This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/wfJt5mTsUXow9fCWX31R-Dkmuu0.roa
File:                     wfJt5mTsUXow9fCWX31R-Dkmuu0.roa (raw, json)
Hash identifier:          Ogc3m/G0BZohp0lL37SmmZBmPpDZV56wfDB8yNtIYXE=
Subject key identifier:   C1:F2:6D:E6:64:EC:51:7A:30:F5:F0:96:5F:7D:51:F8:39:26:BA:ED
Certificate issuer:       /CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
Certificate serial:       019B797DFCA35B92D0EA538F342B78E35FF0
Authority key identifier: 0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/wfJt5mTsUXow9fCWX31R-Dkmuu0.roa
Signing time:             Thu 01 Jan 2026 12:17:38 +0000
ROA not before:           Thu 01 Jan 2026 12:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211440
IP address blocks:        185.226.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:fc:a3:5b:92:d0:ea:53:8f:34:2b:78:e3:5f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
        Validity
            Not Before: Jan  1 12:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1f26de664ec517a30f5f0965f7d51f83926baed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:db:a3:b8:7e:ea:85:f0:3e:c4:8a:03:5f:33:
                    ed:64:29:d9:15:5c:7f:56:26:bf:0c:fc:40:99:5b:
                    52:63:64:de:bc:e8:d5:47:d1:e0:c8:39:42:49:73:
                    b6:82:82:de:06:d8:bc:fe:ac:76:12:91:fa:f3:d2:
                    53:9e:4b:ee:3c:e3:00:46:0c:7b:e8:09:7d:27:d2:
                    80:ad:df:d5:22:55:e7:12:41:ff:36:3f:9d:4c:41:
                    d4:3f:66:93:4b:06:85:77:a0:c8:4c:14:6d:f8:99:
                    38:97:f5:b1:0c:4c:d8:1f:a6:72:7c:ca:67:e5:64:
                    43:4f:98:90:50:11:c4:e2:55:f4:d1:3f:39:d5:89:
                    53:90:84:70:00:3a:fe:0f:66:d7:01:57:4e:54:ec:
                    72:c1:97:ff:00:7c:5a:95:a4:af:e3:41:9d:34:43:
                    e2:b6:64:27:fe:d6:99:6d:26:ea:77:ae:ec:a6:58:
                    fe:c0:ea:46:99:13:2d:8f:25:99:c9:fe:34:b8:08:
                    5a:24:a8:8d:4d:57:69:e0:58:e2:d6:03:8a:89:56:
                    8c:28:56:ed:8a:68:62:30:1f:43:e5:19:db:a4:1a:
                    e4:d9:79:ae:37:e1:be:3c:84:d3:ae:b2:1b:07:35:
                    d2:c9:fe:a8:d7:95:8f:2d:47:5c:41:6f:9f:20:0f:
                    18:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F2:6D:E6:64:EC:51:7A:30:F5:F0:96:5F:7D:51:F8:39:26:BA:ED
            X509v3 Authority Key Identifier:
                keyid:0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/wfJt5mTsUXow9fCWX31R-Dkmuu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:42:30:bb:00:26:db:d4:12:03:2d:16:a7:32:64:ae:96:0d:
         5b:08:0a:6c:c0:d3:18:f6:6b:8d:d9:6c:6f:75:4f:9a:7e:9f:
         33:46:23:f3:f8:e7:47:3c:20:b3:ed:ab:cd:2a:04:8c:b9:78:
         0d:47:a4:d9:e2:2a:48:a4:60:e8:78:ca:24:ed:1b:61:22:d2:
         bc:97:9b:06:35:bd:cb:0c:9a:0f:fe:84:0f:6e:34:18:0a:16:
         21:50:85:5f:b7:f1:54:b3:4c:d1:a7:49:c2:70:54:fb:ce:58:
         a2:ea:4e:5c:86:28:e2:b8:6d:cf:a6:e6:e4:28:89:98:d0:3b:
         f1:55:e3:86:f1:14:c7:81:69:46:bd:b8:67:b1:ae:c4:bb:0a:
         7e:49:77:0b:f1:64:79:fc:43:b2:9f:1f:09:04:53:5a:26:c4:
         d1:4f:a5:0c:b7:f3:a3:58:dd:10:ef:fd:28:28:4b:48:05:3d:
         7a:3e:ef:b7:6e:27:71:e5:4b:7f:0c:c2:8a:35:5a:41:c0:59:
         c6:65:46:11:bf:c5:56:30:43:4e:81:e4:04:b7:f0:74:51:85:
         f8:5f:7d:ea:44:87:cb:f2:4a:ce:cd:68:f0:ec:bf:0a:e2:1c:
         fb:4b:2e:4e:8e:d1:a5:31:29:bb:ff:e3:c1:c6:50:3b:8e:50:
         99:0a:7c:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ffyjW5LQ6lOPNCt441/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjk4OTAwMzU1ZmRmNDI1NGMyMDgzMWYyZDdlZTNiZWM0
MjliZGIwHhcNMjYwMTAxMTIxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWYyNmRlNjY0ZWM1MTdhMzBmNWYwOTY1ZjdkNTFmODM5MjZiYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dujuH7qhfA+xIoDXzPtZCnZFVx/
Via/DPxAmVtSY2TevOjVR9HgyDlCSXO2goLeBti8/qx2EpH689JTnkvuPOMARgx7
6Al9J9KArd/VIlXnEkH/Nj+dTEHUP2aTSwaFd6DITBRt+Jk4l/WxDEzYH6ZyfMpn
5WRDT5iQUBHE4lX00T851YlTkIRwADr+D2bXAVdOVOxywZf/AHxalaSv40GdNEPi
tmQn/taZbSbqd67splj+wOpGmRMtjyWZyf40uAhaJKiNTVdp4Fji1gOKiVaMKFbt
imhiMB9D5RnbpBrk2XmuN+G+PITTrrIbBzXSyf6o15WPLUdcQW+fIA8YowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHybeZk7FF6MPXwll99Ufg5JrrtMB8GA1UdIwQY
MBaAFA4piQA1X99CVMIIMfLX7jvsQpvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYt
M2U0Yjc0ZGQwNThkLzEvd2ZKdDVtVHNVWG93OWZDV1gzMVItRGttdXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYtM2U0Yjc0ZGQwNThk
LzEvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKZMA0G
CSqGSIb3DQEBCwUAA4IBAQBcQjC7ACbb1BIDLRanMmSulg1bCApswNMY9muN2Wxv
dU+afp8zRiPz+OdHPCCz7avNKgSMuXgNR6TZ4ipIpGDoeMok7RthItK8l5sGNb3L
DJoP/oQPbjQYChYhUIVft/FUs0zRp0nCcFT7zlii6k5chijiuG3PpubkKImY0Dvx
VeOG8RTHgWlGvbhnsa7Euwp+SXcL8WR5/EOynx8JBFNaJsTRT6UMt/OjWN0Q7/0o
KEtIBT16Pu+3bidx5Ut/DMKKNVpBwFnGZUYRv8VWMENOgeQEt/B0UYX4X33qRIfL
8krOzWjw7L8K4hz7Sy5OjtGlMSm7/+PBxlA7jlCZCnzb
-----END CERTIFICATE-----