This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/iztt7eTn9DZjm_OcCmUHYazEdwU.roa
File:                     iztt7eTn9DZjm_OcCmUHYazEdwU.roa (raw, json)
Hash identifier:          0Z5TMWJyvLNk+8CeqaEiIzTEQ7rlIMGFtynDFhpmUnI=
Subject key identifier:   8B:3B:6D:ED:E4:E7:F4:36:63:9B:F3:9C:0A:65:07:61:AC:C4:77:05
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3582359A114C3EA077DFF8EE904840
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/iztt7eTn9DZjm_OcCmUHYazEdwU.roa
Signing time:             Thu 01 Jan 2026 20:17:42 +0000
ROA not before:           Thu 01 Jan 2026 20:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60615
IP address blocks:        85.120.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:82:35:9a:11:4c:3e:a0:77:df:f8:ee:90:48:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b3b6dede4e7f436639bf39c0a650761acc47705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1b:d8:88:45:5e:f9:9f:cf:13:6e:e7:60:14:
                    58:b7:49:f6:a5:de:17:b8:45:2f:97:99:b1:c6:f2:
                    5d:25:19:c2:75:7d:c9:08:35:17:84:7e:7e:40:08:
                    0c:6c:a7:f8:2c:9f:93:f1:2b:b7:87:b8:f9:02:d4:
                    b5:81:ea:ce:74:d1:66:73:af:c2:dd:50:6e:32:92:
                    68:1a:91:db:60:b1:45:70:75:2f:66:27:39:a3:00:
                    bb:e9:72:ab:c3:e5:0d:72:e8:97:2c:b0:19:4c:c8:
                    7d:69:89:41:b4:0d:b7:ab:06:ce:1e:bc:93:0c:05:
                    db:f6:17:1d:b4:73:2b:a1:50:a2:38:a2:b6:e4:29:
                    47:d3:17:57:e2:c9:5f:7b:e3:3e:28:2d:5f:d6:62:
                    46:52:4b:ea:21:74:07:38:cf:f8:d0:cb:35:56:5f:
                    03:37:30:22:49:a5:1a:17:65:1a:bf:85:95:5d:35:
                    6a:c3:70:30:97:ef:68:e2:06:8f:b1:59:e1:46:41:
                    32:da:97:09:43:63:37:86:62:73:22:8d:83:dc:01:
                    1b:01:09:e3:21:6e:6a:8e:a5:05:f5:1e:11:84:fa:
                    e2:ba:c7:73:4a:92:f8:cb:10:84:71:eb:ed:28:df:
                    5e:5e:9f:52:ba:2b:a1:41:5f:d2:2a:7c:84:14:db:
                    bb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:3B:6D:ED:E4:E7:F4:36:63:9B:F3:9C:0A:65:07:61:AC:C4:77:05
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/iztt7eTn9DZjm_OcCmUHYazEdwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:de:fd:f7:19:e3:8d:30:b5:bd:94:84:69:da:23:9e:8f:da:
         ea:1e:a0:e0:51:5d:c6:fc:09:8c:f0:84:b8:41:d2:b3:78:4e:
         63:be:21:64:78:84:fb:c4:29:0f:3b:53:4c:3d:64:c5:d1:57:
         0b:89:83:4d:2f:e4:ab:bf:18:77:a6:1f:93:a8:fc:82:a3:43:
         c5:88:50:7e:0b:91:67:28:a6:b8:58:41:7d:c4:d8:f5:96:11:
         ac:0e:dc:9c:a0:82:4d:45:fc:08:48:96:15:a0:1c:49:f3:72:
         7b:99:a8:ac:ae:78:71:78:96:53:6b:62:2a:af:d6:eb:40:08:
         d7:2c:7c:14:43:59:7c:2a:71:6e:2a:b1:00:26:c2:83:3a:b5:
         89:a7:36:2f:ce:b7:87:c8:ba:df:ca:17:41:e8:8a:3e:e9:b9:
         93:3b:ca:ef:50:2d:13:7b:d1:48:ff:a8:ab:e0:f8:4d:3b:fb:
         5d:5b:5a:43:32:07:23:e1:e1:85:46:08:db:0f:1e:46:5d:76:
         78:36:28:32:3b:ea:30:25:e2:77:c7:c8:1a:0e:88:fd:67:72:
         79:e0:12:f4:e8:24:dc:f4:1c:57:ae:11:d8:ef:e4:e9:dc:cd:
         f0:3c:90:1c:1d:6c:98:5f:fe:12:e3:1a:db:b3:f4:40:62:57:
         62:a7:49:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NYI1mhFMPqB33/jukEhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjNiNmRlZGU0ZTdmNDM2NjM5YmYzOWMwYTY1MDc2MWFjYzQ3NzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhvYiEVe+Z/PE27nYBRYt0n2pd4X
uEUvl5mxxvJdJRnCdX3JCDUXhH5+QAgMbKf4LJ+T8Su3h7j5AtS1gerOdNFmc6/C
3VBuMpJoGpHbYLFFcHUvZic5owC76XKrw+UNcuiXLLAZTMh9aYlBtA23qwbOHryT
DAXb9hcdtHMroVCiOKK25ClH0xdX4slfe+M+KC1f1mJGUkvqIXQHOM/40Ms1Vl8D
NzAiSaUaF2Uav4WVXTVqw3Awl+9o4gaPsVnhRkEy2pcJQ2M3hmJzIo2D3AEbAQnj
IW5qjqUF9R4RhPriusdzSpL4yxCEcevtKN9eXp9SuiuhQV/SKnyEFNu7kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIs7be3k5/Q2Y5vznAplB2GsxHcFMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvaXp0dDdlVG45RFpqbV9PY0NtVUhZYXpFZHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXjoMA0G
CSqGSIb3DQEBCwUAA4IBAQBn3v33GeONMLW9lIRp2iOej9rqHqDgUV3G/AmM8IS4
QdKzeE5jviFkeIT7xCkPO1NMPWTF0VcLiYNNL+Srvxh3ph+TqPyCo0PFiFB+C5Fn
KKa4WEF9xNj1lhGsDtycoIJNRfwISJYVoBxJ83J7maisrnhxeJZTa2Iqr9brQAjX
LHwUQ1l8KnFuKrEAJsKDOrWJpzYvzreHyLrfyhdB6Io+6bmTO8rvUC0Te9FI/6ir
4PhNO/tdW1pDMgcj4eGFRgjbDx5GXXZ4NigyO+owJeJ3x8gaDoj9Z3J54BL06CTc
9BxXrhHY7+Tp3M3wPJAcHWyYX/4S4xrbs/RAYldip0kL
-----END CERTIFICATE-----