This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dvvRwcCRrGc2PYnrmrq-TPLQAVs.roa
File:                     dvvRwcCRrGc2PYnrmrq-TPLQAVs.roa (raw, json)
Hash identifier:          /NPhNbJ9Xvt95ug47w8hq6nB//M7QSMi6Nwc/rZfUec=
Subject key identifier:   76:FB:D1:C1:C0:91:AC:67:36:3D:89:EB:9A:BA:BE:4C:F2:D0:01:5B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B357FD364F1CA9CD17B8F7F297B49B5
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dvvRwcCRrGc2PYnrmrq-TPLQAVs.roa
Signing time:             Thu 01 Jan 2026 20:17:42 +0000
ROA not before:           Thu 01 Jan 2026 20:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56951
IP address blocks:        85.120.31.0/24 maxlen: 24
                          85.120.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:7f:d3:64:f1:ca:9c:d1:7b:8f:7f:29:7b:49:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76fbd1c1c091ac67363d89eb9ababe4cf2d0015b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:41:6b:eb:f7:79:8e:85:a3:13:1b:0d:2e:b1:
                    99:29:4e:e0:51:bf:6d:b3:a5:ef:7c:d9:c9:8e:d5:
                    94:ae:94:eb:91:ea:f8:89:5e:44:05:42:18:68:c8:
                    84:16:92:8a:66:5d:d5:7f:83:82:9f:6e:dd:44:47:
                    f6:5a:53:42:a1:42:be:e8:39:fe:72:59:f2:0d:35:
                    88:ea:f2:9e:c3:78:fa:51:77:7c:27:e4:53:43:20:
                    b3:de:f6:47:c6:87:c3:1f:8b:d6:d8:9a:48:ba:4a:
                    d1:d4:e8:cf:12:50:9a:46:f9:4a:60:5e:7b:ab:3a:
                    ba:67:a1:79:95:67:e1:94:8e:ca:bb:60:42:d9:d3:
                    08:ef:b4:63:94:1a:36:fc:d0:3c:04:fc:74:96:22:
                    1e:b2:9a:d6:c4:4d:99:29:a1:83:2b:00:00:43:06:
                    fa:ff:07:f4:69:a7:56:f9:b1:14:1c:6b:97:bc:94:
                    55:43:b0:6f:4c:d4:c0:92:f7:e4:71:94:df:bb:e1:
                    60:12:d5:cb:b6:41:d6:7a:65:cd:69:0d:3e:1e:47:
                    7e:7a:82:31:41:19:a5:84:13:16:0b:92:9a:61:8c:
                    4a:52:7e:d5:53:0e:4b:1b:a8:61:d9:65:d4:bf:ed:
                    27:31:af:a1:b7:ad:a4:1d:b2:d8:fe:b2:5b:9a:2c:
                    dd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FB:D1:C1:C0:91:AC:67:36:3D:89:EB:9A:BA:BE:4C:F2:D0:01:5B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/dvvRwcCRrGc2PYnrmrq-TPLQAVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.31.0-85.120.32.255

    Signature Algorithm: sha256WithRSAEncryption
         ad:f8:ba:dd:84:cc:e1:16:b0:98:ab:85:66:19:6f:3d:74:ed:
         70:5b:3f:8d:60:d4:b5:c2:39:3d:ae:e4:5b:9e:38:95:95:df:
         57:86:7e:3a:80:35:93:51:43:54:97:5a:ae:fa:60:ca:28:71:
         ed:3c:cd:fa:ab:c5:1b:8a:07:ca:e3:c1:12:d6:ef:3e:4e:bc:
         b6:a7:48:c2:01:12:0b:46:df:2a:fc:bc:9b:13:c1:d7:59:0e:
         d7:9e:9a:3b:e9:b3:eb:75:03:92:c6:ae:b0:58:30:7f:60:1d:
         65:84:f4:65:1c:69:0d:82:cc:be:20:64:d6:da:9d:aa:88:ac:
         86:0d:87:29:78:c8:50:81:80:1d:e7:c0:eb:f4:0b:91:f3:8a:
         d1:d1:1f:4d:ad:4d:2d:b3:a9:4f:10:5d:3c:00:58:0b:cf:e5:
         b1:65:0a:99:a0:85:91:bd:33:a9:9e:c8:15:9b:a4:d2:90:16:
         f7:a7:10:39:5a:40:c9:d3:17:3b:60:fc:3f:66:2f:ae:54:fb:
         d7:2d:21:fd:02:9c:6c:fa:13:c8:1e:6c:ff:90:03:07:5e:8b:
         60:21:db:04:ab:fc:0f:8a:8b:a5:75:7c:e9:05:a2:2b:e5:c9:
         f1:13:e8:26:70:b5:61:4c:c7:27:dd:96:83:c7:0c:a1:6f:cf:
         ed:d0:9e:56
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt7NX/TZPHKnNF7j38pe0m1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZiZDFjMWMwOTFhYzY3MzYzZDg5ZWI5YWJhYmU0Y2YyZDAwMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEFr6/d5joWjExsNLrGZKU7gUb9t
s6XvfNnJjtWUrpTrker4iV5EBUIYaMiEFpKKZl3Vf4OCn27dREf2WlNCoUK+6Dn+
clnyDTWI6vKew3j6UXd8J+RTQyCz3vZHxofDH4vW2JpIukrR1OjPElCaRvlKYF57
qzq6Z6F5lWfhlI7Ku2BC2dMI77RjlBo2/NA8BPx0liIesprWxE2ZKaGDKwAAQwb6
/wf0aadW+bEUHGuXvJRVQ7BvTNTAkvfkcZTfu+FgEtXLtkHWemXNaQ0+Hkd+eoIx
QRmlhBMWC5KaYYxKUn7VUw5LG6hh2WXUv+0nMa+ht62kHbLY/rJbmizdvwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHb70cHAkaxnNj2J65q6vkzy0AFbMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvZHZ2UndjQ1JyR2MyUFlucm1ycS1UUExRQVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVeB8D
BABVeCAwDQYJKoZIhvcNAQELBQADggEBAK34ut2EzOEWsJirhWYZbz107XBbP41g
1LXCOT2u5FueOJWV31eGfjqANZNRQ1SXWq76YMooce08zfqrxRuKB8rjwRLW7z5O
vLanSMIBEgtG3yr8vJsTwddZDteemjvps+t1A5LGrrBYMH9gHWWE9GUcaQ2CzL4g
ZNbanaqIrIYNhyl4yFCBgB3nwOv0C5HzitHRH02tTS2zqU8QXTwAWAvP5bFlCpmg
hZG9M6meyBWbpNKQFvenEDlaQMnTFztg/D9mL65U+9ctIf0CnGz6E8gebP+QAwde
i2Ah2wSr/A+Ki6V1fOkFoivlyfET6CZwtWFMxyfdloPHDKFvz+3QnlY=
-----END CERTIFICATE-----