This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/G2OQOrRbStQFRQnBFH5JsZK3fzk.roa
File:                     G2OQOrRbStQFRQnBFH5JsZK3fzk.roa (raw, json)
Hash identifier:          J+Ruik9jZ8APiFx+KnGjdD7/sHBg8DbjFfn6BOTSsX4=
Subject key identifier:   1B:63:90:3A:B4:5B:4A:D4:05:45:09:C1:14:7E:49:B1:92:B7:7F:39
Certificate issuer:       /CN=9b792de70f33b82882542bef23b18da97538ca04
Certificate serial:       019B7C80CA6C01689558F1F65DBD4216B3EB
Authority key identifier: 9B:79:2D:E7:0F:33:B8:28:82:54:2B:EF:23:B1:8D:A9:75:38:CA:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/G2OQOrRbStQFRQnBFH5JsZK3fzk.roa
Signing time:             Fri 02 Jan 2026 02:19:33 +0000
ROA not before:           Fri 02 Jan 2026 02:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207495
IP address blocks:        185.228.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:ca:6c:01:68:95:58:f1:f6:5d:bd:42:16:b3:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b792de70f33b82882542bef23b18da97538ca04
        Validity
            Not Before: Jan  2 02:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b63903ab45b4ad4054509c1147e49b192b77f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7a:6c:d4:30:3f:bc:cd:32:d4:9e:89:0d:30:
                    85:d7:f9:00:62:9e:94:d5:1a:69:c2:7b:b6:52:1a:
                    08:cc:57:c7:0b:44:74:0a:46:ad:8c:6e:b1:63:2f:
                    99:96:b6:eb:06:83:e9:1e:42:46:07:1d:ea:40:ae:
                    0f:21:09:1b:27:7a:ed:9a:93:a1:e4:58:42:d6:9e:
                    19:48:dd:da:bb:24:40:e8:1e:6b:45:e8:ad:3a:19:
                    52:a8:e1:1d:1f:1b:6c:0b:a3:7e:26:a3:79:cb:de:
                    57:67:bc:5e:c7:c9:5a:a1:fd:1b:95:6f:91:50:49:
                    c9:9f:57:10:5f:c2:cf:63:f8:e7:54:cd:1f:07:3c:
                    90:8e:8a:c1:83:54:fe:34:20:7f:cc:47:1d:4d:43:
                    7c:b9:21:f5:bc:b3:ae:f0:de:8c:e3:56:2b:de:23:
                    04:eb:b1:73:16:92:e3:26:36:c6:35:2a:7b:71:cf:
                    c2:7f:ed:02:1d:bb:09:80:eb:45:1a:83:70:3f:79:
                    4e:5e:d0:d4:af:b8:63:1a:28:df:b9:00:7c:08:01:
                    dd:f9:fa:51:b0:75:d0:f7:99:a9:4a:88:dc:2f:ea:
                    c8:39:0a:6d:86:9a:24:b6:1d:5a:32:27:33:53:b0:
                    15:d7:d0:4c:1a:75:50:41:bd:fb:83:81:60:5e:13:
                    ce:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:63:90:3A:B4:5B:4A:D4:05:45:09:C1:14:7E:49:B1:92:B7:7F:39
            X509v3 Authority Key Identifier:
                keyid:9B:79:2D:E7:0F:33:B8:28:82:54:2B:EF:23:B1:8D:A9:75:38:CA:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/G2OQOrRbStQFRQnBFH5JsZK3fzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0a4c1e-1fc5-407a-bd08-0717da053585/1/m3kt5w8zuCiCVCvvI7GNqXU4ygQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:64:ad:50:2d:16:7e:86:9d:70:75:1a:03:de:23:0d:a3:81:
         f0:b2:f4:6a:db:67:57:cc:80:ce:85:91:25:cf:76:34:96:21:
         61:07:84:e4:f9:db:b5:fa:98:99:1e:9c:c8:71:7f:07:dc:97:
         f9:ce:15:c6:16:1e:6a:f6:cd:89:86:c6:94:d1:e0:4c:3f:77:
         08:dd:13:f8:c4:49:6a:1b:f2:ef:fb:76:98:89:5f:5d:5f:f2:
         cd:32:cf:ca:5d:ab:a0:35:a9:cf:43:ab:98:6c:67:dc:57:48:
         b0:6d:62:5a:95:a2:c2:12:d1:9b:9d:c9:c1:87:c0:82:c2:6b:
         1e:e8:13:18:e8:82:99:a6:a0:9e:19:26:f7:be:a7:46:4a:bc:
         44:41:03:c5:b8:14:c1:0d:f9:fc:5a:23:ac:b7:7d:14:cb:bb:
         7a:e3:fc:76:b0:4a:ab:f9:0c:14:f1:36:21:29:51:fc:0d:d3:
         42:dc:72:f2:45:29:f6:19:92:49:01:0d:aa:f8:b0:d8:4a:2d:
         19:a7:99:28:29:fd:85:77:07:29:24:75:5d:9e:0f:cc:51:5c:
         19:cc:11:2b:c6:36:62:c9:c7:84:0f:65:9b:b4:f9:26:94:3d:
         42:3a:7d:c7:33:2b:aa:90:e7:07:4c:fb:bf:9f:d3:c9:16:20:
         7d:b8:63:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gMpsAWiVWPH2Xb1CFrPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNzkyZGU3MGYzM2I4Mjg4MjU0MmJlZjIzYjE4ZGE5NzUz
OGNhMDQwHhcNMjYwMTAyMDIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjYzOTAzYWI0NWI0YWQ0MDU0NTA5YzExNDdlNDliMTkyYjc3ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3ps1DA/vM0y1J6JDTCF1/kAYp6U
1Rppwnu2UhoIzFfHC0R0CkatjG6xYy+ZlrbrBoPpHkJGBx3qQK4PIQkbJ3rtmpOh
5FhC1p4ZSN3auyRA6B5rReitOhlSqOEdHxtsC6N+JqN5y95XZ7xex8laof0blW+R
UEnJn1cQX8LPY/jnVM0fBzyQjorBg1T+NCB/zEcdTUN8uSH1vLOu8N6M41Yr3iME
67FzFpLjJjbGNSp7cc/Cf+0CHbsJgOtFGoNwP3lOXtDUr7hjGijfuQB8CAHd+fpR
sHXQ95mpSojcL+rIOQpthpokth1aMiczU7AV19BMGnVQQb37g4FgXhPOxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtjkDq0W0rUBUUJwRR+SbGSt385MB8GA1UdIwQY
MBaAFJt5LecPM7goglQr7yOxjal1OMoEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTNrdDV3OHp1Q2lDVkN2dkk3R05xWFU0eWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wYTRjMWUtMWZjNS00MDdhLWJkMDgt
MDcxN2RhMDUzNTg1LzEvRzJPUU9yUmJTdFFGUlFuQkZINUpzWkszZnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wYTRjMWUtMWZjNS00MDdhLWJkMDgtMDcxN2RhMDUzNTg1
LzEvbTNrdDV3OHp1Q2lDVkN2dkk3R05xWFU0eWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueQ0MA0G
CSqGSIb3DQEBCwUAA4IBAQB1ZK1QLRZ+hp1wdRoD3iMNo4HwsvRq22dXzIDOhZEl
z3Y0liFhB4Tk+du1+piZHpzIcX8H3Jf5zhXGFh5q9s2JhsaU0eBMP3cI3RP4xElq
G/Lv+3aYiV9dX/LNMs/KXaugNanPQ6uYbGfcV0iwbWJalaLCEtGbncnBh8CCwmse
6BMY6IKZpqCeGSb3vqdGSrxEQQPFuBTBDfn8WiOst30Uy7t64/x2sEqr+QwU8TYh
KVH8DdNC3HLyRSn2GZJJAQ2q+LDYSi0Zp5koKf2FdwcpJHVdng/MUVwZzBErxjZi
yceED2WbtPkmlD1COn3HMyuqkOcHTPu/n9PJFiB9uGNX
-----END CERTIFICATE-----