This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/IsNagTQeIBhCK_eEzJwts2JVNCw.roa
File:                     IsNagTQeIBhCK_eEzJwts2JVNCw.roa (raw, json)
Hash identifier:          3EGVWuicI7zf/jhSqYDgo9FfBBbPEXmJZo6gLFFiDu0=
Subject key identifier:   22:C3:5A:81:34:1E:20:18:42:2B:F7:84:CC:9C:2D:B3:62:55:34:2C
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       019B7F159B45ACCC0048A5EE3D72D86D3ACB
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/IsNagTQeIBhCK_eEzJwts2JVNCw.roa
Signing time:             Fri 02 Jan 2026 14:21:21 +0000
ROA not before:           Fri 02 Jan 2026 14:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209043
IP address blocks:        85.208.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:9b:45:ac:cc:00:48:a5:ee:3d:72:d8:6d:3a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 14:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22c35a81341e2018422bf784cc9c2db36255342c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a9:08:ec:7c:b2:31:bd:ec:b1:69:16:58:20:
                    a4:c7:69:53:bc:09:83:b2:bb:e2:e0:f4:b9:bd:e3:
                    3c:e3:91:45:44:0d:0c:75:2c:5d:48:a6:3b:a2:33:
                    18:59:0a:8a:7c:b2:0d:eb:01:e4:e1:76:d5:02:9e:
                    a1:76:ca:1d:88:f9:e0:ff:13:84:27:9f:98:41:62:
                    26:b9:65:2e:5c:d7:a4:d2:a8:45:12:d4:79:08:67:
                    24:6c:34:18:97:4a:e1:20:db:7b:a0:aa:33:2d:b4:
                    18:99:2b:b5:9b:8a:a0:e7:40:27:66:32:f7:53:54:
                    d9:91:2e:32:ca:37:e7:91:7e:73:d9:4d:63:11:c4:
                    ad:a4:ef:dd:f0:94:7d:57:2a:c5:d4:ba:99:b2:26:
                    51:04:54:17:60:b3:99:19:49:59:da:72:0d:59:ad:
                    a3:d8:85:3a:18:31:5f:bc:a2:43:93:03:01:1d:0a:
                    7d:c4:2d:e6:c6:f6:26:8c:19:eb:b9:9d:54:20:b0:
                    9a:bc:c0:18:ee:39:35:ab:0f:6c:17:6f:c0:59:38:
                    bc:fe:ef:ce:91:5c:53:a2:e3:46:68:44:30:c5:14:
                    dc:ea:61:9e:db:79:fd:b2:45:43:23:a4:2e:82:38:
                    e0:19:b8:e6:18:bd:14:7e:9c:d2:c6:a4:bb:98:ad:
                    e9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C3:5A:81:34:1E:20:18:42:2B:F7:84:CC:9C:2D:B3:62:55:34:2C
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/IsNagTQeIBhCK_eEzJwts2JVNCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0a:5c:69:b0:00:ab:3e:9d:ef:0f:57:32:ce:da:cc:a7:e7:
         24:05:1f:fc:4b:8e:7e:a3:a4:01:a9:e9:d7:a2:d6:7e:2a:34:
         51:40:bd:cd:2d:a2:1a:1f:20:cc:fd:f6:ea:e0:cd:47:43:9a:
         34:fb:39:65:97:83:1a:e8:86:7b:ff:9c:6a:2f:d4:26:28:d4:
         19:33:ac:eb:1a:cb:fa:ef:39:49:71:0f:6a:88:a4:4b:ce:fd:
         c3:16:5a:3a:28:15:2d:a7:8f:1f:f7:fe:b0:0d:24:b8:bc:ca:
         95:47:33:5e:ca:91:f3:51:7e:f7:bc:ff:0c:97:01:1d:75:9f:
         40:4a:10:e7:8e:64:be:dd:66:74:03:eb:f2:d3:86:f0:02:53:
         e2:fc:55:30:8e:2b:2a:8a:86:5d:fe:e3:a0:d9:37:66:63:d1:
         07:86:93:d3:c7:14:50:24:2f:80:17:9a:f8:5b:3a:96:a4:ff:
         26:67:07:78:b7:f6:24:11:44:df:55:5b:d4:37:db:98:94:c2:
         a3:2d:65:45:94:b5:43:f0:9c:56:47:35:cf:0f:7b:21:cd:82:
         73:39:cb:2e:0d:8e:d4:90:0b:f4:52:88:0b:3f:f2:75:ba:ee:
         75:26:4f:d1:3f:a7:82:c5:b8:ea:d2:45:ff:d4:3c:b9:62:b0:
         50:13:71:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZtFrMwASKXuPXLYbTrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjYwMTAyMTQyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmMzNWE4MTM0MWUyMDE4NDIyYmY3ODRjYzljMmRiMzYyNTUzNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16kI7HyyMb3ssWkWWCCkx2lTvAmD
srvi4PS5veM845FFRA0MdSxdSKY7ojMYWQqKfLIN6wHk4XbVAp6hdsodiPng/xOE
J5+YQWImuWUuXNek0qhFEtR5CGckbDQYl0rhINt7oKozLbQYmSu1m4qg50AnZjL3
U1TZkS4yyjfnkX5z2U1jEcStpO/d8JR9VyrF1LqZsiZRBFQXYLOZGUlZ2nINWa2j
2IU6GDFfvKJDkwMBHQp9xC3mxvYmjBnruZ1UILCavMAY7jk1qw9sF2/AWTi8/u/O
kVxTouNGaEQwxRTc6mGe23n9skVDI6QugjjgGbjmGL0UfpzSxqS7mK3ppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLDWoE0HiAYQiv3hMycLbNiVTQsMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvSXNOYWdUUWVJQmhDS19lRXpKd3RzMkpWTkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdAvMA0G
CSqGSIb3DQEBCwUAA4IBAQCJClxpsACrPp3vD1cyztrMp+ckBR/8S45+o6QBqenX
otZ+KjRRQL3NLaIaHyDM/fbq4M1HQ5o0+zlll4Ma6IZ7/5xqL9QmKNQZM6zrGsv6
7zlJcQ9qiKRLzv3DFlo6KBUtp48f9/6wDSS4vMqVRzNeypHzUX73vP8MlwEddZ9A
ShDnjmS+3WZ0A+vy04bwAlPi/FUwjisqioZd/uOg2TdmY9EHhpPTxxRQJC+AF5r4
WzqWpP8mZwd4t/YkEUTfVVvUN9uYlMKjLWVFlLVD8JxWRzXPD3shzYJzOcsuDY7U
kAv0UogLP/J1uu51Jk/RP6eCxbjq0kX/1Dy5YrBQE3F3
-----END CERTIFICATE-----