This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/FhAIMUxM-Ll-oJX8w_r_I6M_rVk.roa
File:                     FhAIMUxM-Ll-oJX8w_r_I6M_rVk.roa (raw, json)
Hash identifier:          nnvV5m84QJk1AHjPftM2Kij4fMdReO4PZF5m7Lms+G8=
Subject key identifier:   16:10:08:31:4C:4C:F8:B9:7E:A0:95:FC:C3:FA:FF:23:A3:3F:AD:59
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       019B7D5C78155885E5979FEBC363E326EE86
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/FhAIMUxM-Ll-oJX8w_r_I6M_rVk.roa
Signing time:             Fri 02 Jan 2026 06:19:30 +0000
ROA not before:           Fri 02 Jan 2026 06:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211165
IP address blocks:        185.22.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:78:15:58:85:e5:97:9f:eb:c3:63:e3:26:ee:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Jan  2 06:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=161008314c4cf8b97ea095fcc3faff23a33fad59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fe:a4:15:08:ec:97:b5:11:60:b8:6e:44:70:
                    42:bd:44:13:d2:f1:be:2e:80:82:76:f7:40:2f:f6:
                    71:ea:4a:47:3d:78:7e:6a:f1:85:48:8b:ca:03:43:
                    46:85:ae:8d:3c:94:09:90:a9:21:57:bc:c3:c2:8c:
                    03:64:34:aa:0c:47:4f:12:ad:18:07:51:4f:1b:8d:
                    18:a4:c6:0d:f3:28:f3:70:6b:10:04:3b:8d:42:e0:
                    60:aa:1e:9d:b2:e5:3d:11:8f:06:39:cd:9d:72:90:
                    0a:d1:53:6f:ec:22:bc:4c:79:3a:25:85:f4:8b:b6:
                    af:39:2d:91:86:d2:30:39:ba:3a:ea:ff:fc:96:02:
                    3b:65:a0:1e:d2:75:d5:f4:fc:d8:c7:6a:df:0b:30:
                    d7:d4:98:1e:95:9b:a4:a1:4b:c9:df:ab:32:5e:8d:
                    d7:71:5d:8a:bd:c8:ca:27:cf:cf:5e:76:8d:e4:ef:
                    5f:79:44:10:16:bb:7c:6f:22:8f:ee:9b:ea:ff:40:
                    e5:28:0f:45:05:ed:c0:b3:79:60:dd:cc:85:e2:b8:
                    30:b0:ff:e7:25:2d:6e:0a:7c:9a:21:0e:4d:b7:84:
                    bf:db:e1:d2:09:e0:45:8f:a2:a8:00:94:c0:12:7f:
                    20:d5:6c:b1:c1:08:53:67:85:1b:c0:ad:c9:ab:eb:
                    4c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:10:08:31:4C:4C:F8:B9:7E:A0:95:FC:C3:FA:FF:23:A3:3F:AD:59
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/FhAIMUxM-Ll-oJX8w_r_I6M_rVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:01:ec:57:bc:79:2d:15:93:56:a8:7f:eb:5c:8e:21:48:6a:
         3d:22:17:95:f3:61:ca:f7:a2:2c:ee:dd:5d:db:f9:44:24:55:
         1b:6a:73:7d:80:31:4b:e1:c7:1e:57:3d:1c:60:f6:23:22:93:
         ea:ce:16:be:c6:65:57:67:b5:c3:f4:d5:32:01:b9:fc:de:dd:
         8f:f1:97:61:da:c6:9a:73:cd:25:f2:91:df:fe:c7:ef:15:87:
         a0:b9:06:15:c1:e5:08:7a:be:4d:e6:1e:c2:eb:79:aa:fa:b2:
         84:aa:fa:25:92:1b:d9:71:7d:09:33:be:2b:44:e9:f7:1d:2e:
         88:a1:de:db:ae:d7:da:2c:91:42:32:88:9e:cf:04:f5:34:41:
         4b:9f:21:3d:85:c5:25:77:e5:12:65:e0:b0:cf:4a:b7:e1:f5:
         b9:2c:c9:ca:8f:ad:3b:5c:8e:de:6e:cf:b0:10:7f:ef:a0:62:
         54:25:7f:00:05:c4:47:09:62:80:3c:61:25:34:79:5d:67:eb:
         78:44:3f:bd:d1:74:e9:1c:d2:a6:0d:06:1b:17:e4:48:0e:d8:
         bb:ce:be:97:ae:13:6d:75:de:84:96:d5:eb:55:bc:6f:c3:4b:
         5e:dd:c6:f2:0d:d7:bc:74:d2:f8:d7:8f:25:58:da:9e:d9:9f:
         ea:40:b7:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XHgVWIXll5/rw2PjJu6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjYwMTAyMDYxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjEwMDgzMTRjNGNmOGI5N2VhMDk1ZmNjM2ZhZmYyM2EzM2ZhZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/6kFQjsl7URYLhuRHBCvUQT0vG+
LoCCdvdAL/Zx6kpHPXh+avGFSIvKA0NGha6NPJQJkKkhV7zDwowDZDSqDEdPEq0Y
B1FPG40YpMYN8yjzcGsQBDuNQuBgqh6dsuU9EY8GOc2dcpAK0VNv7CK8THk6JYX0
i7avOS2RhtIwObo66v/8lgI7ZaAe0nXV9PzYx2rfCzDX1JgelZukoUvJ36syXo3X
cV2KvcjKJ8/PXnaN5O9feUQQFrt8byKP7pvq/0DlKA9FBe3As3lg3cyF4rgwsP/n
JS1uCnyaIQ5Nt4S/2+HSCeBFj6KoAJTAEn8g1WyxwQhTZ4UbwK3Jq+tMBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYQCDFMTPi5fqCV/MP6/yOjP61ZMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvRmhBSU1VeE0tTGwtb0pYOHdfcl9JNk1fclZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRblMA0G
CSqGSIb3DQEBCwUAA4IBAQCTAexXvHktFZNWqH/rXI4hSGo9IheV82HK96Is7t1d
2/lEJFUbanN9gDFL4cceVz0cYPYjIpPqzha+xmVXZ7XD9NUyAbn83t2P8Zdh2saa
c80l8pHf/sfvFYeguQYVweUIer5N5h7C63mq+rKEqvolkhvZcX0JM74rROn3HS6I
od7brtfaLJFCMoiezwT1NEFLnyE9hcUld+USZeCwz0q34fW5LMnKj607XI7ebs+w
EH/voGJUJX8ABcRHCWKAPGElNHldZ+t4RD+90XTpHNKmDQYbF+RIDti7zr6XrhNt
dd6EltXrVbxvw0te3cbyDde8dNL4148lWNqe2Z/qQLfI
-----END CERTIFICATE-----