This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s0Jcrn8KgooQt0Ji53m5uic9l-A.roa
File:                     s0Jcrn8KgooQt0Ji53m5uic9l-A.roa (raw, json)
Hash identifier:          6tHi49agF69uvr9JLsVNdUD12hPjd2tBC03R+SqOfc0=
Subject key identifier:   B3:42:5C:AE:7F:0A:82:8A:10:B7:42:62:E7:79:B9:BA:27:3D:97:E0
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B359055B71EA5BEC42A42A6585F0257
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s0Jcrn8KgooQt0Ji53m5uic9l-A.roa
Signing time:             Thu 01 Jan 2026 20:17:46 +0000
ROA not before:           Thu 01 Jan 2026 20:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205095
IP address blocks:        85.120.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:90:55:b7:1e:a5:be:c4:2a:42:a6:58:5f:02:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3425cae7f0a828a10b74262e779b9ba273d97e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b7:e8:31:33:15:88:58:78:8f:02:05:ad:4a:
                    83:c0:20:20:1c:b8:4c:23:3f:2c:8c:70:ee:a6:96:
                    e5:26:36:c0:e0:22:c5:9a:81:34:69:a7:eb:4c:57:
                    29:f9:cf:25:05:9f:10:e0:75:67:fa:6f:76:3b:ec:
                    e8:84:c4:23:7b:37:28:d7:41:10:be:81:d1:74:3b:
                    e3:36:23:9e:6b:3b:44:1e:80:28:2c:df:73:3a:49:
                    bd:71:43:64:55:f3:45:5c:44:cc:f8:13:cf:9b:25:
                    3a:8d:71:d4:c8:16:32:ba:ec:37:f0:79:0d:7c:0b:
                    a3:8c:33:d1:37:a5:84:63:7f:4a:6c:ca:eb:c7:49:
                    42:e9:3e:3e:af:b1:65:54:1d:84:8e:bb:55:ab:5b:
                    80:f2:48:0f:00:4c:06:a7:f6:b0:68:ce:b2:f5:d9:
                    9f:20:3c:a8:a3:eb:0d:1b:ed:1b:24:14:69:73:cf:
                    0e:20:dd:98:0a:b3:e9:30:c4:f0:82:cd:b1:a4:72:
                    be:b9:66:ee:e1:4c:90:4a:70:cf:eb:52:a0:2b:25:
                    2d:61:9d:16:11:c3:52:15:0b:b5:65:3e:3b:21:9c:
                    d3:3a:25:bd:9c:20:39:ef:8f:70:cc:13:7f:aa:50:
                    ae:c7:c5:b2:fa:80:a9:5d:31:a9:47:da:36:c4:f6:
                    03:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:42:5C:AE:7F:0A:82:8A:10:B7:42:62:E7:79:B9:BA:27:3D:97:E0
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s0Jcrn8KgooQt0Ji53m5uic9l-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:16:44:06:24:b6:1b:39:6c:ea:43:ad:a2:f3:b4:82:ea:03:
         9c:bf:55:2d:d9:50:37:bb:8f:7f:ae:bc:80:3e:b6:0d:fc:60:
         5a:0c:5a:0a:47:e0:fa:5a:c5:a8:71:48:6f:05:0a:c9:45:b0:
         e3:f1:51:b2:72:b8:3c:cb:e2:06:29:c0:5e:6f:13:15:34:09:
         58:2e:2b:fe:19:d7:1e:bc:5e:26:b7:a5:c9:1c:5a:10:b5:e2:
         d6:e1:d1:a2:0e:31:4b:6f:1d:0f:bd:ca:8a:f8:46:7a:3f:2e:
         bc:3d:bc:2f:aa:ef:99:fc:59:f6:cc:48:fd:a7:d4:ce:81:25:
         51:d1:e9:23:1b:9a:c6:7b:8e:e8:5b:fc:b1:8e:46:72:fe:10:
         a7:d0:63:be:25:70:8d:74:e4:5f:ad:ac:76:07:47:95:bd:66:
         5f:4b:ff:2a:1b:17:c4:81:d5:3f:2e:e4:f9:a4:93:7e:de:fc:
         9b:f7:24:49:ea:9a:47:4d:6d:72:cf:10:44:80:bb:a7:2b:71:
         82:76:d5:56:6a:39:ff:92:dd:a0:b8:40:b6:b6:9f:c9:36:8d:
         55:7c:b3:5b:b2:da:67:f4:ae:3c:06:20:11:07:a3:b0:3d:e4:
         1f:1d:e0:c3:44:17:b6:3c:d3:9c:ae:40:ba:0b:3a:6a:0d:95:
         ce:b1:49:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NZBVtx6lvsQqQqZYXwJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQyNWNhZTdmMGE4MjhhMTBiNzQyNjJlNzc5YjliYTI3M2Q5N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rfoMTMViFh4jwIFrUqDwCAgHLhM
Iz8sjHDuppblJjbA4CLFmoE0aafrTFcp+c8lBZ8Q4HVn+m92O+zohMQjezco10EQ
voHRdDvjNiOeaztEHoAoLN9zOkm9cUNkVfNFXETM+BPPmyU6jXHUyBYyuuw38HkN
fAujjDPRN6WEY39KbMrrx0lC6T4+r7FlVB2EjrtVq1uA8kgPAEwGp/awaM6y9dmf
IDyoo+sNG+0bJBRpc88OIN2YCrPpMMTwgs2xpHK+uWbu4UyQSnDP61KgKyUtYZ0W
EcNSFQu1ZT47IZzTOiW9nCA5749wzBN/qlCux8Wy+oCpXTGpR9o2xPYDZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNCXK5/CoKKELdCYud5ubonPZfgMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvczBKY3JuOEtnb29RdDBKaTUzbTV1aWM5bC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXg5MA0G
CSqGSIb3DQEBCwUAA4IBAQCHFkQGJLYbOWzqQ62i87SC6gOcv1Ut2VA3u49/rryA
PrYN/GBaDFoKR+D6WsWocUhvBQrJRbDj8VGycrg8y+IGKcBebxMVNAlYLiv+Gdce
vF4mt6XJHFoQteLW4dGiDjFLbx0PvcqK+EZ6Py68Pbwvqu+Z/Fn2zEj9p9TOgSVR
0ekjG5rGe47oW/yxjkZy/hCn0GO+JXCNdORfrax2B0eVvWZfS/8qGxfEgdU/LuT5
pJN+3vyb9yRJ6ppHTW1yzxBEgLunK3GCdtVWajn/kt2guEC2tp/JNo1VfLNbstpn
9K48BiARB6OwPeQfHeDDRBe2PNOcrkC6CzpqDZXOsUkS
-----END CERTIFICATE-----