This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/IL8deFD8PSOp3NWJSt_iFRSnHrw.roa
File:                     IL8deFD8PSOp3NWJSt_iFRSnHrw.roa (raw, json)
Hash identifier:          q/v7MQox/nq9r/rZ534FmTQXSTW9buaaFYPj+WtYk78=
Subject key identifier:   20:BF:1D:78:50:FC:3D:23:A9:DC:D5:89:4A:DF:E2:15:14:A7:1E:BC
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       019B7E38852E124B00E00440EDE134769CFF
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/IL8deFD8PSOp3NWJSt_iFRSnHrw.roa
Signing time:             Fri 02 Jan 2026 10:19:51 +0000
ROA not before:           Fri 02 Jan 2026 10:19:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3758
IP address blocks:        185.114.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:85:2e:12:4b:00:e0:04:40:ed:e1:34:76:9c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  2 10:19:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20bf1d7850fc3d23a9dcd5894adfe21514a71ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a4:a9:95:a9:b5:4a:bd:0e:4c:01:7d:e2:b3:
                    c7:7e:d1:15:a9:0a:1a:55:96:cd:63:23:b0:a0:12:
                    d6:47:b9:dc:fc:49:1b:42:24:b9:a7:5d:83:11:89:
                    65:e1:c3:51:00:e5:d8:2c:c0:50:5e:2c:00:74:d3:
                    08:14:07:8e:12:cb:4e:03:56:01:29:40:01:21:43:
                    03:14:13:b3:39:f5:1a:8a:d0:87:61:09:2b:93:c8:
                    7f:5b:6b:cb:f2:ad:4e:62:fc:e0:33:79:7a:1d:7c:
                    33:3c:80:2d:97:13:c8:fb:8f:c2:35:f2:41:10:38:
                    f9:a8:09:47:e9:c4:4f:f6:c2:0c:e1:f8:60:0a:b7:
                    78:92:6b:a7:47:8b:b9:ef:ca:d5:0f:b3:18:07:c0:
                    44:f6:23:cc:37:1f:4c:c0:e2:84:c7:f9:85:c4:f4:
                    ce:93:ca:63:21:e4:ec:d7:fe:29:88:3f:89:fd:26:
                    ef:ab:2f:4c:83:0b:b2:68:54:f1:29:f4:26:1b:05:
                    9b:e8:70:bc:59:e5:d5:4e:ac:44:a5:70:0f:e5:f9:
                    a8:88:06:d2:c6:94:31:fc:5b:04:05:f4:2f:e4:31:
                    da:19:3e:6a:d2:0a:6f:a7:01:81:d8:f6:3d:04:d9:
                    11:c7:51:91:1f:a0:a6:b6:87:f5:6a:17:8a:0c:b2:
                    00:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BF:1D:78:50:FC:3D:23:A9:DC:D5:89:4A:DF:E2:15:14:A7:1E:BC
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/IL8deFD8PSOp3NWJSt_iFRSnHrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e7:2e:86:9c:08:e5:13:3e:6a:18:b8:fe:11:ee:b6:22:72:
         9a:f4:31:d4:96:4f:70:3d:84:41:0a:9f:cd:f1:f5:7b:c4:19:
         70:db:6b:89:04:86:02:15:97:f5:c3:c7:d1:65:42:5d:c4:ef:
         d8:b4:f3:2c:f6:98:22:65:f8:e4:d9:8e:2d:00:ed:3d:9d:e7:
         da:9f:ae:4b:b1:80:04:e4:31:6b:92:4a:d3:e5:51:c7:44:ca:
         39:62:93:74:4a:d7:63:b2:53:42:b4:82:82:c5:b4:be:60:67:
         bc:a2:c5:83:c6:c1:de:74:f6:65:aa:9d:03:66:a2:0b:d3:c3:
         96:8a:48:c0:17:93:68:dc:fc:47:be:7b:c0:dd:5e:fd:f7:fc:
         eb:2a:5a:25:f2:a8:e6:9b:48:66:19:41:3d:55:11:68:1a:ac:
         0b:51:ea:4d:0a:7b:d6:c2:ba:5f:94:4f:13:dd:29:2e:29:4f:
         68:90:87:9c:39:67:97:60:0d:71:af:77:6c:20:70:33:86:09:
         e3:79:78:32:75:eb:75:78:03:86:f1:e1:1b:df:da:5e:65:04:
         21:2c:37:35:27:54:fb:af:8b:5b:be:80:69:f2:6d:04:26:11:
         5e:a9:51:63:19:8a:e2:2e:75:ec:20:7c:c3:89:8e:03:9c:c2:
         ff:af:88:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OIUuEksA4ARA7eE0dpz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjYwMTAyMTAxOTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJmMWQ3ODUwZmMzZDIzYTlkY2Q1ODk0YWRmZTIxNTE0YTcxZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqSplam1Sr0OTAF94rPHftEVqQoa
VZbNYyOwoBLWR7nc/EkbQiS5p12DEYll4cNRAOXYLMBQXiwAdNMIFAeOEstOA1YB
KUABIUMDFBOzOfUaitCHYQkrk8h/W2vL8q1OYvzgM3l6HXwzPIAtlxPI+4/CNfJB
EDj5qAlH6cRP9sIM4fhgCrd4kmunR4u578rVD7MYB8BE9iPMNx9MwOKEx/mFxPTO
k8pjIeTs1/4piD+J/Sbvqy9MgwuyaFTxKfQmGwWb6HC8WeXVTqxEpXAP5fmoiAbS
xpQx/FsEBfQv5DHaGT5q0gpvpwGB2PY9BNkRx1GRH6Cmtof1aheKDLIAFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC/HXhQ/D0jqdzViUrf4hUUpx68MB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvSUw4ZGVGRDhQU09wM05XSlN0X2lGUlNuSHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIgMA0G
CSqGSIb3DQEBCwUAA4IBAQAD5y6GnAjlEz5qGLj+Ee62InKa9DHUlk9wPYRBCp/N
8fV7xBlw22uJBIYCFZf1w8fRZUJdxO/YtPMs9pgiZfjk2Y4tAO09nefan65LsYAE
5DFrkkrT5VHHRMo5YpN0StdjslNCtIKCxbS+YGe8osWDxsHedPZlqp0DZqIL08OW
ikjAF5No3PxHvnvA3V799/zrKlol8qjmm0hmGUE9VRFoGqwLUepNCnvWwrpflE8T
3SkuKU9okIecOWeXYA1xr3dsIHAzhgnjeXgydet1eAOG8eEb39peZQQhLDc1J1T7
r4tbvoBp8m0EJhFeqVFjGYriLnXsIHzDiY4DnML/r4hP
-----END CERTIFICATE-----