This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JAbDSsUThCTBLKDuHd0kx4tKo28.roa
File:                     JAbDSsUThCTBLKDuHd0kx4tKo28.roa (raw, json)
Hash identifier:          c5o+Vj2lenxpO6UI7uV4lspv79VOmT5pGlh14/B8B4U=
Subject key identifier:   24:06:C3:4A:C5:13:84:24:C1:2C:A0:EE:1D:DD:24:C7:8B:4A:A3:6F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A33B4F96B0B9E882C741659236100F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JAbDSsUThCTBLKDuHd0kx4tKo28.roa
Signing time:             Thu 01 Jan 2026 08:18:42 +0000
ROA not before:           Thu 01 Jan 2026 08:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211167
IP address blocks:        85.208.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:3b:4f:96:b0:b9:e8:82:c7:41:65:92:36:10:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2406c34ac5138424c12ca0ee1ddd24c78b4aa36f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2a:00:fe:2f:b6:bb:27:81:5e:ff:58:a4:0a:
                    97:cc:58:bb:c2:72:39:77:09:97:57:cd:2d:c4:5f:
                    9f:c3:a6:9e:aa:2a:1f:ba:35:62:47:48:b2:30:fb:
                    33:58:55:0d:23:2c:7f:8c:18:22:1e:e8:75:db:e6:
                    fe:e6:4f:9f:04:7d:aa:74:23:18:56:aa:18:e4:82:
                    71:22:5e:c4:47:cf:1b:68:fd:ad:f1:48:a2:7d:49:
                    52:d4:e2:fd:df:f3:79:ce:71:f5:ec:d6:1a:22:c3:
                    33:0b:cb:ef:97:7a:c4:fc:c3:73:05:46:75:64:83:
                    da:f0:7c:74:f9:08:dd:cf:3a:17:ac:52:f2:d2:f8:
                    b6:a7:80:2a:74:3d:e3:af:fd:85:ba:7c:4a:67:a2:
                    a6:0d:46:78:7b:60:7d:f4:3b:00:57:8e:58:32:07:
                    66:e8:8f:2f:c1:31:0d:52:58:d1:c1:a8:17:ff:dd:
                    1f:fd:d9:51:15:1c:b4:64:f3:8d:3a:51:7d:60:5c:
                    ba:87:db:95:2c:00:55:01:3e:b2:0d:db:86:aa:9f:
                    ee:0d:75:3e:94:46:8b:13:d8:68:1b:6a:c6:fd:74:
                    c2:01:1a:cc:9e:fe:6e:e8:40:2a:c2:12:47:7a:87:
                    1f:d2:0e:6a:82:49:a6:84:d7:65:82:09:bf:44:41:
                    21:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:06:C3:4A:C5:13:84:24:C1:2C:A0:EE:1D:DD:24:C7:8B:4A:A3:6F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JAbDSsUThCTBLKDuHd0kx4tKo28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a9:60:45:df:bd:3e:5d:8f:29:0d:12:c2:b2:55:cd:c9:fc:
         d3:45:cd:30:db:50:d6:73:66:08:27:16:1c:65:4e:ba:b6:f2:
         7a:cb:4d:3c:85:76:d9:2b:48:42:26:49:4b:4a:26:61:24:be:
         55:d2:a3:4d:f0:f4:bf:48:2a:a5:a9:05:70:62:82:04:fa:d8:
         07:15:28:ab:5f:77:af:d6:51:47:0b:4f:3d:bd:18:2b:96:ac:
         2f:4d:40:80:41:3d:2a:ff:c5:f4:d1:f3:3b:b5:66:ae:66:fb:
         eb:2a:e8:6f:8e:ee:bc:1c:08:66:b6:14:2e:61:79:96:3e:11:
         60:e5:3f:78:d9:da:7d:28:f5:36:6f:bf:03:ff:b3:b4:de:ba:
         76:b3:eb:9f:12:07:ec:dd:2d:67:4b:c2:8f:01:67:be:38:d0:
         de:ba:80:f9:73:3a:79:65:8e:0e:6f:23:fe:41:86:4e:aa:88:
         99:55:55:37:e7:e1:b9:9f:76:d7:17:51:90:dc:9f:e5:66:4f:
         5a:81:84:4c:df:ef:21:bf:0f:34:71:ac:37:2d:c9:3b:07:69:
         71:a6:79:1a:cb:e1:81:78:79:fa:83:4b:ea:fe:7d:df:77:6f:
         f2:fa:34:c5:69:cc:1e:b6:d3:67:c6:f4:d1:c0:aa:f5:d4:66:
         37:0d:ea:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oztPlrC56ILHQWWSNhAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDA2YzM0YWM1MTM4NDI0YzEyY2EwZWUxZGRkMjRjNzhiNGFhMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSoA/i+2uyeBXv9YpAqXzFi7wnI5
dwmXV80txF+fw6aeqiofujViR0iyMPszWFUNIyx/jBgiHuh12+b+5k+fBH2qdCMY
VqoY5IJxIl7ER88baP2t8UiifUlS1OL93/N5znH17NYaIsMzC8vvl3rE/MNzBUZ1
ZIPa8Hx0+QjdzzoXrFLy0vi2p4AqdD3jr/2FunxKZ6KmDUZ4e2B99DsAV45YMgdm
6I8vwTENUljRwagX/90f/dlRFRy0ZPONOlF9YFy6h9uVLABVAT6yDduGqp/uDXU+
lEaLE9hoG2rG/XTCARrMnv5u6EAqwhJHeocf0g5qgkmmhNdlggm/REEhcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQGw0rFE4QkwSyg7h3dJMeLSqNvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSkFiRFNzVVRoQ1RCTEtEdUhkMGt4NHRLbzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCJMA0G
CSqGSIb3DQEBCwUAA4IBAQBDqWBF370+XY8pDRLCslXNyfzTRc0w21DWc2YIJxYc
ZU66tvJ6y008hXbZK0hCJklLSiZhJL5V0qNN8PS/SCqlqQVwYoIE+tgHFSirX3ev
1lFHC089vRgrlqwvTUCAQT0q/8X00fM7tWauZvvrKuhvju68HAhmthQuYXmWPhFg
5T942dp9KPU2b78D/7O03rp2s+ufEgfs3S1nS8KPAWe+ONDeuoD5czp5ZY4ObyP+
QYZOqoiZVVU35+G5n3bXF1GQ3J/lZk9agYRM3+8hvw80caw3Lck7B2lxpnkay+GB
eHn6g0vq/n3fd2/y+jTFacwettNnxvTRwKr11GY3DeoE
-----END CERTIFICATE-----