This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/rQ8ohk71V4ClseY7wRU6uUdfWw0.roa
File:                     rQ8ohk71V4ClseY7wRU6uUdfWw0.roa (raw, json)
Hash identifier:          +Un59zWJ5v19ef4G1vmVABla4G6FDYt+TwXokRhf32c=
Subject key identifier:   AD:0F:28:86:4E:F5:57:80:A5:B1:E6:3B:C1:15:3A:B9:47:5F:5B:0D
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       019B7EA5138EA4D902CB80CD5493A4289ECF
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/rQ8ohk71V4ClseY7wRU6uUdfWw0.roa
Signing time:             Fri 02 Jan 2026 12:18:26 +0000
ROA not before:           Fri 02 Jan 2026 12:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208046
IP address blocks:        185.196.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:13:8e:a4:d9:02:cb:80:cd:54:93:a4:28:9e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  2 12:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad0f28864ef55780a5b1e63bc1153ab9475f5b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b4:0e:4b:ac:d7:be:67:50:2a:f5:7d:d4:42:
                    86:17:da:bc:23:81:5a:65:c8:e3:01:11:27:39:2c:
                    e7:1a:af:23:0d:00:f3:c9:65:45:a5:79:fa:67:eb:
                    2c:80:62:e4:7a:55:8c:43:2d:8a:57:68:92:5b:f3:
                    44:93:cb:fd:c6:0a:04:63:90:e1:ca:e1:b5:85:9e:
                    b1:87:9b:b9:2c:8c:a4:79:73:b9:ba:38:16:41:4f:
                    6a:82:5a:17:a0:9f:7e:db:6f:7f:87:90:e6:e2:90:
                    f9:49:93:2a:e2:9e:7b:4f:e3:fe:a9:6d:50:4c:f9:
                    71:41:e9:7e:bf:8d:be:7b:e8:68:50:c9:4f:10:44:
                    44:e0:02:30:32:72:f7:5b:6d:17:71:7a:11:04:98:
                    2f:2a:dd:42:31:bb:4d:dd:0a:e4:3f:e6:88:38:86:
                    4d:48:d9:0e:e5:c9:ca:46:39:79:9c:27:fd:b0:df:
                    f3:59:77:5f:5e:56:f9:0a:e5:42:f9:d8:6b:d4:ef:
                    7e:0a:3d:1e:58:e9:f0:87:04:ba:b1:76:7e:27:a6:
                    ab:c2:cd:d0:53:74:44:34:c7:dc:c6:94:1c:0a:33:
                    6c:75:ab:b9:ab:6d:2d:a6:b3:6a:1a:06:c3:71:0e:
                    e7:bb:d0:f1:6e:c6:5c:b7:20:f1:6d:30:57:76:27:
                    2e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0F:28:86:4E:F5:57:80:A5:B1:E6:3B:C1:15:3A:B9:47:5F:5B:0D
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/rQ8ohk71V4ClseY7wRU6uUdfWw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:51:70:f4:43:47:fd:1b:66:db:02:00:e3:2c:f5:0e:ef:bf:
         d5:a1:a2:51:be:b8:63:8a:e7:a0:56:cc:10:03:23:7f:9a:c5:
         4e:32:ac:4c:0a:51:ee:f1:03:8e:12:42:ae:94:10:43:ba:7f:
         40:1d:4e:44:3d:ad:f4:47:8f:3e:34:8e:69:a1:1e:ae:13:ba:
         b9:55:b2:08:b3:a5:c7:00:0c:78:cc:5d:cf:a3:dd:76:7f:e0:
         6e:5d:1d:6c:73:a2:06:a3:39:f2:93:c2:65:55:3b:b9:58:fc:
         e6:ff:27:1f:3b:3f:f0:4e:b3:d5:6a:e1:67:5a:a8:c1:27:44:
         10:c7:2a:8f:fe:ee:05:b6:5e:9c:91:e8:84:eb:58:7f:63:ee:
         05:b7:78:e9:5c:0e:b6:94:63:a0:34:c4:c5:98:bd:e7:a7:e9:
         60:79:94:88:7a:7c:98:a9:fe:1d:b4:65:bf:b0:70:4d:f9:b3:
         9e:b0:34:39:9e:fb:2a:93:b2:96:87:cb:e5:bc:cc:c1:0a:bd:
         e9:5c:e2:5e:31:6b:b7:74:9b:1e:10:6e:37:28:2f:40:a4:5d:
         41:19:26:2a:6d:04:22:ae:ab:51:29:bc:68:b7:10:2d:f6:bf:
         74:bf:16:c7:6c:72:5b:4c:f2:96:9c:d4:0f:9d:c2:6f:82:e8:
         16:18:ca:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pROOpNkCy4DNVJOkKJ7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjYwMTAyMTIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBmMjg4NjRlZjU1NzgwYTViMWU2M2JjMTE1M2FiOTQ3NWY1YjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57QOS6zXvmdQKvV91EKGF9q8I4Fa
ZcjjAREnOSznGq8jDQDzyWVFpXn6Z+ssgGLkelWMQy2KV2iSW/NEk8v9xgoEY5Dh
yuG1hZ6xh5u5LIykeXO5ujgWQU9qgloXoJ9+229/h5Dm4pD5SZMq4p57T+P+qW1Q
TPlxQel+v42+e+hoUMlPEERE4AIwMnL3W20XcXoRBJgvKt1CMbtN3QrkP+aIOIZN
SNkO5cnKRjl5nCf9sN/zWXdfXlb5CuVC+dhr1O9+Cj0eWOnwhwS6sXZ+J6arws3Q
U3RENMfcxpQcCjNsdau5q20tprNqGgbDcQ7nu9DxbsZctyDxbTBXdicuxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0PKIZO9VeApbHmO8EVOrlHX1sNMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvclE4b2hrNzFWNENsc2VZN3dSVTZ1VWRmV3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucTcMA0G
CSqGSIb3DQEBCwUAA4IBAQAsUXD0Q0f9G2bbAgDjLPUO77/VoaJRvrhjiuegVswQ
AyN/msVOMqxMClHu8QOOEkKulBBDun9AHU5EPa30R48+NI5poR6uE7q5VbIIs6XH
AAx4zF3Po912f+BuXR1sc6IGoznyk8JlVTu5WPzm/ycfOz/wTrPVauFnWqjBJ0QQ
xyqP/u4Ftl6ckeiE61h/Y+4Ft3jpXA62lGOgNMTFmL3np+lgeZSIenyYqf4dtGW/
sHBN+bOesDQ5nvsqk7KWh8vlvMzBCr3pXOJeMWu3dJseEG43KC9ApF1BGSYqbQQi
rqtRKbxotxAt9r90vxbHbHJbTPKWnNQPncJvgugWGMpp
-----END CERTIFICATE-----