This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/8dWVecaIxfKIjwRXWLlOpoyXF14.roa
File:                     8dWVecaIxfKIjwRXWLlOpoyXF14.roa (raw, json)
Hash identifier:          jPnLwFVsLz62bJAhbBOBBR/wCFFQ27PJG+odr0mpoMM=
Subject key identifier:   F1:D5:95:79:C6:88:C5:F2:88:8F:04:57:58:B9:4E:A6:8C:97:17:5E
Certificate issuer:       /CN=7977e4e2c2aa26c10d071fa1045c131e6d160f70
Certificate serial:       019AC60E774314E5DF60B16F68A3B5C39A18
Authority key identifier: 79:77:E4:E2:C2:AA:26:C1:0D:07:1F:A1:04:5C:13:1E:6D:16:0F:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/8dWVecaIxfKIjwRXWLlOpoyXF14.roa
Signing time:             Thu 27 Nov 2025 16:03:48 +0000
ROA not before:           Thu 27 Nov 2025 16:03:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.229.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 00:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c6:0e:77:43:14:e5:df:60:b1:6f:68:a3:b5:c3:9a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7977e4e2c2aa26c10d071fa1045c131e6d160f70
        Validity
            Not Before: Nov 27 16:03:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1d59579c688c5f2888f045758b94ea68c97175e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cd:58:a0:20:89:fb:8b:95:9d:66:d4:e0:24:
                    e2:4c:2d:81:22:04:01:3e:bb:91:22:95:22:91:c7:
                    21:e6:ed:64:e7:73:a2:40:73:50:83:25:89:ae:bb:
                    5e:55:22:64:9c:86:70:e7:96:86:56:58:8a:d1:49:
                    46:e0:02:43:e9:ff:30:a9:d1:ee:10:25:75:31:7e:
                    9d:91:11:ec:99:9a:90:fc:08:6f:f5:c0:ad:ac:6a:
                    6e:16:f6:7c:3b:57:05:f8:25:17:97:42:f9:9e:d9:
                    76:cc:02:a4:fd:4a:bd:bd:3f:01:02:b5:75:8e:c4:
                    87:1c:c4:b8:90:36:98:e3:d0:9c:8c:b5:0a:f9:c4:
                    06:98:f7:75:3e:41:3c:06:3f:f3:8e:a3:83:bb:1a:
                    74:41:fc:02:2b:c2:2b:6f:ab:4c:2f:ed:80:43:e1:
                    17:69:aa:64:de:6d:f5:60:40:80:97:e3:80:ab:83:
                    9f:20:d8:90:86:ec:da:35:3d:66:aa:91:bb:84:26:
                    6a:bd:20:9b:aa:ce:78:b6:9e:d6:1a:53:dc:72:a6:
                    76:af:69:86:91:bd:85:78:8e:34:13:72:d1:c8:9b:
                    84:4c:1b:ca:3d:78:c7:78:9e:52:76:04:c9:5f:07:
                    3c:e4:99:77:e2:23:c0:ec:68:89:1c:f5:41:5d:0c:
                    1d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D5:95:79:C6:88:C5:F2:88:8F:04:57:58:B9:4E:A6:8C:97:17:5E
            X509v3 Authority Key Identifier:
                keyid:79:77:E4:E2:C2:AA:26:C1:0D:07:1F:A1:04:5C:13:1E:6D:16:0F:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/8dWVecaIxfKIjwRXWLlOpoyXF14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:85:f1:a5:f3:6e:10:00:7a:c4:28:16:bd:9a:20:2b:67:a8:
         5f:93:ef:86:be:b0:2b:6e:dc:ba:88:f1:d0:f6:41:b7:06:94:
         57:52:91:3b:48:48:b1:5b:48:9b:0c:08:31:56:ab:c3:de:55:
         e5:c0:e3:42:8b:35:d7:cb:0c:10:fe:2c:22:66:09:f3:21:6c:
         c5:ac:f1:d4:8d:00:7d:34:53:4a:fb:95:a0:dd:bd:1f:a8:01:
         06:98:16:13:79:71:99:c0:9d:8b:ae:10:d3:d8:4e:0c:4f:82:
         87:66:66:55:4f:f8:bc:ec:8d:65:4a:37:3d:7e:5e:49:b0:02:
         05:1d:81:c5:e1:d5:5d:77:9c:58:8b:a2:1f:ae:39:14:4c:41:
         1f:1a:a6:73:2b:e2:cd:f5:7d:ad:b0:a8:5f:30:dc:5c:8e:62:
         99:71:b9:4a:41:b3:d1:b6:ca:da:98:3a:16:e4:6c:bd:8f:3d:
         96:a4:8f:25:97:9b:2c:fb:ab:0c:cd:47:b5:5b:61:73:a4:5c:
         d5:b2:6b:d4:9d:f0:90:7e:96:b3:eb:ca:0a:90:33:01:29:cd:
         e6:70:6c:5e:c4:09:08:52:4f:5c:3b:9e:c3:5a:c6:bf:4f:2a:
         ab:e4:1e:d7:af:71:13:35:8f:95:7a:14:c2:4f:ed:1a:63:c2:
         4f:df:77:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrGDndDFOXfYLFvaKO1w5oYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzdlNGUyYzJhYTI2YzEwZDA3MWZhMTA0NWMxMzFlNmQx
NjBmNzAwHhcNMjUxMTI3MTYwMzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ1OTU3OWM2ODhjNWYyODg4ZjA0NTc1OGI5NGVhNjhjOTcxNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc1YoCCJ+4uVnWbU4CTiTC2BIgQB
PruRIpUikcch5u1k53OiQHNQgyWJrrteVSJknIZw55aGVliK0UlG4AJD6f8wqdHu
ECV1MX6dkRHsmZqQ/Ahv9cCtrGpuFvZ8O1cF+CUXl0L5ntl2zAKk/Uq9vT8BArV1
jsSHHMS4kDaY49CcjLUK+cQGmPd1PkE8Bj/zjqODuxp0QfwCK8Irb6tML+2AQ+EX
aapk3m31YECAl+OAq4OfINiQhuzaNT1mqpG7hCZqvSCbqs54tp7WGlPccqZ2r2mG
kb2FeI40E3LRyJuETBvKPXjHeJ5SdgTJXwc85Jl34iPA7GiJHPVBXQwd/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHVlXnGiMXyiI8EV1i5TqaMlxdeMB8GA1UdIwQY
MBaAFHl35OLCqibBDQcfoQRcEx5tFg9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhmazRzS3FKc0VOQngtaEJGd1RIbTBXRDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS82NzE3ZDktODY3MS00YzYwLThmZDkt
MjIxNmMzOTU3NTk4LzEvOGRXVmVjYUl4ZktJandSWFdMbE9wb3lYRjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS82NzE3ZDktODY3MS00YzYwLThmZDktMjIxNmMzOTU3NTk4
LzEvZVhmazRzS3FKc0VOQngtaEJGd1RIbTBXRDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXOMA0G
CSqGSIb3DQEBCwUAA4IBAQCWhfGl824QAHrEKBa9miArZ6hfk++GvrArbty6iPHQ
9kG3BpRXUpE7SEixW0ibDAgxVqvD3lXlwONCizXXywwQ/iwiZgnzIWzFrPHUjQB9
NFNK+5Wg3b0fqAEGmBYTeXGZwJ2LrhDT2E4MT4KHZmZVT/i87I1lSjc9fl5JsAIF
HYHF4dVdd5xYi6IfrjkUTEEfGqZzK+LN9X2tsKhfMNxcjmKZcblKQbPRtsramDoW
5Gy9jz2WpI8ll5ss+6sMzUe1W2FzpFzVsmvUnfCQfpaz68oKkDMBKc3mcGxexAkI
Uk9cO57DWsa/Tyqr5B7Xr3ETNY+VehTCT+0aY8JP33cj
-----END CERTIFICATE-----