This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/DKZJyriLpkX0P03xQILHD2FwZEo.roa
File:                     DKZJyriLpkX0P03xQILHD2FwZEo.roa (raw, json)
Hash identifier:          x6vx2AQsWgf7sMGXLXxiRwrb7PArAVgKRPBlJd4ah10=
Subject key identifier:   0C:A6:49:CA:B8:8B:A6:45:F4:3F:4D:F1:40:82:C7:0F:61:70:64:4A
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       019B7D5C34239729D70988ED2B7D89BBCD80
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/DKZJyriLpkX0P03xQILHD2FwZEo.roa
Signing time:             Fri 02 Jan 2026 06:19:13 +0000
ROA not before:           Fri 02 Jan 2026 06:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199319
IP address blocks:        185.51.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:34:23:97:29:d7:09:88:ed:2b:7d:89:bb:cd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  2 06:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ca649cab88ba645f43f4df14082c70f6170644a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2f:aa:5e:00:32:07:65:67:1d:19:8a:fc:4e:
                    21:2f:dc:6f:92:25:3f:92:bd:f7:7d:1c:e8:e6:c1:
                    a2:75:31:7e:06:fb:95:9c:87:69:12:9e:6f:7d:2d:
                    16:79:b4:e3:fa:10:1b:ed:b3:01:8f:d9:38:6f:19:
                    d8:22:53:94:14:d0:d1:6d:20:57:d1:14:e5:d5:c7:
                    37:63:91:35:53:04:eb:5d:f5:53:60:88:36:0b:84:
                    fa:a5:45:ac:d2:32:ef:bc:f3:03:64:31:3a:51:51:
                    4a:29:4d:5c:f9:b1:17:b5:41:d4:95:39:97:d1:e0:
                    8a:fd:f0:78:6b:57:5a:a5:7e:a3:64:9b:ac:4b:84:
                    5a:1a:97:e1:3a:e8:4f:0a:a8:9a:39:ac:38:db:12:
                    e0:37:3a:8a:b5:3f:e6:ed:16:15:f4:92:9a:b9:73:
                    bb:32:22:6d:ab:69:5d:ac:9b:ce:9f:71:c4:f9:02:
                    8f:27:4e:65:c2:a0:a1:36:57:af:16:89:2d:75:76:
                    47:37:a9:32:d3:d7:2d:43:1e:c7:62:d7:a9:9c:bb:
                    8b:5c:a2:47:6f:85:81:73:14:62:9a:96:66:46:d4:
                    04:f2:af:80:c8:7d:98:ef:71:c9:7f:45:31:32:65:
                    52:9f:96:d2:b1:79:a8:ae:21:64:c2:e8:0f:14:cc:
                    f5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A6:49:CA:B8:8B:A6:45:F4:3F:4D:F1:40:82:C7:0F:61:70:64:4A
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/DKZJyriLpkX0P03xQILHD2FwZEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:36:c5:11:83:e5:36:d2:a1:a9:6e:14:18:78:58:95:a5:c8:
         7a:e7:a5:28:15:5a:2e:8e:b1:a4:ae:2b:03:d9:93:49:66:99:
         5f:e9:60:49:85:76:db:c4:3a:bd:af:b3:d6:ba:fe:af:d8:b1:
         11:d9:68:39:e2:b8:1c:7c:98:3c:20:4b:48:51:64:8f:2a:e9:
         ce:7c:5b:cf:c3:2f:46:50:8a:d0:9a:49:d4:d4:f3:59:91:b7:
         c9:ad:30:83:e4:a7:a1:57:37:97:63:18:79:02:a0:e4:49:fd:
         fb:eb:36:6f:0f:bb:a0:d3:32:2e:bd:ad:e1:59:aa:d6:e1:81:
         b4:e5:06:e7:44:0c:d6:aa:68:0e:d7:9e:e1:bb:9b:75:4f:60:
         17:d9:32:9a:a9:cd:96:86:80:27:65:ba:3f:b1:3c:91:92:80:
         5e:8e:c0:6a:0d:2a:25:d4:a8:0d:05:95:11:50:ef:55:25:0e:
         eb:34:cc:93:b4:e0:ae:93:26:a1:3c:b5:f7:76:59:e0:39:ec:
         e7:f3:30:86:78:55:1e:16:db:9b:27:ab:6c:61:9f:f5:81:fe:
         e2:57:8f:c1:1b:2a:23:98:4a:d3:2d:d3:d9:29:17:fe:08:89:
         86:23:cb:33:cf:21:6a:e9:b8:e4:5e:eb:17:fd:42:51:47:59:
         97:0a:ee:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XDQjlynXCYjtK32Ju82AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjYwMTAyMDYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E2NDljYWI4OGJhNjQ1ZjQzZjRkZjE0MDgyYzcwZjYxNzA2NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy+qXgAyB2VnHRmK/E4hL9xvkiU/
kr33fRzo5sGidTF+BvuVnIdpEp5vfS0WebTj+hAb7bMBj9k4bxnYIlOUFNDRbSBX
0RTl1cc3Y5E1UwTrXfVTYIg2C4T6pUWs0jLvvPMDZDE6UVFKKU1c+bEXtUHUlTmX
0eCK/fB4a1dapX6jZJusS4RaGpfhOuhPCqiaOaw42xLgNzqKtT/m7RYV9JKauXO7
MiJtq2ldrJvOn3HE+QKPJ05lwqChNlevFoktdXZHN6ky09ctQx7HYtepnLuLXKJH
b4WBcxRimpZmRtQE8q+AyH2Y73HJf0UxMmVSn5bSsXmoriFkwugPFMz12wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAymScq4i6ZF9D9N8UCCxw9hcGRKMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvREtaSnlyaUxwa1gwUDAzeFFJTEhEMkZ3WkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTN2MA0G
CSqGSIb3DQEBCwUAA4IBAQBhNsURg+U20qGpbhQYeFiVpch656UoFVoujrGkrisD
2ZNJZplf6WBJhXbbxDq9r7PWuv6v2LER2Wg54rgcfJg8IEtIUWSPKunOfFvPwy9G
UIrQmknU1PNZkbfJrTCD5KehVzeXYxh5AqDkSf376zZvD7ug0zIuva3hWarW4YG0
5QbnRAzWqmgO157hu5t1T2AX2TKaqc2WhoAnZbo/sTyRkoBejsBqDSol1KgNBZUR
UO9VJQ7rNMyTtOCukyahPLX3dlngOezn8zCGeFUeFtubJ6tsYZ/1gf7iV4/BGyoj
mErTLdPZKRf+CImGI8szzyFq6bjkXusX/UJRR1mXCu7x
-----END CERTIFICATE-----