This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/cE9z_vi7aIN7R1MRmejkUdogCNM.roa
File:                     cE9z_vi7aIN7R1MRmejkUdogCNM.roa (raw, json)
Hash identifier:          ErypDac6PMXFFeqxfqyYQBUhuGPwndIrMS3m77VeKJg=
Subject key identifier:   70:4F:73:FE:F8:BB:68:83:7B:47:53:11:99:E8:E4:51:DA:20:08:D3
Certificate issuer:       /CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
Certificate serial:       019B79EC26DBBA2212C941F1FCDD81FA5542
Authority key identifier: EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/cE9z_vi7aIN7R1MRmejkUdogCNM.roa
Signing time:             Thu 01 Jan 2026 14:17:58 +0000
ROA not before:           Thu 01 Jan 2026 14:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        185.3.28.0/23 maxlen: 23
                          185.3.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:26:db:ba:22:12:c9:41:f1:fc:dd:81:fa:55:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
        Validity
            Not Before: Jan  1 14:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=704f73fef8bb68837b47531199e8e451da2008d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:94:86:e0:d1:03:9f:3a:28:2c:8e:d5:3a:82:
                    31:56:25:b8:a8:44:40:01:ae:14:1c:29:d7:1f:a3:
                    8f:7f:b9:b4:32:f3:b3:b1:78:8a:8a:01:d4:da:58:
                    2f:21:9d:1e:c7:75:f7:a0:62:44:33:1e:3a:9f:99:
                    c8:4e:cb:e7:53:5b:69:42:50:fe:5d:48:b3:b0:27:
                    49:b8:6f:22:7c:30:1a:4e:24:f7:c0:d6:5c:3f:69:
                    46:b9:4a:48:e5:04:09:53:ef:9e:bc:f9:52:4b:bc:
                    78:fe:fe:c7:17:cf:63:d9:5f:ed:92:a0:24:43:60:
                    55:f1:30:5b:b5:93:eb:14:d7:22:33:6e:7f:dc:1d:
                    be:2c:9a:e5:13:a9:f6:44:82:a2:b1:70:66:76:ac:
                    0d:fd:14:7d:af:ec:ee:e4:7f:08:0e:2f:ad:f9:5e:
                    f9:00:f2:88:88:d7:75:31:6e:40:fb:1e:cc:55:8e:
                    f8:d4:64:11:14:cf:84:8e:ae:3e:aa:5e:2f:48:cc:
                    20:7b:34:e4:22:cc:af:8b:45:a8:9a:81:17:db:10:
                    49:34:c3:32:07:67:20:a0:72:58:43:82:2c:ca:cd:
                    fd:3d:e5:4b:b1:34:d8:5a:ff:11:72:e4:51:52:b0:
                    dc:04:82:66:d5:fb:42:4a:25:78:c9:2c:6b:5c:df:
                    fd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4F:73:FE:F8:BB:68:83:7B:47:53:11:99:E8:E4:51:DA:20:08:D3
            X509v3 Authority Key Identifier:
                keyid:EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/cE9z_vi7aIN7R1MRmejkUdogCNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:cc:2f:0a:e1:91:a6:f9:8a:d2:16:97:8b:0f:47:75:f7:5c:
         fd:41:48:8b:00:23:0b:98:98:c9:58:cd:44:1d:6d:8c:ef:5d:
         6a:33:75:84:62:88:70:a6:2a:89:84:43:25:a2:91:b5:db:00:
         25:22:1a:c5:fb:5f:90:3d:d5:1d:b8:92:6a:78:39:5b:ef:54:
         a2:70:e4:77:17:aa:e8:3e:11:b9:f6:00:2f:3f:89:ca:51:5b:
         56:a7:6f:56:e3:22:fb:44:87:1f:d3:4b:fb:67:2c:d3:66:fd:
         b1:9a:a3:d1:bd:f6:54:a9:29:f8:19:e8:b3:e2:49:06:4a:85:
         28:0d:ad:b9:25:99:68:d8:b2:23:7d:a7:03:ec:96:70:93:01:
         37:0f:6b:7c:ef:bb:ef:11:8b:2f:bc:57:ca:7e:94:9e:06:32:
         69:61:fa:2d:c6:a0:ce:2d:eb:79:e2:d9:e4:b9:14:b7:1b:b1:
         d9:13:e9:5b:5f:d4:bf:57:d3:45:b9:a8:bd:f8:74:21:65:b9:
         24:e3:a0:c5:df:1f:d2:ff:3d:66:c2:95:e8:c2:d0:ef:81:bc:
         6f:2a:73:93:f6:17:ab:dc:5f:64:9d:45:6d:db:bb:b1:6d:8f:
         3e:e3:94:19:9b:34:ab:b7:8b:90:60:a2:32:b5:48:81:11:be:
         22:d3:a9:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57CbbuiISyUHx/N2B+lVCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMTY3YmI2YjA2MWZmZmE2MjlkZDJhODRjY2Y3ZGI0NGM3
MWEzNTEwHhcNMjYwMTAxMTQxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRmNzNmZWY4YmI2ODgzN2I0NzUzMTE5OWU4ZTQ1MWRhMjAwOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopSG4NEDnzooLI7VOoIxViW4qERA
Aa4UHCnXH6OPf7m0MvOzsXiKigHU2lgvIZ0ex3X3oGJEMx46n5nITsvnU1tpQlD+
XUizsCdJuG8ifDAaTiT3wNZcP2lGuUpI5QQJU++evPlSS7x4/v7HF89j2V/tkqAk
Q2BV8TBbtZPrFNciM25/3B2+LJrlE6n2RIKisXBmdqwN/RR9r+zu5H8IDi+t+V75
APKIiNd1MW5A+x7MVY741GQRFM+Ejq4+ql4vSMwgezTkIsyvi0WomoEX2xBJNMMy
B2cgoHJYQ4Isys39PeVLsTTYWv8RcuRRUrDcBIJm1ftCSiV4ySxrXN/9tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBPc/74u2iDe0dTEZno5FHaIAjTMB8GA1UdIwQY
MBaAFOwWe7awYf/6Yp3SqEzPfbRMcaNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjct
YzY1NWFkNTk0MTkzLzEvY0U5el92aTdhSU43UjFNUm1lamtVZG9nQ05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjctYzY1NWFkNTk0MTkz
LzEvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBgzC8K4ZGm+YrSFpeLD0d191z9QUiLACMLmJjJWM1E
HW2M711qM3WEYohwpiqJhEMlopG12wAlIhrF+1+QPdUduJJqeDlb71SicOR3F6ro
PhG59gAvP4nKUVtWp29W4yL7RIcf00v7ZyzTZv2xmqPRvfZUqSn4Geiz4kkGSoUo
Da25JZlo2LIjfacD7JZwkwE3D2t877vvEYsvvFfKfpSeBjJpYfotxqDOLet54tnk
uRS3G7HZE+lbX9S/V9NFuai9+HQhZbkk46DF3x/S/z1mwpXowtDvgbxvKnOT9her
3F9knUVt27uxbY8+45QZmzSrt4uQYKIytUiBEb4i06na
-----END CERTIFICATE-----