This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s_iqPx8JCl56oTNyrdRU-9a2CIY.roa
File:                     s_iqPx8JCl56oTNyrdRU-9a2CIY.roa (raw, json)
Hash identifier:          6AnW/YNI0KXPCuZ/bRVFRB5NiOiVP0FapcsSpctVR+o=
Subject key identifier:   B3:F8:AA:3F:1F:09:0A:5E:7A:A1:33:72:AD:D4:54:FB:D6:B6:08:86
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B358DAAEB3307DE9516B441AEECA623
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s_iqPx8JCl56oTNyrdRU-9a2CIY.roa
Signing time:             Thu 01 Jan 2026 20:17:45 +0000
ROA not before:           Thu 01 Jan 2026 20:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204992
IP address blocks:        85.120.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:8d:aa:eb:33:07:de:95:16:b4:41:ae:ec:a6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3f8aa3f1f090a5e7aa13372add454fbd6b60886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:58:bf:83:b6:f1:99:f4:3c:da:f3:4e:4f:8b:
                    d4:29:57:85:b3:86:b5:a8:a1:f9:88:4d:db:95:86:
                    30:3c:94:93:d5:bd:bc:af:74:d7:81:2a:13:8a:e0:
                    5a:1d:6e:2a:02:f3:44:ff:23:55:ea:6a:cd:5f:89:
                    b4:e5:54:09:39:3f:bb:08:8e:11:7d:d1:38:cc:7e:
                    9a:5d:13:c4:e8:37:3a:31:76:6e:f3:50:e9:90:8c:
                    99:9a:a5:bf:f0:c0:6f:92:bd:7e:ca:dc:fd:87:7f:
                    1c:93:24:1f:e1:01:de:ef:39:cf:a6:f2:5e:3f:a2:
                    47:c9:41:33:95:c0:46:7d:49:55:90:f0:57:34:0d:
                    49:6d:40:01:79:7f:3e:8c:b4:45:ca:2d:80:8f:c5:
                    a5:76:97:d2:4e:47:7e:9e:33:bd:b3:6e:7f:9e:03:
                    a8:e6:7b:a4:94:b3:34:f3:7a:3f:f7:67:6a:5f:43:
                    ae:37:13:8d:16:3f:c1:48:27:07:6f:92:4d:07:61:
                    85:10:7c:90:1f:38:b8:ea:02:10:9e:91:e3:b6:0a:
                    3d:59:cc:54:ff:7c:7c:d2:7e:39:9b:69:ec:33:df:
                    74:01:fe:65:db:75:f3:04:38:96:39:62:cc:ea:60:
                    ed:7f:94:92:4f:ff:ed:ab:76:cd:9b:05:56:76:4c:
                    5e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F8:AA:3F:1F:09:0A:5E:7A:A1:33:72:AD:D4:54:FB:D6:B6:08:86
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/s_iqPx8JCl56oTNyrdRU-9a2CIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:89:7f:e2:2d:69:ea:ab:0d:c3:0d:4e:ef:f7:c7:34:14:83:
         a7:29:e6:40:cc:c6:17:b5:d6:e2:1a:e0:a1:01:d3:d6:45:d7:
         d9:a1:b4:59:53:2a:d7:c0:91:2d:2e:62:79:17:a3:68:e5:cd:
         20:e9:7a:d8:c7:ac:c0:bf:9a:74:d4:41:60:d0:9e:e9:c9:77:
         40:69:39:ac:7e:97:02:57:61:3a:35:72:9c:2b:53:98:b2:11:
         e2:0c:b1:30:53:47:ce:f4:eb:a6:e7:ab:b4:2e:a0:e0:ec:28:
         c2:89:00:3b:69:1c:c7:1a:b8:7d:0a:90:17:c8:c8:80:c8:4d:
         62:a3:92:4f:78:5d:94:2a:9e:e4:90:4f:12:84:d9:8b:84:21:
         6b:e8:7c:0a:8c:cb:73:67:1d:cf:74:e8:c1:5e:96:46:d0:b0:
         dd:03:00:0d:14:a4:29:fd:fa:40:d1:4b:62:b7:1a:dc:07:21:
         59:04:97:1f:35:29:97:1f:ff:9f:e4:90:9d:75:d5:cc:db:b0:
         37:ee:12:c2:0c:a9:4a:d0:b6:34:7c:20:ae:2c:34:b5:d4:9c:
         14:70:e9:63:fe:3e:e7:80:95:a6:73:a1:7a:cb:d6:b1:cb:88:
         26:5d:a3:65:6e:41:5a:e8:0e:0e:78:3c:db:9a:dc:a4:74:56:
         8c:d8:b8:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NY2q6zMH3pUWtEGu7KYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Y4YWEzZjFmMDkwYTVlN2FhMTMzNzJhZGQ0NTRmYmQ2YjYwODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFi/g7bxmfQ82vNOT4vUKVeFs4a1
qKH5iE3blYYwPJST1b28r3TXgSoTiuBaHW4qAvNE/yNV6mrNX4m05VQJOT+7CI4R
fdE4zH6aXRPE6Dc6MXZu81DpkIyZmqW/8MBvkr1+ytz9h38ckyQf4QHe7znPpvJe
P6JHyUEzlcBGfUlVkPBXNA1JbUABeX8+jLRFyi2Aj8WldpfSTkd+njO9s25/ngOo
5nuklLM083o/92dqX0OuNxONFj/BSCcHb5JNB2GFEHyQHzi46gIQnpHjtgo9WcxU
/3x80n45m2nsM990Af5l23XzBDiWOWLM6mDtf5SST//tq3bNmwVWdkxenQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLP4qj8fCQpeeqEzcq3UVPvWtgiGMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvc19pcVB4OEpDbDU2b1ROeXJkUlUtOWEyQ0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXhWMA0G
CSqGSIb3DQEBCwUAA4IBAQB8iX/iLWnqqw3DDU7v98c0FIOnKeZAzMYXtdbiGuCh
AdPWRdfZobRZUyrXwJEtLmJ5F6No5c0g6XrYx6zAv5p01EFg0J7pyXdAaTmsfpcC
V2E6NXKcK1OYshHiDLEwU0fO9Oum56u0LqDg7CjCiQA7aRzHGrh9CpAXyMiAyE1i
o5JPeF2UKp7kkE8ShNmLhCFr6HwKjMtzZx3PdOjBXpZG0LDdAwANFKQp/fpA0Uti
txrcByFZBJcfNSmXH/+f5JCdddXM27A37hLCDKlK0LY0fCCuLDS11JwUcOlj/j7n
gJWmc6F6y9axy4gmXaNlbkFa6A4OeDzbmtykdFaM2LjC
-----END CERTIFICATE-----