This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AnJCTd7AgRSldDmx71BvWIQlsjc.roa
File:                     AnJCTd7AgRSldDmx71BvWIQlsjc.roa (raw, json)
Hash identifier:          VFBhkSbr4RUTAOsdzP+CuaTF7y4EenVQsmWrwQQVwpM=
Subject key identifier:   02:72:42:4D:DE:C0:81:14:A5:74:39:B1:EF:50:6F:58:84:25:B2:37
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       019B7B36988870B13CDF3D7D0BB5789BAD48
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AnJCTd7AgRSldDmx71BvWIQlsjc.roa
Signing time:             Thu 01 Jan 2026 20:18:54 +0000
ROA not before:           Thu 01 Jan 2026 20:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62081
IP address blocks:        185.165.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:98:88:70:b1:3c:df:3d:7d:0b:b5:78:9b:ad:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 20:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0272424ddec08114a57439b1ef506f588425b237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b3:ef:3b:e6:67:4b:a4:95:44:84:23:ba:a7:
                    79:09:6a:70:ed:6e:8d:ca:25:c5:45:c5:6c:20:9d:
                    b2:55:76:98:37:50:b3:70:6b:47:7f:23:e8:15:4d:
                    55:84:f4:59:45:85:d3:2b:b0:fe:a5:56:f3:ef:1e:
                    9e:e7:aa:3c:33:0a:1c:4a:60:c7:8b:d3:53:6e:d8:
                    2e:a6:d9:e8:3a:fd:a2:09:79:a5:dc:b7:ea:0b:03:
                    b5:99:0d:9c:2a:e0:f9:e1:34:96:c9:ff:85:a4:2a:
                    5d:12:25:03:16:45:ad:60:16:61:bb:a2:9d:ce:b6:
                    6c:35:ba:06:60:8a:19:d0:25:73:3a:50:7d:6e:4b:
                    cf:53:9f:89:c0:23:2b:0d:44:cd:3b:8f:ea:f4:8a:
                    a1:8f:fe:d1:2f:9f:50:58:52:77:72:d5:cb:93:f0:
                    7b:54:98:70:4b:e9:12:15:42:ec:78:42:61:dc:88:
                    96:11:11:ae:99:2b:c4:77:55:b2:09:be:c6:b8:58:
                    15:82:d4:d8:25:a9:ae:5b:1c:b1:c4:c5:c8:a3:e8:
                    7f:b2:91:63:b9:00:4b:49:a0:ad:52:2f:37:2b:4a:
                    b4:26:ee:74:96:8e:90:52:d6:03:b1:6f:8f:37:ca:
                    a8:23:44:22:f8:13:67:c9:11:a2:8b:6f:e9:66:dd:
                    d9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:72:42:4D:DE:C0:81:14:A5:74:39:B1:EF:50:6F:58:84:25:B2:37
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AnJCTd7AgRSldDmx71BvWIQlsjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:40:7c:3d:19:58:f6:96:a0:0c:5d:89:06:a6:a8:5e:00:61:
         9b:35:d7:f6:07:6f:ae:9c:7e:13:32:ed:ce:8b:3d:89:32:2b:
         8c:4d:57:53:c3:7f:06:98:2a:b4:ea:24:be:17:cb:f6:39:53:
         a6:cc:e7:4e:26:bb:dd:cc:84:89:1e:c5:ad:ac:65:cf:2f:22:
         a0:c0:72:33:3f:bb:d3:c7:9b:bf:84:34:73:35:37:de:32:21:
         ee:e3:56:fc:9f:42:e6:44:9f:78:a9:93:da:48:6f:3f:3f:4d:
         04:55:6a:d4:3b:1f:11:c2:5b:9c:8d:b5:19:89:c2:8f:d2:b0:
         4f:a9:29:7a:16:1a:e1:00:c6:c9:30:ca:f1:f7:42:8a:bf:b3:
         81:c1:35:a0:b9:5a:bd:f0:13:c9:18:e3:6a:16:4a:df:53:01:
         96:95:2e:6c:04:e1:71:81:f7:e0:1e:19:0a:c6:aa:ed:6a:5c:
         4c:2a:53:20:79:18:2b:30:f7:34:ce:9b:bf:ac:bd:35:0d:51:
         ca:92:45:49:6f:fa:d2:70:df:c5:e3:61:0b:eb:0b:d8:a0:ac:
         4a:be:33:21:31:47:5b:ce:61:61:c3:60:6c:f5:68:60:96:ad:
         ff:49:d0:31:26:8d:40:89:ba:21:6f:66:33:fe:46:e3:5b:66:
         7c:f0:70:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NpiIcLE83z19C7V4m61IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjYwMTAxMjAxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjcyNDI0ZGRlYzA4MTE0YTU3NDM5YjFlZjUwNmY1ODg0MjViMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrPvO+ZnS6SVRIQjuqd5CWpw7W6N
yiXFRcVsIJ2yVXaYN1CzcGtHfyPoFU1VhPRZRYXTK7D+pVbz7x6e56o8MwocSmDH
i9NTbtguptnoOv2iCXml3LfqCwO1mQ2cKuD54TSWyf+FpCpdEiUDFkWtYBZhu6Kd
zrZsNboGYIoZ0CVzOlB9bkvPU5+JwCMrDUTNO4/q9Iqhj/7RL59QWFJ3ctXLk/B7
VJhwS+kSFULseEJh3IiWERGumSvEd1WyCb7GuFgVgtTYJamuWxyxxMXIo+h/spFj
uQBLSaCtUi83K0q0Ju50lo6QUtYDsW+PN8qoI0Qi+BNnyRGii2/pZt3ZjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJyQk3ewIEUpXQ5se9Qb1iEJbI3MB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvQW5KQ1RkN0FnUlNsZERteDcxQnZXSVFsc2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaWVMA0G
CSqGSIb3DQEBCwUAA4IBAQB0QHw9GVj2lqAMXYkGpqheAGGbNdf2B2+unH4TMu3O
iz2JMiuMTVdTw38GmCq06iS+F8v2OVOmzOdOJrvdzISJHsWtrGXPLyKgwHIzP7vT
x5u/hDRzNTfeMiHu41b8n0LmRJ94qZPaSG8/P00EVWrUOx8RwlucjbUZicKP0rBP
qSl6FhrhAMbJMMrx90KKv7OBwTWguVq98BPJGONqFkrfUwGWlS5sBOFxgffgHhkK
xqrtalxMKlMgeRgrMPc0zpu/rL01DVHKkkVJb/rScN/F42EL6wvYoKxKvjMhMUdb
zmFhw2Bs9Whglq3/SdAxJo1Aibohb2Yz/kbjW2Z88HCP
-----END CERTIFICATE-----