This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/IkrFRF3Ttgw4FIDBgBDVg0dJ4b4.roa
File:                     IkrFRF3Ttgw4FIDBgBDVg0dJ4b4.roa (raw, json)
Hash identifier:          WGPpKc4dj5grwNnhEEktJ194QdHxK76K6rqlpp7lrFs=
Subject key identifier:   22:4A:C5:44:5D:D3:B6:0C:38:14:80:C1:80:10:D5:83:47:49:E1:BE
Certificate issuer:       /CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
Certificate serial:       019B797DF9E301BDB8EE08522201A24C684A
Authority key identifier: 0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/IkrFRF3Ttgw4FIDBgBDVg0dJ4b4.roa
Signing time:             Thu 01 Jan 2026 12:17:37 +0000
ROA not before:           Thu 01 Jan 2026 12:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        185.226.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:f9:e3:01:bd:b8:ee:08:52:22:01:a2:4c:68:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
        Validity
            Not Before: Jan  1 12:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=224ac5445dd3b60c381480c18010d5834749e1be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:27:44:38:b0:1d:e4:5a:2e:27:fa:f6:75:75:
                    f5:0d:d0:60:3e:e7:24:69:37:bd:ed:b4:2f:6d:27:
                    22:89:9d:31:44:3d:bb:d0:6c:c8:5f:cb:54:02:52:
                    21:80:8b:b9:1d:e0:f0:58:57:ed:34:40:ac:ff:2d:
                    91:3d:56:75:19:b5:c6:c5:19:ef:05:1d:3d:4d:a2:
                    47:50:78:71:40:d5:58:5b:b8:f7:e5:63:08:0e:dd:
                    69:3d:82:fe:0b:b3:2d:b0:bc:d8:5e:9b:7b:28:f7:
                    19:83:02:1a:e5:03:40:67:c9:72:3d:1f:85:12:c3:
                    76:78:12:cd:fd:3b:f8:c5:65:16:71:b2:f1:74:e6:
                    10:17:59:0a:b5:06:c6:69:ea:3d:ad:ec:05:de:96:
                    11:45:20:c3:22:b8:8d:a7:fb:30:0e:ae:20:14:61:
                    be:8a:00:8d:d8:05:95:ca:10:9c:85:6a:72:c2:46:
                    9d:42:aa:24:10:96:0d:5b:61:c6:2e:cb:ad:56:f1:
                    cd:d9:53:c4:61:cd:0c:42:fa:22:1d:57:28:a3:83:
                    39:db:c4:91:92:a3:e8:63:25:8b:81:cc:a5:5e:11:
                    ab:85:34:63:b4:06:13:75:28:8e:91:b2:fe:fa:09:
                    ea:1f:25:9e:a5:c5:c5:2c:a3:4c:3f:2c:a8:d3:3e:
                    8e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4A:C5:44:5D:D3:B6:0C:38:14:80:C1:80:10:D5:83:47:49:E1:BE
            X509v3 Authority Key Identifier:
                keyid:0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/IkrFRF3Ttgw4FIDBgBDVg0dJ4b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5c:35:df:71:5c:3f:89:d2:3a:1f:37:04:b6:22:70:88:6b:
         98:00:cd:4d:a0:df:87:8f:9a:be:ef:f1:bc:c0:1b:7f:4a:34:
         6b:0d:fe:3a:e6:dd:3f:fb:96:76:7c:84:8a:0e:c4:1a:c2:fe:
         70:88:6a:9e:03:2a:53:c0:ec:2d:7d:b4:21:d0:13:93:75:58:
         b7:65:f6:0b:82:54:e0:6c:f7:d4:25:9f:7e:4e:01:73:a5:7e:
         5d:62:0c:ec:87:6a:54:65:76:d3:35:3a:6a:a7:89:6b:d9:68:
         3b:a6:ec:a6:6a:93:2f:a7:a9:eb:d2:b3:e6:65:ed:96:c3:3c:
         e2:f3:a6:f4:ef:ba:5f:c7:cb:16:84:a1:0c:5c:88:dd:6a:74:
         b5:2e:db:d3:c0:d0:41:a0:59:71:eb:e8:e3:88:bb:53:9b:34:
         c1:4b:c8:0a:31:b3:ec:09:ee:fc:ba:a4:0a:62:fe:97:11:48:
         07:bb:39:68:80:cc:da:74:52:69:52:e2:b8:e1:ac:78:0f:45:
         14:8e:7f:6b:41:5d:1a:d7:0a:7e:04:df:e2:16:a8:e3:37:fa:
         2e:13:84:a4:b4:23:67:88:01:b9:14:85:35:6e:05:61:14:94:
         55:ef:9a:ce:2a:2c:69:4d:72:9b:08:18:39:de:e1:38:10:76:
         f2:2f:d9:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ffnjAb247ghSIgGiTGhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjk4OTAwMzU1ZmRmNDI1NGMyMDgzMWYyZDdlZTNiZWM0
MjliZGIwHhcNMjYwMTAxMTIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRhYzU0NDVkZDNiNjBjMzgxNDgwYzE4MDEwZDU4MzQ3NDllMWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ydEOLAd5FouJ/r2dXX1DdBgPuck
aTe97bQvbSciiZ0xRD270GzIX8tUAlIhgIu5HeDwWFftNECs/y2RPVZ1GbXGxRnv
BR09TaJHUHhxQNVYW7j35WMIDt1pPYL+C7MtsLzYXpt7KPcZgwIa5QNAZ8lyPR+F
EsN2eBLN/Tv4xWUWcbLxdOYQF1kKtQbGaeo9rewF3pYRRSDDIriNp/swDq4gFGG+
igCN2AWVyhCchWpywkadQqokEJYNW2HGLsutVvHN2VPEYc0MQvoiHVcoo4M528SR
kqPoYyWLgcylXhGrhTRjtAYTdSiOkbL++gnqHyWepcXFLKNMPyyo0z6OZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJKxURd07YMOBSAwYAQ1YNHSeG+MB8GA1UdIwQY
MBaAFA4piQA1X99CVMIIMfLX7jvsQpvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYt
M2U0Yjc0ZGQwNThkLzEvSWtyRlJGM1R0Z3c0RklEQmdCRFZnMGRKNGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYtM2U0Yjc0ZGQwNThk
LzEvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKYMA0G
CSqGSIb3DQEBCwUAA4IBAQA/XDXfcVw/idI6HzcEtiJwiGuYAM1NoN+Hj5q+7/G8
wBt/SjRrDf465t0/+5Z2fISKDsQawv5wiGqeAypTwOwtfbQh0BOTdVi3ZfYLglTg
bPfUJZ9+TgFzpX5dYgzsh2pUZXbTNTpqp4lr2Wg7puymapMvp6nr0rPmZe2Wwzzi
86b077pfx8sWhKEMXIjdanS1LtvTwNBBoFlx6+jjiLtTmzTBS8gKMbPsCe78uqQK
Yv6XEUgHuzlogMzadFJpUuK44ax4D0UUjn9rQV0a1wp+BN/iFqjjN/ouE4SktCNn
iAG5FIU1bgVhFJRV75rOKixpTXKbCBg53uE4EHbyL9kI
-----END CERTIFICATE-----