This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/tPa9pSwrFvB1K6LXnFP7QgOZmQg.roa
File:                     tPa9pSwrFvB1K6LXnFP7QgOZmQg.roa (raw, json)
Hash identifier:          EuLOm9LNu+vdtWKW8xKy1jbrcq+2BOsoUg00XaJJYUM=
Subject key identifier:   B4:F6:BD:A5:2C:2B:16:F0:75:2B:A2:D7:9C:53:FB:42:03:99:99:08
Certificate issuer:       /CN=7703fd03a5f34d8d56e994c2b7f10ca49a0e0154
Certificate serial:       019B7DCAC0ACCA5812551441A0056FFB6161
Authority key identifier: 77:03:FD:03:A5:F3:4D:8D:56:E9:94:C2:B7:F1:0C:A4:9A:0E:01:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/tPa9pSwrFvB1K6LXnFP7QgOZmQg.roa
Signing time:             Fri 02 Jan 2026 08:19:58 +0000
ROA not before:           Fri 02 Jan 2026 08:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210080
IP address blocks:        185.221.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:c0:ac:ca:58:12:55:14:41:a0:05:6f:fb:61:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7703fd03a5f34d8d56e994c2b7f10ca49a0e0154
        Validity
            Not Before: Jan  2 08:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4f6bda52c2b16f0752ba2d79c53fb4203999908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c5:0f:e6:59:da:6c:8e:ff:4f:b8:f7:14:b3:
                    a3:10:c1:aa:5b:16:98:38:ef:f7:99:1a:dd:8a:32:
                    50:fa:b1:1b:00:19:3c:66:d5:03:3c:b7:44:66:c1:
                    83:5c:f1:6d:b1:d6:24:ce:0e:75:36:a1:23:12:79:
                    8d:c3:aa:03:33:99:ff:56:cd:78:3d:cc:45:19:67:
                    bd:73:33:8b:18:f6:b9:65:df:06:62:13:1c:fa:5d:
                    f7:22:6b:16:ef:60:a7:ae:9f:f8:7a:9e:89:57:aa:
                    f0:d7:bb:21:9e:ef:ca:d8:ce:45:95:8b:69:f3:24:
                    cb:3d:b0:db:43:ba:f8:1c:91:11:04:df:ec:e8:80:
                    53:4b:37:7f:fb:da:83:4a:bc:de:39:8e:ec:3b:86:
                    43:99:a4:c6:1d:d8:de:c9:08:f2:82:d5:6c:29:f0:
                    7b:76:c9:66:9f:f5:3e:ac:f2:1c:09:ed:35:22:21:
                    db:c9:18:ac:3d:c3:42:c7:3a:f9:58:b9:2a:ab:48:
                    44:92:9c:fa:2c:2a:ca:df:d3:70:d2:5b:b9:e0:58:
                    7e:3d:0b:1e:d5:9b:3e:33:86:24:b9:e4:0b:5d:81:
                    e6:b3:cc:28:0a:54:66:5c:1a:ec:7c:6a:55:a2:33:
                    b6:02:9b:cc:33:c5:d7:52:5a:4f:58:a8:0e:da:8e:
                    22:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F6:BD:A5:2C:2B:16:F0:75:2B:A2:D7:9C:53:FB:42:03:99:99:08
            X509v3 Authority Key Identifier:
                keyid:77:03:FD:03:A5:F3:4D:8D:56:E9:94:C2:B7:F1:0C:A4:9A:0E:01:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/tPa9pSwrFvB1K6LXnFP7QgOZmQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/c50251-a4e1-424d-9e92-ac6781e23e87/1/dwP9A6XzTY1W6ZTCt_EMpJoOAVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:5d:e0:dc:72:b6:b2:d0:6d:c3:cf:8e:8c:4b:e7:30:0c:cc:
         6a:6a:e5:d5:b3:9b:13:a4:e2:60:19:8a:ac:ed:56:75:19:f2:
         6b:a1:97:c3:60:d4:17:7b:6c:39:a0:36:9b:78:3e:cf:02:7f:
         6a:c4:c1:71:c4:d8:47:f3:28:37:cc:46:6b:a9:1d:93:2b:a1:
         e0:dd:15:8d:d5:87:37:02:34:c8:b2:8e:d9:09:f1:f2:27:fb:
         0a:1a:d1:ff:d4:94:32:6c:2e:21:20:54:15:60:58:c5:d6:ed:
         ef:5c:41:b6:bb:88:ad:01:4e:ca:cc:cc:df:e1:4f:25:a9:c3:
         e9:83:74:67:3d:e6:e7:4f:01:72:7a:a3:f4:0e:3d:bf:70:f5:
         13:94:a0:23:36:e1:ad:f3:ed:15:35:36:28:cd:70:b7:2c:c8:
         57:62:56:19:5a:ac:f6:71:01:ae:18:9f:fe:6c:ac:88:02:09:
         9c:2c:19:29:64:15:c0:0a:d7:64:d4:92:a9:12:f0:b7:2f:94:
         86:6d:c6:1e:04:a1:90:29:f2:98:cc:ae:e9:f0:ae:6b:04:fa:
         bd:5a:93:4d:be:33:82:c2:ab:60:ed:ba:8a:17:5f:a6:22:e7:
         8b:ae:17:73:c4:54:c9:8e:2c:47:5f:ab:70:c9:c3:3b:68:bf:
         6e:ad:f0:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ysCsylgSVRRBoAVv+2FhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MDNmZDAzYTVmMzRkOGQ1NmU5OTRjMmI3ZjEwY2E0OWEw
ZTAxNTQwHhcNMjYwMTAyMDgxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY2YmRhNTJjMmIxNmYwNzUyYmEyZDc5YzUzZmI0MjAzOTk5OTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sUP5lnabI7/T7j3FLOjEMGqWxaY
OO/3mRrdijJQ+rEbABk8ZtUDPLdEZsGDXPFtsdYkzg51NqEjEnmNw6oDM5n/Vs14
PcxFGWe9czOLGPa5Zd8GYhMc+l33ImsW72Cnrp/4ep6JV6rw17shnu/K2M5FlYtp
8yTLPbDbQ7r4HJERBN/s6IBTSzd/+9qDSrzeOY7sO4ZDmaTGHdjeyQjygtVsKfB7
dslmn/U+rPIcCe01IiHbyRisPcNCxzr5WLkqq0hEkpz6LCrK39Nw0lu54Fh+PQse
1Zs+M4YkueQLXYHms8woClRmXBrsfGpVojO2ApvMM8XXUlpPWKgO2o4iTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLT2vaUsKxbwdSui15xT+0IDmZkIMB8GA1UdIwQY
MBaAFHcD/QOl802NVumUwrfxDKSaDgFUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHdQOUE2WHpUWTFXNlpUQ3RfRU1wSm9PQVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jNTAyNTEtYTRlMS00MjRkLTllOTIt
YWM2NzgxZTIzZTg3LzEvdFBhOXBTd3JGdkIxSzZMWG5GUDdRZ09abVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jNTAyNTEtYTRlMS00MjRkLTllOTItYWM2NzgxZTIzZTg3
LzEvZHdQOUE2WHpUWTFXNlpUQ3RfRU1wSm9PQVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud2wMA0G
CSqGSIb3DQEBCwUAA4IBAQApXeDccray0G3Dz46MS+cwDMxqauXVs5sTpOJgGYqs
7VZ1GfJroZfDYNQXe2w5oDabeD7PAn9qxMFxxNhH8yg3zEZrqR2TK6Hg3RWN1Yc3
AjTIso7ZCfHyJ/sKGtH/1JQybC4hIFQVYFjF1u3vXEG2u4itAU7KzMzf4U8lqcPp
g3RnPebnTwFyeqP0Dj2/cPUTlKAjNuGt8+0VNTYozXC3LMhXYlYZWqz2cQGuGJ/+
bKyIAgmcLBkpZBXACtdk1JKpEvC3L5SGbcYeBKGQKfKYzK7p8K5rBPq9WpNNvjOC
wqtg7bqKF1+mIueLrhdzxFTJjixHX6twycM7aL9urfDB
-----END CERTIFICATE-----