This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/XXnrfTeMWz5PhgtiK8a4AxaSgho.roa
File:                     XXnrfTeMWz5PhgtiK8a4AxaSgho.roa (raw, json)
Hash identifier:          yESjb+epkWscywuwChkZG1nAsFck4dw/7G4mvFgiS10=
Subject key identifier:   5D:79:EB:7D:37:8C:5B:3E:4F:86:0B:62:2B:C6:B8:03:16:92:82:1A
Certificate issuer:       /CN=6086314f87635e793bc2e3dbbed66405b8ac6771
Certificate serial:       019B77590670E8BF23B29EA85754567B5A3D
Authority key identifier: 60:86:31:4F:87:63:5E:79:3B:C2:E3:DB:BE:D6:64:05:B8:AC:67:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/XXnrfTeMWz5PhgtiK8a4AxaSgho.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204712
IP address blocks:        185.83.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:06:70:e8:bf:23:b2:9e:a8:57:54:56:7b:5a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6086314f87635e793bc2e3dbbed66405b8ac6771
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d79eb7d378c5b3e4f860b622bc6b8031692821a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:b7:56:97:61:40:e6:a2:32:b7:8c:54:66:
                    19:5f:ac:e1:be:99:57:6e:ca:62:c1:7c:4e:0b:8e:
                    68:70:42:99:4d:8d:e7:7e:f4:6d:5d:18:66:c0:80:
                    1e:79:32:15:92:13:34:48:da:08:61:25:97:9b:c6:
                    c9:4b:55:f5:84:92:b6:e9:7d:b2:26:e1:d3:39:68:
                    48:4a:a5:d1:34:0d:6a:b1:84:a8:75:1f:d2:65:14:
                    70:87:f9:e7:4d:ea:6a:94:d2:d9:e8:01:5e:37:99:
                    c9:1f:30:a3:e0:c8:05:a5:d8:c1:60:62:c9:e9:cc:
                    56:27:36:8b:f6:4c:13:5f:14:a0:2f:0d:25:f7:a3:
                    3d:0b:e4:d0:bb:5f:e2:47:2c:0e:0d:bd:0d:80:c0:
                    fa:0c:7a:95:17:0b:86:9d:de:82:58:48:93:9a:2a:
                    0c:cf:8c:a5:1b:cb:52:45:5d:a0:2a:64:9e:76:d4:
                    8f:7d:ad:d4:7f:92:db:3c:28:c9:69:ab:fe:23:88:
                    8e:9a:8b:13:33:fa:00:7c:4d:4f:8b:92:f0:4d:ca:
                    2e:50:10:92:74:56:7b:fd:d4:57:65:8b:23:30:e6:
                    d4:a1:25:6c:4e:d8:17:fb:e9:77:b5:fc:02:51:bd:
                    8a:eb:0c:74:8a:d4:76:85:7d:db:5a:6b:df:69:38:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:79:EB:7D:37:8C:5B:3E:4F:86:0B:62:2B:C6:B8:03:16:92:82:1A
            X509v3 Authority Key Identifier:
                keyid:60:86:31:4F:87:63:5E:79:3B:C2:E3:DB:BE:D6:64:05:B8:AC:67:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YIYxT4djXnk7wuPbvtZkBbisZ3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/XXnrfTeMWz5PhgtiK8a4AxaSgho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0fbc5f-7c04-40da-9d5a-0280598f19e3/1/YIYxT4djXnk7wuPbvtZkBbisZ3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:c8:15:f5:59:40:1b:b4:8b:e4:eb:c6:53:d0:b1:27:5e:f1:
         cf:6e:c8:a7:ac:11:28:2f:62:6d:c5:40:2b:04:72:ec:1a:f8:
         87:17:1f:77:75:56:57:3f:b6:4d:a1:cb:70:cb:3a:98:e7:53:
         4b:ae:72:d8:61:3c:98:dd:a4:12:a3:21:b2:3d:a7:dd:de:3e:
         77:a3:97:f5:35:27:f9:95:a5:3a:d2:c8:45:8d:3d:d4:6c:a4:
         79:db:2e:0e:c2:22:88:73:4c:d3:6e:9b:f8:75:97:0f:d0:f4:
         a9:02:ee:10:80:c8:b4:a3:37:3f:74:8a:9b:8b:88:1c:34:5f:
         bf:e4:df:29:8d:d7:3e:25:bc:30:b6:a9:53:ad:84:5a:7a:da:
         76:79:b8:9c:5a:ef:09:39:85:aa:2f:17:3d:25:b1:00:ae:3c:
         48:a4:21:39:93:48:1a:a9:35:d2:a3:54:95:69:6f:11:62:39:
         d6:69:c7:12:ab:ea:45:e2:aa:cf:b9:e9:9b:a2:3a:67:19:8c:
         67:27:fb:4b:10:35:a3:8f:25:ca:be:84:30:5b:15:f9:fd:f9:
         39:24:6b:fa:e2:4c:ee:e0:17:28:42:8f:f1:44:61:65:46:3e:
         38:3a:1a:75:d9:bc:ff:40:08:25:22:3f:ef:ff:64:ce:7d:81:
         6b:83:40:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQZw6L8jsp6oV1RWe1o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwODYzMTRmODc2MzVlNzkzYmMyZTNkYmJlZDY2NDA1Yjhh
YzY3NzEwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDc5ZWI3ZDM3OGM1YjNlNGY4NjBiNjIyYmM2YjgwMzE2OTI4MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPK3VpdhQOaiMreMVGYZX6zhvplX
bspiwXxOC45ocEKZTY3nfvRtXRhmwIAeeTIVkhM0SNoIYSWXm8bJS1X1hJK26X2y
JuHTOWhISqXRNA1qsYSodR/SZRRwh/nnTepqlNLZ6AFeN5nJHzCj4MgFpdjBYGLJ
6cxWJzaL9kwTXxSgLw0l96M9C+TQu1/iRywODb0NgMD6DHqVFwuGnd6CWEiTmioM
z4ylG8tSRV2gKmSedtSPfa3Uf5LbPCjJaav+I4iOmosTM/oAfE1Pi5LwTcouUBCS
dFZ7/dRXZYsjMObUoSVsTtgX++l3tfwCUb2K6wx0itR2hX3bWmvfaTg7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF156303jFs+T4YLYivGuAMWkoIaMB8GA1UdIwQY
MBaAFGCGMU+HY155O8Lj277WZAW4rGdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUlZeFQ0ZGpYbms3d3VQYnZ0WmtCYmlzWjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZmJjNWYtN2MwNC00MGRhLTlkNWEt
MDI4MDU5OGYxOWUzLzEvWFhucmZUZU1XejVQaGd0aUs4YTRBeGFTZ2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZmJjNWYtN2MwNC00MGRhLTlkNWEtMDI4MDU5OGYxOWUz
LzEvWUlZeFQ0ZGpYbms3d3VQYnZ0WmtCYmlzWjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVPAMA0G
CSqGSIb3DQEBCwUAA4IBAQBPyBX1WUAbtIvk68ZT0LEnXvHPbsinrBEoL2JtxUAr
BHLsGviHFx93dVZXP7ZNoctwyzqY51NLrnLYYTyY3aQSoyGyPafd3j53o5f1NSf5
laU60shFjT3UbKR52y4OwiKIc0zTbpv4dZcP0PSpAu4QgMi0ozc/dIqbi4gcNF+/
5N8pjdc+JbwwtqlTrYRaetp2ebicWu8JOYWqLxc9JbEArjxIpCE5k0gaqTXSo1SV
aW8RYjnWaccSq+pF4qrPuembojpnGYxnJ/tLEDWjjyXKvoQwWxX5/fk5JGv64kzu
4BcoQo/xRGFlRj44Ohp12bz/QAglIj/v/2TOfYFrg0AK
-----END CERTIFICATE-----