This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EDfGdXD_QaDdDvPnqhrvC92yjIc.roa
File:                     EDfGdXD_QaDdDvPnqhrvC92yjIc.roa (raw, json)
Hash identifier:          wujlh71uYD/kWs0oGtjj3GOq8+eY7xmXla1itoFj1Pk=
Subject key identifier:   10:37:C6:75:70:FF:41:A0:DD:0E:F3:E7:AA:1A:EF:0B:DD:B2:8C:87
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3589C9B38230B705F665D8A33B7FB4
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EDfGdXD_QaDdDvPnqhrvC92yjIc.roa
Signing time:             Thu 01 Jan 2026 20:17:44 +0000
ROA not before:           Thu 01 Jan 2026 20:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199513
IP address blocks:        85.120.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:89:c9:b3:82:30:b7:05:f6:65:d8:a3:3b:7f:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1037c67570ff41a0dd0ef3e7aa1aef0bddb28c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:21:76:d4:4c:5a:43:7c:40:46:bc:ad:ae:47:
                    5e:4a:9c:3e:d3:58:7a:dd:b5:fe:14:ac:ec:da:98:
                    ed:be:66:b4:7d:6b:ea:b4:77:89:16:ed:5e:b7:78:
                    cc:d2:97:4a:0a:7b:dc:fb:d7:b4:23:0f:5f:bd:c3:
                    d6:8d:d3:09:4d:92:5f:f9:cd:c1:73:ba:99:96:20:
                    4b:50:bb:e8:7c:dc:48:96:e6:69:4e:50:22:53:4f:
                    ae:e8:fd:d1:5a:78:da:99:9c:64:a2:a1:e5:e6:3d:
                    29:8d:22:fd:71:4f:a8:5e:ab:dd:8a:fd:28:5f:a0:
                    6d:56:ee:90:2b:14:0b:dc:55:87:20:b8:3d:d9:93:
                    63:07:06:8a:d1:4b:66:e0:f6:92:5d:55:05:f9:55:
                    fc:02:f8:e8:f4:12:45:1e:91:f5:a2:d4:94:04:b7:
                    9f:45:4d:67:6d:5c:92:ff:a3:30:6e:e8:1b:4b:bf:
                    5c:70:60:0a:05:ae:88:bc:b1:b0:72:c5:82:de:15:
                    cd:71:63:b5:40:44:6d:6f:ac:92:63:cd:f0:14:c4:
                    0d:f3:f6:20:4c:05:d4:ee:09:cc:24:b5:14:84:4d:
                    78:4c:5c:db:6a:68:e2:03:b3:69:b7:4a:9e:73:de:
                    88:00:ce:7b:53:9b:10:62:5e:c7:40:ad:67:8a:10:
                    96:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:37:C6:75:70:FF:41:A0:DD:0E:F3:E7:AA:1A:EF:0B:DD:B2:8C:87
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EDfGdXD_QaDdDvPnqhrvC92yjIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:7a:03:b3:69:f7:eb:57:0e:ad:40:63:49:06:d1:76:39:86:
         23:ae:f4:50:10:56:90:5e:49:08:d5:1a:4b:4a:f6:25:d2:96:
         e9:e8:91:e4:27:63:f2:98:71:bd:db:93:42:a0:79:ac:fc:48:
         93:e8:a2:ba:09:6d:81:d7:13:90:08:ca:05:ee:d0:f2:f4:ac:
         ad:ad:a0:92:a4:56:ea:d4:46:4d:c8:c2:78:39:dd:ff:10:f7:
         52:d4:ab:f5:e5:5a:89:49:7c:89:a3:df:81:45:7a:81:a4:03:
         50:50:5c:e7:39:a9:8a:23:d0:e6:fd:01:1b:32:42:ac:d3:ec:
         2b:be:ac:0f:52:18:e8:08:9f:3a:9c:3f:8e:f2:62:49:40:cb:
         ea:02:f6:16:73:88:72:29:00:9f:f2:6d:2a:20:df:58:5b:a3:
         00:44:95:4a:0b:4a:be:55:1e:c7:aa:8f:74:55:e9:be:0c:1d:
         71:ed:f2:41:65:15:0c:57:1c:ad:7d:a7:8f:33:19:fb:62:e9:
         f8:ac:ba:2c:c3:47:23:f7:2e:92:2c:f4:4a:03:a5:40:0f:ab:
         0a:27:36:97:e0:67:53:0f:bf:64:b8:5c:51:e1:71:7d:2f:29:
         5d:87:11:5e:c6:00:78:b0:2d:46:6b:66:dd:56:e5:a3:c2:f1:
         f1:9e:7c:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NYnJs4IwtwX2ZdijO3+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM3YzY3NTcwZmY0MWEwZGQwZWYzZTdhYTFhZWYwYmRkYjI4Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiF21ExaQ3xARrytrkdeSpw+01h6
3bX+FKzs2pjtvma0fWvqtHeJFu1et3jM0pdKCnvc+9e0Iw9fvcPWjdMJTZJf+c3B
c7qZliBLULvofNxIluZpTlAiU0+u6P3RWnjamZxkoqHl5j0pjSL9cU+oXqvdiv0o
X6BtVu6QKxQL3FWHILg92ZNjBwaK0Utm4PaSXVUF+VX8Avjo9BJFHpH1otSUBLef
RU1nbVyS/6MwbugbS79ccGAKBa6IvLGwcsWC3hXNcWO1QERtb6ySY83wFMQN8/Yg
TAXU7gnMJLUUhE14TFzbamjiA7Npt0qec96IAM57U5sQYl7HQK1nihCWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBA3xnVw/0Gg3Q7z56oa7wvdsoyHMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRURmR2RYRF9RYURkRHZQbnFocnZDOTJ5akljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXjMMA0G
CSqGSIb3DQEBCwUAA4IBAQBqegOzaffrVw6tQGNJBtF2OYYjrvRQEFaQXkkI1RpL
SvYl0pbp6JHkJ2PymHG925NCoHms/EiT6KK6CW2B1xOQCMoF7tDy9KytraCSpFbq
1EZNyMJ4Od3/EPdS1Kv15VqJSXyJo9+BRXqBpANQUFznOamKI9Dm/QEbMkKs0+wr
vqwPUhjoCJ86nD+O8mJJQMvqAvYWc4hyKQCf8m0qIN9YW6MARJVKC0q+VR7Hqo90
Vem+DB1x7fJBZRUMVxytfaePMxn7Yun4rLosw0cj9y6SLPRKA6VAD6sKJzaX4GdT
D79kuFxR4XF9LyldhxFexgB4sC1Ga2bdVuWjwvHxnnws
-----END CERTIFICATE-----