This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/d-dWQuydMoCZtytzQ81CyqKGHF8.roa
File:                     d-dWQuydMoCZtytzQ81CyqKGHF8.roa (raw, json)
Hash identifier:          rHhhXAeBGXlacTL0skc5ZpbciDYSLDNez3YfIDsP5dQ=
Subject key identifier:   77:E7:56:42:EC:9D:32:80:99:B7:2B:73:43:CD:42:CA:A2:86:1C:5F
Certificate issuer:       /CN=0c39d04ad83aac1de5a98cdf76240a97362c4ac6
Certificate serial:       019B7BA3EADEFD57979494676ECE9CE48280
Authority key identifier: 0C:39:D0:4A:D8:3A:AC:1D:E5:A9:8C:DF:76:24:0A:97:36:2C:4A:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DDnQStg6rB3lqYzfdiQKlzYsSsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/d-dWQuydMoCZtytzQ81CyqKGHF8.roa
Signing time:             Thu 01 Jan 2026 22:18:18 +0000
ROA not before:           Thu 01 Jan 2026 22:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        185.66.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/DDnQStg6rB3lqYzfdiQKlzYsSsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/DDnQStg6rB3lqYzfdiQKlzYsSsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DDnQStg6rB3lqYzfdiQKlzYsSsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:ea:de:fd:57:97:94:94:67:6e:ce:9c:e4:82:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c39d04ad83aac1de5a98cdf76240a97362c4ac6
        Validity
            Not Before: Jan  1 22:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77e75642ec9d328099b72b7343cd42caa2861c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6e:19:d0:e1:22:b4:1d:06:a0:24:08:0a:01:
                    90:fb:02:6c:ea:1a:95:50:07:cf:6b:49:b3:76:5f:
                    ae:7a:d5:11:ca:90:18:3a:ea:1f:1f:aa:93:0b:35:
                    3d:e4:b5:e6:de:8f:e0:80:79:d6:d3:a7:d6:5e:a4:
                    bf:15:6e:44:98:92:6e:01:27:95:89:c1:61:a2:c9:
                    f0:64:a6:77:78:12:38:b5:64:fc:3a:76:be:69:f3:
                    17:d6:e1:c9:8c:97:44:50:85:06:b7:16:08:4e:4c:
                    55:28:00:28:44:d6:70:86:26:00:ca:b1:32:16:88:
                    f9:b6:aa:14:42:79:e3:4b:57:aa:b2:09:78:9e:b7:
                    11:0b:f6:92:70:d4:c8:84:f4:24:a7:74:e5:b3:1d:
                    46:4d:9d:3d:ab:8c:75:37:ef:ec:30:ac:9f:e6:38:
                    57:05:a6:f6:9f:fd:85:79:ec:0f:72:ff:de:3f:2e:
                    6e:08:24:d1:8e:ae:67:f6:33:9c:e7:fc:ee:b5:c6:
                    78:98:5c:5a:65:5c:d9:76:d5:0e:b5:be:b0:7c:13:
                    d1:7f:13:2e:3a:4d:34:1f:4f:d6:be:81:f1:cb:2f:
                    3b:e1:e6:58:47:84:46:54:19:51:db:07:24:72:cd:
                    60:a7:dd:a4:28:fb:26:76:b6:a2:49:aa:91:55:67:
                    a9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E7:56:42:EC:9D:32:80:99:B7:2B:73:43:CD:42:CA:A2:86:1C:5F
            X509v3 Authority Key Identifier:
                keyid:0C:39:D0:4A:D8:3A:AC:1D:E5:A9:8C:DF:76:24:0A:97:36:2C:4A:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DDnQStg6rB3lqYzfdiQKlzYsSsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/d-dWQuydMoCZtytzQ81CyqKGHF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1f1ade-e2e6-4d73-96a9-427429fcd74c/1/DDnQStg6rB3lqYzfdiQKlzYsSsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:7a:0c:ff:d2:8d:aa:97:81:8e:17:5e:98:75:15:48:6e:b1:
         36:af:fe:79:d2:b6:48:9a:1f:c2:34:49:00:af:fd:65:60:1c:
         3e:48:73:1a:07:58:02:77:5b:e0:51:a5:72:b0:35:c4:6d:84:
         e0:b8:47:09:cf:09:15:92:33:8d:33:fc:15:11:ea:ee:1f:04:
         0a:03:e2:fd:19:09:ce:da:5b:cf:72:3e:df:da:d3:7f:d7:6a:
         87:47:f7:7f:ed:bd:b2:84:56:23:74:bd:71:15:0e:33:06:63:
         2f:f2:45:29:05:4e:36:eb:a7:b3:d0:8e:9a:69:57:c5:d6:6c:
         ef:2b:a4:79:4d:25:c0:9c:ce:d3:f8:4a:e3:f7:5d:93:aa:e9:
         ab:ef:9e:4b:8c:c7:0e:87:5e:3a:c8:a9:6d:51:8e:74:e7:04:
         0b:7c:b2:70:d0:97:93:1c:9b:e0:fc:98:6a:ae:a3:0b:c5:df:
         ab:8e:f7:99:9e:07:18:55:18:8d:5f:5c:b7:5f:75:84:dc:e9:
         2e:3b:5f:f5:eb:0e:4c:0a:b6:8c:ad:95:62:83:e7:32:f2:22:
         e5:88:7d:8b:af:0f:66:59:42:e8:db:2f:50:93:5d:f5:9c:06:
         8d:ce:e8:ec:5e:31:e2:55:4d:67:d1:6a:90:34:9a:19:c6:f7:
         1a:6b:a1:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o+re/VeXlJRnbs6c5IKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMzlkMDRhZDgzYWFjMWRlNWE5OGNkZjc2MjQwYTk3MzYy
YzRhYzYwHhcNMjYwMTAxMjIxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U3NTY0MmVjOWQzMjgwOTliNzJiNzM0M2NkNDJjYWEyODYxYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3m4Z0OEitB0GoCQICgGQ+wJs6hqV
UAfPa0mzdl+uetURypAYOuofH6qTCzU95LXm3o/ggHnW06fWXqS/FW5EmJJuASeV
icFhosnwZKZ3eBI4tWT8Ona+afMX1uHJjJdEUIUGtxYITkxVKAAoRNZwhiYAyrEy
Foj5tqoUQnnjS1eqsgl4nrcRC/aScNTIhPQkp3Tlsx1GTZ09q4x1N+/sMKyf5jhX
Bab2n/2FeewPcv/ePy5uCCTRjq5n9jOc5/zutcZ4mFxaZVzZdtUOtb6wfBPRfxMu
Ok00H0/WvoHxyy874eZYR4RGVBlR2wckcs1gp92kKPsmdraiSaqRVWepxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfnVkLsnTKAmbcrc0PNQsqihhxfMB8GA1UdIwQY
MBaAFAw50ErYOqwd5amM33YkCpc2LErGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRERuUVN0ZzZyQjNscVl6ZmRpUUtsellzU3NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8xZjFhZGUtZTJlNi00ZDczLTk2YTkt
NDI3NDI5ZmNkNzRjLzEvZC1kV1F1eWRNb0NadHl0elE4MUN5cUtHSEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8xZjFhZGUtZTJlNi00ZDczLTk2YTktNDI3NDI5ZmNkNzRj
LzEvRERuUVN0ZzZyQjNscVl6ZmRpUUtsellzU3NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUIIMA0G
CSqGSIb3DQEBCwUAA4IBAQBAegz/0o2ql4GOF16YdRVIbrE2r/550rZImh/CNEkA
r/1lYBw+SHMaB1gCd1vgUaVysDXEbYTguEcJzwkVkjONM/wVEeruHwQKA+L9GQnO
2lvPcj7f2tN/12qHR/d/7b2yhFYjdL1xFQ4zBmMv8kUpBU4266ez0I6aaVfF1mzv
K6R5TSXAnM7T+Erj912Tqumr755LjMcOh146yKltUY505wQLfLJw0JeTHJvg/Jhq
rqMLxd+rjveZngcYVRiNX1y3X3WE3OkuO1/16w5MCraMrZVig+cy8iLliH2Lrw9m
WULo2y9Qk131nAaNzujsXjHiVU1n0WqQNJoZxvcaa6Es
-----END CERTIFICATE-----