This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/C8ndRUP4mG5i6Z7S5iDRwDHVA7s.roa
File:                     C8ndRUP4mG5i6Z7S5iDRwDHVA7s.roa (raw, json)
Hash identifier:          x5nMtbiYKs0LuaiMOIAvyWWd3XFr7UWf1LhYWiYg0uo=
Subject key identifier:   0B:C9:DD:45:43:F8:98:6E:62:E9:9E:D2:E6:20:D1:C0:31:D5:03:BB
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019B797EF91639554121B4D16C3B663228DA
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/C8ndRUP4mG5i6Z7S5iDRwDHVA7s.roa
Signing time:             Thu 01 Jan 2026 12:18:42 +0000
ROA not before:           Thu 01 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43641
IP address blocks:        185.36.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f9:16:39:55:41:21:b4:d1:6c:3b:66:32:28:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jan  1 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0bc9dd4543f8986e62e99ed2e620d1c031d503bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:81:c8:90:58:59:a3:e2:3c:91:8d:54:79:b7:
                    d1:65:53:7c:13:ea:e0:b9:bf:b9:d6:5c:a4:00:77:
                    6a:17:b8:9f:dd:7a:5c:c7:ab:ba:74:b4:2f:9e:37:
                    9d:00:35:f4:1c:19:37:d8:4e:ae:ed:43:31:f0:85:
                    cf:a0:6f:a8:af:a0:71:5d:85:6c:ce:d9:83:50:4b:
                    f0:68:88:60:fe:fa:e2:1b:d0:71:bb:cd:7d:5b:e9:
                    84:ad:36:20:aa:f6:18:c4:26:85:9c:c9:3a:a1:1e:
                    41:20:7b:33:13:76:2f:8a:41:4f:08:ca:93:27:4b:
                    52:24:cc:9e:38:48:66:17:56:f5:ab:99:6a:2d:a6:
                    85:ed:e9:a2:15:d2:c5:f9:d1:e5:d0:0e:10:ee:47:
                    43:b3:6d:f6:77:63:5c:3a:1b:d7:f7:c1:9b:36:f3:
                    9f:fb:65:57:e2:eb:b8:43:7b:58:7f:ca:5a:fd:c3:
                    92:cc:58:0b:d0:74:d7:8a:be:3a:c7:f1:34:d5:2c:
                    82:43:e5:e3:ec:59:13:f9:43:9e:20:9b:ec:d3:7c:
                    8d:69:d4:7c:49:4d:92:04:f7:f9:7b:92:48:3d:52:
                    47:8d:59:7f:0d:cb:d8:33:23:0b:00:f3:c9:a5:eb:
                    98:cd:29:2d:40:20:e7:bb:4d:20:6a:ca:49:48:c0:
                    61:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C9:DD:45:43:F8:98:6E:62:E9:9E:D2:E6:20:D1:C0:31:D5:03:BB
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/C8ndRUP4mG5i6Z7S5iDRwDHVA7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b0:18:bf:c2:8e:7f:7a:46:9b:ee:00:1f:17:b3:7a:73:85:
         05:97:2a:94:3b:4a:25:af:95:ad:e6:28:54:32:5b:2a:12:ec:
         06:be:c3:b2:ad:29:cc:bc:67:cd:c2:45:23:c2:f1:6c:c3:8e:
         22:f3:1f:c0:7d:85:36:a3:16:32:9b:06:a2:c6:bc:3d:ae:7e:
         50:c6:26:b5:e9:11:b2:17:6f:a9:f3:c2:43:ad:23:90:be:37:
         d7:ca:96:8e:17:21:fd:60:3b:43:cf:1e:a9:75:52:3a:54:e4:
         52:99:5d:a7:98:c6:62:e9:9f:87:6f:de:3b:a2:3c:8d:b8:f0:
         82:b8:40:b3:d6:8d:3c:83:c9:8d:92:90:6d:10:d6:82:6f:00:
         16:13:95:f7:82:90:41:66:4f:40:46:e0:35:07:8c:1d:37:1a:
         30:eb:34:b4:9a:f1:38:44:05:4d:24:42:42:51:12:a1:30:29:
         ca:69:2f:1d:3d:c6:06:18:20:52:2f:96:c8:e4:24:b1:6a:ab:
         d7:34:a9:31:2e:be:bb:4e:40:57:94:94:2b:2d:0b:89:74:e4:
         16:75:25:3f:33:81:90:5c:40:8b:db:52:b0:b0:0b:f3:38:8c:
         5d:0e:9d:63:02:cf:50:b3:50:91:a6:6b:a7:3f:0a:76:4e:ff:
         26:b2:32:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvkWOVVBIbTRbDtmMijaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjYwMTAxMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM5ZGQ0NTQzZjg5ODZlNjJlOTllZDJlNjIwZDFjMDMxZDUwM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooHIkFhZo+I8kY1UebfRZVN8E+rg
ub+51lykAHdqF7if3Xpcx6u6dLQvnjedADX0HBk32E6u7UMx8IXPoG+or6BxXYVs
ztmDUEvwaIhg/vriG9Bxu819W+mErTYgqvYYxCaFnMk6oR5BIHszE3YvikFPCMqT
J0tSJMyeOEhmF1b1q5lqLaaF7emiFdLF+dHl0A4Q7kdDs232d2NcOhvX98GbNvOf
+2VX4uu4Q3tYf8pa/cOSzFgL0HTXir46x/E01SyCQ+Xj7FkT+UOeIJvs03yNadR8
SU2SBPf5e5JIPVJHjVl/DcvYMyMLAPPJpeuYzSktQCDnu00gaspJSMBhDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvJ3UVD+JhuYume0uYg0cAx1QO7MB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvQzhuZFJVUDRtRzVpNlo3UzVpRFJ3REhWQTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR8MA0G
CSqGSIb3DQEBCwUAA4IBAQCJsBi/wo5/ekab7gAfF7N6c4UFlyqUO0olr5Wt5ihU
MlsqEuwGvsOyrSnMvGfNwkUjwvFsw44i8x/AfYU2oxYymwaixrw9rn5Qxia16RGy
F2+p88JDrSOQvjfXypaOFyH9YDtDzx6pdVI6VORSmV2nmMZi6Z+Hb947ojyNuPCC
uECz1o08g8mNkpBtENaCbwAWE5X3gpBBZk9ARuA1B4wdNxow6zS0mvE4RAVNJEJC
URKhMCnKaS8dPcYGGCBSL5bI5CSxaqvXNKkxLr67TkBXlJQrLQuJdOQWdSU/M4GQ
XECL21KwsAvzOIxdDp1jAs9Qs1CRpmunPwp2Tv8msjIQ
-----END CERTIFICATE-----