This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/W_o6705Rn3HRwEzZ4PCeXI4OEgY.roa
File:                     W_o6705Rn3HRwEzZ4PCeXI4OEgY.roa (raw, json)
Hash identifier:          lFPEOT/5NpV8dy93XgRrFMslloDtdGEK/UAHkmtykNM=
Subject key identifier:   5B:FA:3A:EF:4E:51:9F:71:D1:C0:4C:D9:E0:F0:9E:5C:8E:0E:12:06
Certificate issuer:       /CN=33cfbfbf2eccd393aa30c221369965b847192da8
Certificate serial:       019B7E381D69AB3CA1A59B8FC99CD92A3733
Authority key identifier: 33:CF:BF:BF:2E:CC:D3:93:AA:30:C2:21:36:99:65:B8:47:19:2D:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/W_o6705Rn3HRwEzZ4PCeXI4OEgY.roa
Signing time:             Fri 02 Jan 2026 10:19:25 +0000
ROA not before:           Fri 02 Jan 2026 10:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21277
IP address blocks:        185.38.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:1d:69:ab:3c:a1:a5:9b:8f:c9:9c:d9:2a:37:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33cfbfbf2eccd393aa30c221369965b847192da8
        Validity
            Not Before: Jan  2 10:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bfa3aef4e519f71d1c04cd9e0f09e5c8e0e1206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:42:ac:9f:3e:68:f4:55:67:85:1f:ba:2b:9f:
                    ea:52:58:5a:ba:22:e2:b6:ce:06:1e:fc:a2:cb:33:
                    4b:f0:33:54:45:97:45:17:8a:4f:01:cc:52:5f:a2:
                    fe:67:38:2d:18:7d:fe:1d:b5:2b:07:35:0c:05:ae:
                    20:db:4a:63:f3:50:01:89:97:9f:d2:7d:ca:52:51:
                    aa:45:cb:c9:04:9c:c4:e1:8f:1d:72:41:6f:7e:91:
                    dd:4c:f2:6c:bb:84:8c:f0:63:50:82:6d:cd:5b:fc:
                    81:aa:3f:86:4e:28:ae:77:10:df:76:67:dd:fc:cc:
                    6f:8a:fc:a5:b6:a4:f8:f0:2f:ac:01:c3:04:76:9d:
                    75:2a:93:bf:23:eb:8b:ee:c1:38:f5:f7:50:b4:f0:
                    82:6d:8c:78:c3:ab:53:3f:1d:43:12:f3:a5:90:d3:
                    a6:69:ad:44:13:14:cf:90:d0:21:c1:1a:32:40:79:
                    1d:9f:76:89:9f:7e:16:59:a8:cc:d3:c3:5d:a5:07:
                    73:7f:9d:0e:55:45:e9:bd:d0:e1:b5:34:cd:31:88:
                    e0:bf:a1:c8:79:7a:60:4d:a7:79:dc:fa:24:4b:4e:
                    90:da:33:3c:7e:d5:53:58:27:0a:f0:f9:83:f2:8a:
                    af:e4:58:20:73:80:2a:bf:67:1b:20:a5:f9:dc:32:
                    36:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:FA:3A:EF:4E:51:9F:71:D1:C0:4C:D9:E0:F0:9E:5C:8E:0E:12:06
            X509v3 Authority Key Identifier:
                keyid:33:CF:BF:BF:2E:CC:D3:93:AA:30:C2:21:36:99:65:B8:47:19:2D:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/W_o6705Rn3HRwEzZ4PCeXI4OEgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:b5:b4:50:44:86:90:b1:f3:9f:b5:13:16:bd:de:68:08:bb:
         ab:d7:d3:5f:55:03:5d:d4:16:81:5c:d3:fe:22:c4:93:25:bd:
         33:34:7e:09:af:5f:56:06:07:c7:01:39:cb:38:ab:20:12:a8:
         18:50:6c:a9:b1:3f:b3:a3:76:a6:85:e6:7a:2a:b3:ee:6a:d0:
         99:9f:35:c9:53:f9:b3:ec:5f:5b:fb:07:14:7d:20:ef:37:d3:
         8b:13:52:1d:47:9c:01:ff:6c:5f:a9:62:dd:47:96:55:e1:08:
         77:cf:96:d8:f0:31:84:39:8f:f0:72:e5:16:2e:b7:11:4e:3a:
         61:7d:e1:26:2a:17:3b:05:d1:04:a9:b7:37:ac:88:b3:ed:81:
         41:8d:78:96:9a:df:59:5b:2f:27:07:c3:62:af:e3:b6:40:bb:
         0a:ec:1f:34:a3:d8:bd:09:2e:75:d0:70:28:2b:c2:58:fb:d5:
         84:f8:42:12:f3:d0:fa:61:9e:45:28:c5:47:33:60:53:ea:6a:
         75:ef:ab:bc:14:2f:c6:9f:fb:2b:f5:7d:4d:c9:37:e1:8f:d7:
         9d:88:b3:67:a9:83:64:b4:23:b1:fd:36:52:6b:07:a0:2c:9a:
         3b:26:9a:14:d8:cc:c6:39:3a:db:8b:73:3d:0f:d6:a2:df:3f:
         53:2b:c9:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OB1pqzyhpZuPyZzZKjczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzY2ZiZmJmMmVjY2QzOTNhYTMwYzIyMTM2OTk2NWI4NDcx
OTJkYTgwHhcNMjYwMTAyMTAxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmZhM2FlZjRlNTE5ZjcxZDFjMDRjZDllMGYwOWU1YzhlMGUxMjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUKsnz5o9FVnhR+6K5/qUlhauiLi
ts4GHvyiyzNL8DNURZdFF4pPAcxSX6L+ZzgtGH3+HbUrBzUMBa4g20pj81ABiZef
0n3KUlGqRcvJBJzE4Y8dckFvfpHdTPJsu4SM8GNQgm3NW/yBqj+GTiiudxDfdmfd
/MxvivyltqT48C+sAcMEdp11KpO/I+uL7sE49fdQtPCCbYx4w6tTPx1DEvOlkNOm
aa1EExTPkNAhwRoyQHkdn3aJn34WWajM08NdpQdzf50OVUXpvdDhtTTNMYjgv6HI
eXpgTad53PokS06Q2jM8ftVTWCcK8PmD8oqv5Fggc4Aqv2cbIKX53DI2CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFv6Ou9OUZ9x0cBM2eDwnlyODhIGMB8GA1UdIwQY
MBaAFDPPv78uzNOTqjDCITaZZbhHGS2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTgtX3Z5N00wNU9xTU1JaE5wbGx1RWNaTGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hZDA1MGYtYTIyZC00YTc3LTk1OGMt
MzU3YTYxMzYxZGNiLzEvV19vNjcwNVJuM0hSd0V6WjRQQ2VYSTRPRWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hZDA1MGYtYTIyZC00YTc3LTk1OGMtMzU3YTYxMzYxZGNi
LzEvTTgtX3Z5N00wNU9xTU1JaE5wbGx1RWNaTGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSbUMA0G
CSqGSIb3DQEBCwUAA4IBAQCjtbRQRIaQsfOftRMWvd5oCLur19NfVQNd1BaBXNP+
IsSTJb0zNH4Jr19WBgfHATnLOKsgEqgYUGypsT+zo3amheZ6KrPuatCZnzXJU/mz
7F9b+wcUfSDvN9OLE1IdR5wB/2xfqWLdR5ZV4Qh3z5bY8DGEOY/wcuUWLrcRTjph
feEmKhc7BdEEqbc3rIiz7YFBjXiWmt9ZWy8nB8Nir+O2QLsK7B80o9i9CS510HAo
K8JY+9WE+EIS89D6YZ5FKMVHM2BT6mp176u8FC/Gn/sr9X1NyTfhj9ediLNnqYNk
tCOx/TZSawegLJo7JpoU2MzGOTrbi3M9D9ai3z9TK8kh
-----END CERTIFICATE-----