This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cIiY0LDjMVndJFoVRryouX71flA.roa
File:                     cIiY0LDjMVndJFoVRryouX71flA.roa (raw, json)
Hash identifier:          fsGvT25TGskEc8vqXNcrMH4gz6RGdDfupu1HJNCYTAY=
Subject key identifier:   70:88:98:D0:B0:E3:31:59:DD:24:5A:15:46:BC:A8:B9:7E:F5:7E:50
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019B7AC7CD63EB0EAA4AE87440E5C4EB8CB0
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cIiY0LDjMVndJFoVRryouX71flA.roa
Signing time:             Thu 01 Jan 2026 18:17:53 +0000
ROA not before:           Thu 01 Jan 2026 18:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41726
IP address blocks:        85.254.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:cd:63:eb:0e:aa:4a:e8:74:40:e5:c4:eb:8c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 18:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=708898d0b0e33159dd245a1546bca8b97ef57e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ce:26:0c:b2:e9:d3:0a:0a:15:fc:1a:5a:56:
                    a1:7f:df:e2:61:b8:30:8e:ea:43:46:b5:bd:5c:11:
                    e7:ac:cf:e0:4d:75:50:f2:80:0f:3c:42:61:27:50:
                    47:35:ec:6c:74:ea:48:ac:8c:56:1c:42:89:37:23:
                    b3:91:ed:c4:95:60:24:a1:ee:e6:32:92:a9:73:49:
                    d4:a8:06:9f:6a:a2:34:f1:60:f6:60:07:be:07:0f:
                    cd:73:82:6a:71:f4:03:45:3f:53:d7:71:d7:72:62:
                    28:a8:d4:a5:64:a6:01:6b:d1:0a:df:89:4f:55:d7:
                    d5:00:51:e3:0d:3d:1e:25:d5:4f:6f:57:c4:1f:ce:
                    b0:5c:ff:6b:ea:e6:8d:fd:9b:c6:f8:84:78:f3:57:
                    d4:82:86:3a:ee:9e:f8:88:26:9c:0f:64:cf:f0:5b:
                    b4:7c:55:b0:93:15:d0:bc:71:35:0e:3a:d5:dd:9e:
                    42:5a:4a:f6:6e:43:0d:87:cd:fe:87:3d:68:9f:75:
                    2a:1b:cc:a3:21:55:1b:10:2d:b6:0d:c7:84:a5:15:
                    21:39:2c:be:da:17:93:3e:2b:2a:04:6e:6f:3a:94:
                    18:31:d6:ff:e7:1e:c4:14:b9:5a:11:bd:29:50:81:
                    f0:4d:ce:68:54:ae:00:35:f5:28:c1:e2:6e:85:10:
                    e4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:88:98:D0:B0:E3:31:59:DD:24:5A:15:46:BC:A8:B9:7E:F5:7E:50
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/cIiY0LDjMVndJFoVRryouX71flA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d9:d8:c0:1f:fe:a8:bd:c4:d4:4c:95:35:5a:52:7d:ae:35:
         d3:24:d0:7d:db:b3:3d:70:5b:82:bb:27:43:85:ce:ce:b5:69:
         e2:c8:9d:a1:32:4c:ab:13:a7:12:27:9b:4a:db:1f:a3:a4:3a:
         96:0f:d9:c0:41:f8:2e:58:70:55:bd:04:9a:9d:2a:31:2f:36:
         7c:e8:64:a0:1e:4e:e4:0d:c7:ad:e2:0b:32:fe:63:14:b5:da:
         c3:dc:a9:29:2f:ed:dd:f0:59:aa:8a:d3:80:14:51:12:80:06:
         7c:2f:0c:2a:48:30:e9:ec:c4:26:ab:92:94:78:b6:a1:0b:e6:
         e8:05:bc:f8:ff:f2:8d:4a:f4:7e:e2:64:c7:2f:94:ab:32:5a:
         00:04:e1:c1:58:94:7f:e1:d1:33:d7:4c:b3:bc:ec:ad:2a:74:
         73:25:44:f5:24:c2:8b:12:73:a4:7c:04:9a:a2:11:ac:43:77:
         af:d1:1d:89:d9:47:6a:d9:e4:0f:80:bc:28:f3:58:51:b7:a4:
         c2:b1:d0:8c:51:fb:82:2c:5f:98:ea:4f:79:87:9d:f8:6c:d1:
         97:a8:f3:dc:68:6f:3a:7b:06:63:c4:0b:cc:78:a3:a1:a4:aa:
         3b:cb:38:44:b9:09:3c:bb:77:96:0a:50:37:f2:b1:27:ee:64:
         22:4c:fd:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x81j6w6qSuh0QOXE64ywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMTAxMTgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg4OThkMGIwZTMzMTU5ZGQyNDVhMTU0NmJjYThiOTdlZjU3ZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM4mDLLp0woKFfwaWlahf9/iYbgw
jupDRrW9XBHnrM/gTXVQ8oAPPEJhJ1BHNexsdOpIrIxWHEKJNyOzke3ElWAkoe7m
MpKpc0nUqAafaqI08WD2YAe+Bw/Nc4JqcfQDRT9T13HXcmIoqNSlZKYBa9EK34lP
VdfVAFHjDT0eJdVPb1fEH86wXP9r6uaN/ZvG+IR481fUgoY67p74iCacD2TP8Fu0
fFWwkxXQvHE1DjrV3Z5CWkr2bkMNh83+hz1on3UqG8yjIVUbEC22DceEpRUhOSy+
2heTPisqBG5vOpQYMdb/5x7EFLlaEb0pUIHwTc5oVK4ANfUoweJuhRDkXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCImNCw4zFZ3SRaFUa8qLl+9X5QMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvY0lpWTBMRGpNVm5kSkZvVlJyeW91WDcxZmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVf4DMA0G
CSqGSIb3DQEBCwUAA4IBAQCX2djAH/6ovcTUTJU1WlJ9rjXTJNB927M9cFuCuydD
hc7OtWniyJ2hMkyrE6cSJ5tK2x+jpDqWD9nAQfguWHBVvQSanSoxLzZ86GSgHk7k
Dcet4gsy/mMUtdrD3KkpL+3d8FmqitOAFFESgAZ8LwwqSDDp7MQmq5KUeLahC+bo
Bbz4//KNSvR+4mTHL5SrMloABOHBWJR/4dEz10yzvOytKnRzJUT1JMKLEnOkfASa
ohGsQ3ev0R2J2Udq2eQPgLwo81hRt6TCsdCMUfuCLF+Y6k95h534bNGXqPPcaG86
ewZjxAvMeKOhpKo7yzhEuQk8u3eWClA38rEn7mQiTP2H
-----END CERTIFICATE-----