a:d8:41:cb:26:
                    a6:12:24:fd:15:87:a3:64:81:ba:4b:7f:25:81:6e:
                    59:52:20:fe:87:a1:dd:be:bb:ad:10:99:ab:39:5d:
                    c4:7b:83:63:74:01:37:18:f1:89:b2:af:1f:ff:13:
                    27:4a:73:2c:d4:7f:73:df:cd:05:5b:e5:dd:6f:f4:
                    c9:3f:02:da:a9:29:00:5b:b3:00:54:99:a5:04:39:
                    79:d3:67:c8:d9:6b:86:d6:e3:c6:ce:0b:db:ed:0d:
                    9c:a6:77:f6:33:ab:a6:95:ff:c1:c3:ed:e6:0e:11:
                    1c:14:75:e0:16:e9:5d:57:5f:ce:bd:53:85:ad:67:
                    a0:c3:ad:a9:ad:a2:ba:1b:9a:3e:c9:31:ba:2f:b1:
                    87:ac:80:21:60:6d:77:6a:83:30:b7:63:57:49:c2:
                    a0:9e:73:c4:e4:9b:90:20:a6:1c:8c:1d:b7:2d:1f:
                    bd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C3:0A:BE:F2:1C:FA:E2:8C:C9:76:97:22:D9:7A:06:13:AF:60:02
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/fcMKvvIc-uKMyXaXItl6BhOvYAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:8d:5d:4a:1a:06:38:9d:6e:5a:98:d8:84:db:04:db:4f:27:
         b3:19:36:39:d3:66:c7:ff:75:b0:ce:43:c1:7b:09:3a:02:97:
         c2:e7:ef:e8:70:2a:63:33:8a:9e:92:5b:f6:be:ee:b6:5a:a5:
         da:79:70:f4:f7:79:81:bc:17:74:ed:63:ac:27:48:ee:c1:70:
         80:1a:09:5c:4d:7c:8f:b6:83:e2:e4:5c:3f:4a:47:88:3e:38:
         68:48:bf:a6:7f:b4:dd:32:2c:33:81:bd:97:15:63:27:04:f9:
         98:a2:f2:df:db:68:90:c9:90:4a:c0:1c:dc:fe:a1:c7:83:37:
         92:d2:7e:41:88:44:c3:37:14:08:72:53:ec:c5:f6:6a:e0:e3:
         ed:96:8a:20:41:f5:96:f3:ae:3f:51:49:89:38:57:c4:ff:56:
         0e:76:c1:97:19:11:44:dd:e6:6d:5f:8e:7a:97:b4:3f:47:4e:
         77:6f:ae:08:df:63:6a:61:08:b0:52:1f:ee:b0:22:55:e9:fc:
         1f:27:1b:08:91:fc:6b:02:a9:5d:46:61:21:7b:e0:d3:c3:b9:
         d4:ca:bb:c0:dd:9b:c4:74:49:e1:2b:b3:4e:61:35:94:53:c6:
         9e:35:45:d1:fc:e3:76:6e:95:b8:f0:7a:9a:28:c6:64:f9:51:
         ae:39:70:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxytcwTzu+J2kIbk7BcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMTAxMDQxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMzMGFiZWYyMWNmYWUyOGNjOTc2OTcyMmQ5N2EwNjEzYWY2MDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSJSJO4UrVocnSAVboAemOKKVr6j
on1YVdFNVJ4KB6JzppuTXemAqeC3mwusVmWPlsveNywZWy4ZXuKCFNC3XrVK16mE
JLqqgUhnrKc+xtokU1oSithByyamEiT9FYejZIG6S38lgW5ZUiD+h6HdvrutEJmr
OV3Ee4NjdAE3GPGJsq8f/xMnSnMs1H9z380FW+Xdb/TJPwLaqSkAW7MAVJmlBDl5
02fI2WuG1uPGzgvb7Q2cpnf2M6umlf/Bw+3mDhEcFHXgFuldV1/OvVOFrWegw62p
raK6G5o+yTG6L7GHrIAhYG13aoMwt2NXScKgnnPE5JuQIKYcjB23LR+9vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3DCr7yHPrijMl2lyLZegYTr2ACMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZmNNS3Z2SWMtdUtNeVhhWEl0bDZCaE92WUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXpMA0G
CSqGSIb3DQEBCwUAA4IBAQA0jV1KGgY4nW5amNiE2wTbTyezGTY502bH/3WwzkPB
ewk6ApfC5+/ocCpjM4qeklv2vu62WqXaeXD093mBvBd07WOsJ0juwXCAGglcTXyP
toPi5Fw/SkeIPjhoSL+mf7TdMiwzgb2XFWMnBPmYovLf22iQyZBKwBzc/qHHgzeS
0n5BiETDNxQIclPsxfZq4OPtloogQfWW864/UUmJOFfE/1YOdsGXGRFE3eZtX456
l7Q/R053b64I32NqYQiwUh/usCJV6fwfJxsIkfxrAqldRmEhe+DTw7nUyrvA3ZvE
dEnhK7NOYTWUU8aeNUXR/ON2bpW48HqaKMZk+VGuOXBT
-----END CERTIFICATE-----