This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/j330ZQOtQiCZJuxomPWTMdBKcHQ.roa
File:                     j330ZQOtQiCZJuxomPWTMdBKcHQ.roa (raw, json)
Hash identifier:          MzEVW/Ea4Il5bIfwlWQJ+ibRovLnW9XexRlsZqbNutk=
Subject key identifier:   8F:7D:F4:65:03:AD:42:20:99:26:EC:68:98:F5:93:31:D0:4A:70:74
Certificate issuer:       /CN=d2e4cfe7f47f52464545adbb0bbc4d33478aaeb2
Certificate serial:       019B7CEE3EF0B9481328549176B0F384BFAA
Authority key identifier: D2:E4:CF:E7:F4:7F:52:46:45:45:AD:BB:0B:BC:4D:33:47:8A:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/j330ZQOtQiCZJuxomPWTMdBKcHQ.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        185.198.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3e:f0:b9:48:13:28:54:91:76:b0:f3:84:bf:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2e4cfe7f47f52464545adbb0bbc4d33478aaeb2
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f7df46503ad42209926ec6898f59331d04a7074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ed:b0:3e:bc:9b:16:23:4b:61:29:d1:1e:e9:
                    19:f6:cb:4e:cb:0e:1d:96:78:56:d8:e5:70:08:af:
                    bc:c9:9a:c0:7e:c5:8b:85:37:c3:bd:a3:e8:97:3e:
                    64:75:c4:0c:9c:b7:da:26:4d:bf:14:97:fe:2a:23:
                    f8:67:2f:d4:93:c9:ad:50:64:c4:75:1f:10:eb:ea:
                    fa:99:f7:04:96:1d:a9:b9:1f:dd:71:7b:39:f5:63:
                    33:c5:a5:a7:37:2f:cb:0d:12:bd:66:dc:34:ab:0d:
                    53:38:c5:ba:69:1d:67:1f:f4:3a:c2:c8:9d:b6:bd:
                    a1:bc:51:d0:34:64:be:55:e5:5c:6c:e7:17:1b:16:
                    4a:08:bf:4c:0d:9f:6b:29:2d:85:82:92:98:2a:fd:
                    d6:12:a9:3f:de:b5:62:88:4b:66:eb:c9:c6:1b:0e:
                    ce:d9:28:d7:9b:be:79:7a:89:6c:d7:99:df:07:1f:
                    9f:8f:01:b4:ad:83:a7:24:68:29:b0:1c:b8:5b:97:
                    be:07:e0:d0:8f:d9:0f:14:f3:7f:ee:f3:0b:3e:c2:
                    8b:27:24:c6:b4:c7:9b:98:b0:c8:c2:26:bf:6d:11:
                    ee:40:4d:3c:65:80:83:ec:16:06:72:ff:b2:d1:82:
                    67:78:94:83:0e:38:b1:ac:eb:99:24:7a:8a:a1:74:
                    ac:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7D:F4:65:03:AD:42:20:99:26:EC:68:98:F5:93:31:D0:4A:70:74
            X509v3 Authority Key Identifier:
                keyid:D2:E4:CF:E7:F4:7F:52:46:45:45:AD:BB:0B:BC:4D:33:47:8A:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/j330ZQOtQiCZJuxomPWTMdBKcHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:73:9c:dd:2c:73:de:d9:23:b1:76:35:20:2f:19:90:1a:f8:
         1f:0e:ca:26:8a:7c:97:44:8b:a7:44:f7:6d:16:00:3d:06:8d:
         9d:6b:10:db:11:2f:7e:65:c4:94:49:c6:2d:35:41:94:4a:24:
         d3:47:29:c8:f2:64:34:de:39:4d:1a:36:30:33:8f:4f:24:f0:
         66:db:b1:8b:f7:3c:3b:f7:d5:de:44:0e:9b:c2:43:ab:6d:8a:
         a4:98:d6:25:f5:fc:d2:4d:3a:75:13:2d:03:e5:fa:50:34:90:
         30:05:35:36:4b:b0:b0:32:34:df:a5:b5:ad:e1:3c:5f:45:91:
         e7:d8:9d:0d:d2:52:42:ac:84:c2:70:a8:a1:e9:d9:96:38:4a:
         0e:bb:54:d0:5d:87:ec:79:5b:b0:07:7f:8d:a6:ea:4a:fa:0a:
         7d:35:e0:7f:ef:ae:48:f5:a0:8e:f6:88:83:21:de:b7:c8:7a:
         03:97:19:bc:33:5f:0a:d9:04:98:2c:ec:f5:b0:cd:63:3e:36:
         7a:32:80:12:fe:0a:d2:8a:90:40:0a:1f:3d:c6:e0:3e:46:5b:
         7c:46:97:92:d5:c9:8b:73:01:2c:7a:c6:b5:3c:d1:04:28:d3:
         59:f1:9f:75:49:23:29:7d:67:df:8a:1d:ef:53:16:57:e0:b8:
         cd:a6:93:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87j7wuUgTKFSRdrDzhL+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZTRjZmU3ZjQ3ZjUyNDY0NTQ1YWRiYjBiYmM0ZDMzNDc4
YWFlYjIwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdkZjQ2NTAzYWQ0MjIwOTkyNmVjNjg5OGY1OTMzMWQwNGE3MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu2wPrybFiNLYSnRHukZ9stOyw4d
lnhW2OVwCK+8yZrAfsWLhTfDvaPolz5kdcQMnLfaJk2/FJf+KiP4Zy/Uk8mtUGTE
dR8Q6+r6mfcElh2puR/dcXs59WMzxaWnNy/LDRK9Ztw0qw1TOMW6aR1nH/Q6wsid
tr2hvFHQNGS+VeVcbOcXGxZKCL9MDZ9rKS2FgpKYKv3WEqk/3rViiEtm68nGGw7O
2SjXm755eols15nfBx+fjwG0rYOnJGgpsBy4W5e+B+DQj9kPFPN/7vMLPsKLJyTG
tMebmLDIwia/bRHuQE08ZYCD7BYGcv+y0YJneJSDDjixrOuZJHqKoXSswwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI999GUDrUIgmSbsaJj1kzHQSnB0MB8GA1UdIwQY
MBaAFNLkz+f0f1JGRUWtuwu8TTNHiq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHVUUDVfUl9Va1pGUmEyN0M3eE5NMGVLcnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8wZjFlZDMtNjNiYS00MjNiLWI5YzMt
OGYyMzFmNzMxN2I5LzEvajMzMFpRT3RRaUNaSnV4b21QV1RNZEJLY0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8wZjFlZDMtNjNiYS00MjNiLWI5YzMtOGYyMzFmNzMxN2I5
LzEvMHVUUDVfUl9Va1pGUmEyN0M3eE5NMGVLcnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucYNMA0G
CSqGSIb3DQEBCwUAA4IBAQCTc5zdLHPe2SOxdjUgLxmQGvgfDsominyXRIunRPdt
FgA9Bo2daxDbES9+ZcSUScYtNUGUSiTTRynI8mQ03jlNGjYwM49PJPBm27GL9zw7
99XeRA6bwkOrbYqkmNYl9fzSTTp1Ey0D5fpQNJAwBTU2S7CwMjTfpbWt4TxfRZHn
2J0N0lJCrITCcKih6dmWOEoOu1TQXYfseVuwB3+NpupK+gp9NeB/765I9aCO9oiD
Id63yHoDlxm8M18K2QSYLOz1sM1jPjZ6MoAS/grSipBACh89xuA+Rlt8RpeS1cmL
cwEsesa1PNEEKNNZ8Z91SSMpfWffih3vUxZX4LjNppMC
-----END CERTIFICATE-----