This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/37dXvYDoLLgkPUjF4NxD-XXFFYI.roa
File:                     37dXvYDoLLgkPUjF4NxD-XXFFYI.roa (raw, json)
Hash identifier:          kSAD/e0L34SLlOnuXBzFWv60he1Bjkrs051xSNxh2jE=
Subject key identifier:   DF:B7:57:BD:80:E8:2C:B8:24:3D:48:C5:E0:DC:43:F9:75:C5:15:82
Certificate issuer:       /CN=0e95c3ace366db41bcdc256c5d5b3be490a4f761
Certificate serial:       019B7B35604B8DEE88CAC0AF89097AD6DE1E
Authority key identifier: 0E:95:C3:AC:E3:66:DB:41:BC:DC:25:6C:5D:5B:3B:E4:90:A4:F7:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/37dXvYDoLLgkPUjF4NxD-XXFFYI.roa
Signing time:             Thu 01 Jan 2026 20:17:34 +0000
ROA not before:           Thu 01 Jan 2026 20:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60903
IP address blocks:        185.128.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:60:4b:8d:ee:88:ca:c0:af:89:09:7a:d6:de:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e95c3ace366db41bcdc256c5d5b3be490a4f761
        Validity
            Not Before: Jan  1 20:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfb757bd80e82cb8243d48c5e0dc43f975c51582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f6:dd:69:ec:c0:e7:a1:b3:86:c8:d8:e4:26:
                    48:b4:c4:42:82:20:bd:3c:df:aa:60:f0:37:59:28:
                    e2:1a:2d:e6:9e:5d:e4:8b:57:f0:17:96:af:74:bc:
                    4f:59:d0:b4:a6:16:db:09:54:3d:e5:a2:0e:4d:11:
                    7f:92:3e:87:23:f6:ed:b4:33:f1:60:91:e2:13:68:
                    4f:b8:2c:58:5d:c0:5b:e5:33:8b:df:52:51:cc:1f:
                    69:4a:11:15:7f:9e:0a:a9:64:79:ce:9b:b1:07:02:
                    b4:b8:d7:43:f2:40:7a:30:8c:e2:03:22:d2:3e:49:
                    9b:d1:e2:f0:4d:77:d7:e6:1d:37:e0:8b:fd:4f:d0:
                    1d:77:6b:3a:4b:a3:29:51:8f:61:38:bb:d8:9a:a7:
                    5e:b4:a2:2d:af:6f:f5:19:7b:02:01:e8:4c:f7:fd:
                    b1:37:f0:e9:1d:48:7a:55:98:f4:51:5b:52:ff:4c:
                    97:77:8b:af:e8:74:84:5b:13:e9:b4:48:09:43:52:
                    ff:72:a1:2d:aa:0b:48:6d:fa:20:28:ea:97:4f:91:
                    e7:17:ab:e9:9a:3d:ca:47:f7:f2:10:f2:8c:ff:53:
                    48:af:88:f5:f2:88:7f:ec:48:f4:45:68:ab:16:cb:
                    22:1e:e0:22:c2:e0:e1:80:fe:97:19:c9:0d:da:98:
                    df:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B7:57:BD:80:E8:2C:B8:24:3D:48:C5:E0:DC:43:F9:75:C5:15:82
            X509v3 Authority Key Identifier:
                keyid:0E:95:C3:AC:E3:66:DB:41:BC:DC:25:6C:5D:5B:3B:E4:90:A4:F7:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/37dXvYDoLLgkPUjF4NxD-XXFFYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:bc:91:0b:f8:52:77:4f:33:e8:0e:f9:bc:45:7d:26:04:c3:
         1e:04:81:dc:ca:16:55:7f:4a:e3:7e:b2:0b:8c:e5:e1:00:ba:
         08:04:fc:68:43:06:c7:40:90:bb:97:d8:7e:8a:70:76:91:25:
         04:84:81:bc:56:80:a0:ca:cb:23:97:8e:2e:f7:11:8c:fb:01:
         02:c2:8b:c8:d1:af:9a:d4:d6:0a:38:8f:02:71:61:17:01:99:
         7b:ce:f3:0a:c0:d8:7e:50:13:6f:a6:12:15:bc:80:f2:c6:72:
         dc:4f:16:96:7a:34:1d:3c:5e:be:87:3f:d1:ac:da:ce:3d:94:
         1a:51:c9:bc:f0:a6:a6:9e:04:7b:bd:d0:05:98:32:30:fe:cf:
         55:71:64:8a:a7:46:01:61:c8:26:5b:f2:18:67:62:a7:35:95:
         82:66:df:dc:89:1a:74:f2:f8:8d:24:d9:e6:99:ea:1c:21:34:
         05:86:37:8a:d0:e7:70:19:2b:eb:16:4d:53:a7:47:5b:f3:a5:
         33:45:dd:89:d2:cc:9d:2b:3b:bd:03:4c:ef:90:c3:83:5f:3a:
         55:9f:e0:53:3c:0a:a8:7b:68:19:b2:00:5c:2f:08:12:fe:5f:
         90:82:6c:05:ae:45:ff:96:76:fa:d7:75:c6:78:6e:0d:05:90:
         be:b7:8d:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWBLje6IysCviQl61t4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTVjM2FjZTM2NmRiNDFiY2RjMjU2YzVkNWIzYmU0OTBh
NGY3NjEwHhcNMjYwMTAxMjAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI3NTdiZDgwZTgyY2I4MjQzZDQ4YzVlMGRjNDNmOTc1YzUxNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivbdaezA56GzhsjY5CZItMRCgiC9
PN+qYPA3WSjiGi3mnl3ki1fwF5avdLxPWdC0phbbCVQ95aIOTRF/kj6HI/bttDPx
YJHiE2hPuCxYXcBb5TOL31JRzB9pShEVf54KqWR5zpuxBwK0uNdD8kB6MIziAyLS
Pkmb0eLwTXfX5h034Iv9T9Add2s6S6MpUY9hOLvYmqdetKItr2/1GXsCAehM9/2x
N/DpHUh6VZj0UVtS/0yXd4uv6HSEWxPptEgJQ1L/cqEtqgtIbfogKOqXT5HnF6vp
mj3KR/fyEPKM/1NIr4j18oh/7Ej0RWirFssiHuAiwuDhgP6XGckN2pjf/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+3V72A6Cy4JD1IxeDcQ/l1xRWCMB8GA1UdIwQY
MBaAFA6Vw6zjZttBvNwlbF1bO+SQpPdhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBYRHJPTm0yMEc4M0NWc1hWczc1SkNrOTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xY2Q5MDctNDRkMi00NmIxLThiZWMt
ZjUzZTUxYzA5NzRmLzEvMzdkWHZZRG9MTGdrUFVqRjROeEQtWFhGRllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xY2Q5MDctNDRkMi00NmIxLThiZWMtZjUzZTUxYzA5NzRm
LzEvRHBYRHJPTm0yMEc4M0NWc1hWczc1SkNrOTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYCgMA0G
CSqGSIb3DQEBCwUAA4IBAQAivJEL+FJ3TzPoDvm8RX0mBMMeBIHcyhZVf0rjfrIL
jOXhALoIBPxoQwbHQJC7l9h+inB2kSUEhIG8VoCgyssjl44u9xGM+wECwovI0a+a
1NYKOI8CcWEXAZl7zvMKwNh+UBNvphIVvIDyxnLcTxaWejQdPF6+hz/RrNrOPZQa
Ucm88KamngR7vdAFmDIw/s9VcWSKp0YBYcgmW/IYZ2KnNZWCZt/ciRp08viNJNnm
meocITQFhjeK0OdwGSvrFk1Tp0db86UzRd2J0sydKzu9A0zvkMODXzpVn+BTPAqo
e2gZsgBcLwgS/l+QgmwFrkX/lnb613XGeG4NBZC+t40a
-----END CERTIFICATE-----