This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aYfBlanrTB5cij6TXn_l2zR54n8.roa
File:                     aYfBlanrTB5cij6TXn_l2zR54n8.roa (raw, json)
Hash identifier:          rdHa8Lp/B53LP7u6LpPEJQHsBh+aQBvMpYng8uwX03w=
Subject key identifier:   69:87:C1:95:A9:EB:4C:1E:5C:8A:3E:93:5E:7F:E5:DB:34:79:E2:7F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15EC454470B2E7CE6FB4628859AEFB
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aYfBlanrTB5cij6TXn_l2zR54n8.roa
Signing time:             Fri 02 Jan 2026 14:21:41 +0000
ROA not before:           Fri 02 Jan 2026 14:21:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203648
IP address blocks:        185.200.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:ec:45:44:70:b2:e7:ce:6f:b4:62:88:59:ae:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6987c195a9eb4c1e5c8a3e935e7fe5db3479e27f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5e:ad:b8:78:f8:8d:59:08:d7:56:5e:31:9b:
                    09:9f:5f:05:2d:68:d3:ba:14:d3:d4:0c:ff:d0:02:
                    07:5e:fd:18:2b:ee:fe:43:ff:ed:6a:55:48:d5:ee:
                    fd:45:0e:dd:bb:39:6a:40:26:bb:74:cd:15:46:e5:
                    0f:70:2d:c1:27:5c:c7:ef:3e:29:d7:13:f9:3e:7c:
                    fa:58:0e:60:b8:91:1c:d0:ca:9e:a8:64:9d:ee:05:
                    e3:60:ec:ee:32:bd:9d:d1:70:e0:5c:cf:db:0f:32:
                    34:86:af:f5:2b:1d:ce:aa:54:6b:0c:22:e6:a5:9a:
                    a6:06:70:c0:52:d3:28:cb:6f:3d:fb:8a:ff:ce:d7:
                    d0:8e:85:b5:e7:ba:45:47:d9:cb:59:e5:a8:30:a3:
                    7d:1f:fb:07:e0:6a:72:f7:a3:b6:97:44:07:39:0f:
                    c7:3e:90:3e:af:a5:6a:af:e7:7b:f4:2f:84:54:65:
                    bb:af:72:2c:48:46:3f:4b:e1:3c:c5:b8:d8:e8:7a:
                    69:f5:ce:d8:cf:0e:d1:ba:c0:12:f9:79:2d:de:81:
                    b2:0d:9d:47:89:2e:1d:b8:d1:3e:2d:82:ff:14:ca:
                    11:00:43:bd:61:62:43:d4:63:10:aa:3c:8c:6f:47:
                    d4:b7:78:17:e9:28:92:d5:e5:4a:98:40:ff:8a:17:
                    df:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:87:C1:95:A9:EB:4C:1E:5C:8A:3E:93:5E:7F:E5:DB:34:79:E2:7F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/aYfBlanrTB5cij6TXn_l2zR54n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:a3:14:a7:ad:f3:4a:62:a6:2f:64:69:ad:f0:57:0b:27:a0:
         6d:3c:67:48:26:9e:66:e3:1d:60:56:72:36:dc:b2:fc:2e:b5:
         da:6c:eb:99:49:d7:38:96:07:be:74:fa:d6:20:8f:85:59:2a:
         7d:85:88:1c:70:9a:42:73:7f:de:2d:65:77:ad:f3:3d:60:44:
         0b:2d:c1:f3:4f:45:16:5c:ff:fb:8e:3f:fa:2c:79:1c:90:da:
         24:e9:5b:56:20:c3:71:7d:72:be:aa:1d:86:9a:4f:40:f3:fa:
         65:6e:18:b4:eb:fa:c0:8e:fa:f4:25:88:1f:12:99:d6:69:f0:
         39:5b:46:5f:93:fd:57:30:9b:34:d0:fd:89:43:6e:5f:21:21:
         d7:e7:c6:46:0a:08:4e:79:8d:af:0d:29:62:a2:ef:e5:e7:a8:
         25:46:b2:30:a2:1d:23:10:8e:f7:a5:51:78:69:78:80:a3:dd:
         8c:bd:19:3e:5a:c2:e4:19:3b:fc:9d:ad:a7:f8:a9:c7:de:3f:
         a7:aa:53:0c:02:20:16:f5:25:6a:bd:b9:38:bb:f9:33:8d:99:
         c0:f7:57:dd:92:12:8a:bd:17:b1:e3:02:19:ae:7f:89:68:99:
         f4:9f:2c:cc:e5:69:58:a5:91:81:d7:b0:38:e3:20:45:ea:b7:
         7c:2a:bd:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FexFRHCy585vtGKIWa77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTg3YzE5NWE5ZWI0YzFlNWM4YTNlOTM1ZTdmZTVkYjM0NzllMjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl6tuHj4jVkI11ZeMZsJn18FLWjT
uhTT1Az/0AIHXv0YK+7+Q//talVI1e79RQ7duzlqQCa7dM0VRuUPcC3BJ1zH7z4p
1xP5Pnz6WA5guJEc0MqeqGSd7gXjYOzuMr2d0XDgXM/bDzI0hq/1Kx3OqlRrDCLm
pZqmBnDAUtMoy289+4r/ztfQjoW157pFR9nLWeWoMKN9H/sH4Gpy96O2l0QHOQ/H
PpA+r6Vqr+d79C+EVGW7r3IsSEY/S+E8xbjY6Hpp9c7Yzw7RusAS+Xkt3oGyDZ1H
iS4duNE+LYL/FMoRAEO9YWJD1GMQqjyMb0fUt3gX6SiS1eVKmED/ihffgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmHwZWp60weXIo+k15/5ds0eeJ/MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvYVlmQmxhbnJUQjVjaWo2VFhuX2wyelI1NG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucg/MA0G
CSqGSIb3DQEBCwUAA4IBAQBdoxSnrfNKYqYvZGmt8FcLJ6BtPGdIJp5m4x1gVnI2
3LL8LrXabOuZSdc4lge+dPrWII+FWSp9hYgccJpCc3/eLWV3rfM9YEQLLcHzT0UW
XP/7jj/6LHkckNok6VtWIMNxfXK+qh2Gmk9A8/plbhi06/rAjvr0JYgfEpnWafA5
W0Zfk/1XMJs00P2JQ25fISHX58ZGCghOeY2vDSliou/l56glRrIwoh0jEI73pVF4
aXiAo92MvRk+WsLkGTv8na2n+KnH3j+nqlMMAiAW9SVqvbk4u/kzjZnA91fdkhKK
vRex4wIZrn+JaJn0nyzM5WlYpZGB17A44yBF6rd8Kr07
-----END CERTIFICATE-----