This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/IYDcWXVOin0X4eF-OQ1Vti4U54Q.roa
File:                     IYDcWXVOin0X4eF-OQ1Vti4U54Q.roa (raw, json)
Hash identifier:          nqLHyjeiC0RivLdIbTbmn4gjwwFAxF1g54vATpHiW9s=
Subject key identifier:   21:80:DC:59:75:4E:8A:7D:17:E1:E1:7E:39:0D:55:B6:2E:14:E7:84
Certificate issuer:       /CN=977775ce8804695996ce77c7d3681b9c241b362f
Certificate serial:       019B7910A5689961DAEF255EBF63BA794910
Authority key identifier: 97:77:75:CE:88:04:69:59:96:CE:77:C7:D3:68:1B:9C:24:1B:36:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/IYDcWXVOin0X4eF-OQ1Vti4U54Q.roa
Signing time:             Thu 01 Jan 2026 10:18:12 +0000
ROA not before:           Thu 01 Jan 2026 10:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199829
IP address blocks:        185.45.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:a5:68:99:61:da:ef:25:5e:bf:63:ba:79:49:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=977775ce8804695996ce77c7d3681b9c241b362f
        Validity
            Not Before: Jan  1 10:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2180dc59754e8a7d17e1e17e390d55b62e14e784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:53:f9:1e:17:5e:3c:ad:8f:33:40:bc:e0:69:
                    a4:e8:d9:9d:61:e0:da:15:d0:39:be:75:80:6d:67:
                    35:97:53:b6:d4:88:e1:82:79:50:7d:e2:fd:6e:65:
                    11:f5:25:6a:36:27:71:7d:c5:8a:14:44:bb:1d:83:
                    e2:0f:d4:9a:58:a4:48:39:18:28:22:b7:4c:da:f8:
                    04:58:58:35:56:58:c5:17:d7:bd:0f:c3:1b:33:b7:
                    22:44:f7:54:25:42:85:db:a3:d1:6b:eb:99:d5:4a:
                    bc:f2:31:b1:54:2c:3d:f0:8d:ee:e7:c6:69:c9:4e:
                    9b:74:fc:99:1b:dc:a1:1f:4b:ff:e3:d5:6a:4c:39:
                    5e:2c:6b:e6:4f:8e:c2:8c:d7:d9:4e:7c:f7:da:76:
                    f4:ea:71:70:c5:22:fb:fe:4d:ac:ba:f6:f8:cf:47:
                    66:a4:0e:4e:73:b9:1a:2d:b1:3a:c5:05:60:77:f2:
                    6e:44:d9:e5:98:cc:6d:63:57:d2:55:ea:98:6d:9d:
                    3c:85:58:ab:56:f9:82:68:f6:18:7f:14:e9:c1:42:
                    1f:22:5f:27:59:0e:d7:02:0e:e9:2d:b7:aa:63:cc:
                    c9:bf:1d:b9:a4:78:0a:e3:5c:34:b4:dd:8a:2f:d8:
                    c3:01:97:5f:ff:8f:75:d5:bc:b4:65:e6:66:9c:0d:
                    26:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:80:DC:59:75:4E:8A:7D:17:E1:E1:7E:39:0D:55:B6:2E:14:E7:84
            X509v3 Authority Key Identifier:
                keyid:97:77:75:CE:88:04:69:59:96:CE:77:C7:D3:68:1B:9C:24:1B:36:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/IYDcWXVOin0X4eF-OQ1Vti4U54Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:77:55:3a:6c:2a:ed:ad:bd:3b:8e:8b:48:c1:b7:2e:d3:91:
         eb:13:8a:1c:07:7a:7f:bb:6f:68:35:e9:c5:ba:10:59:a7:ce:
         cc:f2:99:3e:31:6e:3f:bc:01:de:42:04:4e:e5:8e:aa:88:88:
         76:9c:60:1d:a5:a9:3f:b9:1d:6a:cc:d3:d7:1d:7b:f0:2e:9c:
         4f:eb:1e:e9:a9:8d:6f:73:a0:a5:fa:89:6e:a0:6d:e4:da:79:
         0a:12:c6:34:ba:ae:56:49:bf:5c:2d:65:16:72:46:01:83:9f:
         e8:5f:02:02:a5:9e:2c:1f:21:54:59:3c:13:48:17:0c:e4:b1:
         e7:42:be:00:83:09:d4:1b:e1:1a:22:15:bd:13:9b:bb:e8:c3:
         b8:2f:4c:a1:4a:45:51:60:41:94:3c:99:2d:ce:53:a3:7f:3a:
         a3:9a:1f:9e:43:8a:13:34:a8:05:17:5a:c4:d0:d8:0d:0b:fa:
         54:bd:21:46:ac:81:9d:bc:c0:7b:9e:d1:11:5b:58:da:70:18:
         e4:23:f1:51:43:7b:a0:8d:d2:4c:cb:21:bd:51:b7:04:3c:9a:
         23:7d:9e:a0:0c:5f:d6:89:0a:27:bf:93:f7:ec:1d:7f:01:80:
         56:05:d0:dd:3a:a7:43:80:89:ac:b5:6f:95:d5:9d:39:9a:d5:
         ac:4b:ff:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EKVomWHa7yVev2O6eUkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3Nzc3NWNlODgwNDY5NTk5NmNlNzdjN2QzNjgxYjljMjQx
YjM2MmYwHhcNMjYwMTAxMTAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTgwZGM1OTc1NGU4YTdkMTdlMWUxN2UzOTBkNTViNjJlMTRlNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1P5HhdePK2PM0C84Gmk6NmdYeDa
FdA5vnWAbWc1l1O21IjhgnlQfeL9bmUR9SVqNidxfcWKFES7HYPiD9SaWKRIORgo
IrdM2vgEWFg1VljFF9e9D8MbM7ciRPdUJUKF26PRa+uZ1Uq88jGxVCw98I3u58Zp
yU6bdPyZG9yhH0v/49VqTDleLGvmT47CjNfZTnz32nb06nFwxSL7/k2suvb4z0dm
pA5Oc7kaLbE6xQVgd/JuRNnlmMxtY1fSVeqYbZ08hVirVvmCaPYYfxTpwUIfIl8n
WQ7XAg7pLbeqY8zJvx25pHgK41w0tN2KL9jDAZdf/4911by0ZeZmnA0m0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGA3Fl1Top9F+HhfjkNVbYuFOeEMB8GA1UdIwQY
MBaAFJd3dc6IBGlZls53x9NoG5wkGzYvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDNkMXpvZ0VhVm1Xem5mSDAyZ2JuQ1FiTmk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9iYzhlMTAtNDYxZS00Y2U0LThiZTkt
NjIzOTczM2M2MTg0LzEvSVlEY1dYVk9pbjBYNGVGLU9RMVZ0aTRVNTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9iYzhlMTAtNDYxZS00Y2U0LThiZTktNjIzOTczM2M2MTg0
LzEvbDNkMXpvZ0VhVm1Xem5mSDAyZ2JuQ1FiTmk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS0QMA0G
CSqGSIb3DQEBCwUAA4IBAQCVd1U6bCrtrb07jotIwbcu05HrE4ocB3p/u29oNenF
uhBZp87M8pk+MW4/vAHeQgRO5Y6qiIh2nGAdpak/uR1qzNPXHXvwLpxP6x7pqY1v
c6Cl+oluoG3k2nkKEsY0uq5WSb9cLWUWckYBg5/oXwICpZ4sHyFUWTwTSBcM5LHn
Qr4AgwnUG+EaIhW9E5u76MO4L0yhSkVRYEGUPJktzlOjfzqjmh+eQ4oTNKgFF1rE
0NgNC/pUvSFGrIGdvMB7ntERW1jacBjkI/FRQ3ugjdJMyyG9UbcEPJojfZ6gDF/W
iQonv5P37B1/AYBWBdDdOqdDgImstW+V1Z05mtWsS/8S
-----END CERTIFICATE-----