This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/Fw8PMiL8XbMvdKq8X17Je2tMF2E.roa
File:                     Fw8PMiL8XbMvdKq8X17Je2tMF2E.roa (raw, json)
Hash identifier:          NpJsXlY3046ddjEeyCOq10eq8sScmSmiV1XiKlKV9B0=
Subject key identifier:   17:0F:0F:32:22:FC:5D:B3:2F:74:AA:BC:5F:5E:C9:7B:6B:4C:17:61
Certificate issuer:       /CN=7977e4e2c2aa26c10d071fa1045c131e6d160f70
Certificate serial:       019B79ED10003F92C3FC19E794A79FD06A04
Authority key identifier: 79:77:E4:E2:C2:AA:26:C1:0D:07:1F:A1:04:5C:13:1E:6D:16:0F:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/Fw8PMiL8XbMvdKq8X17Je2tMF2E.roa
Signing time:             Thu 01 Jan 2026 14:18:57 +0000
ROA not before:           Thu 01 Jan 2026 14:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        185.229.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:10:00:3f:92:c3:fc:19:e7:94:a7:9f:d0:6a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7977e4e2c2aa26c10d071fa1045c131e6d160f70
        Validity
            Not Before: Jan  1 14:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=170f0f3222fc5db32f74aabc5f5ec97b6b4c1761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c3:99:f0:ef:93:8d:d2:b0:14:f7:c8:e3:07:
                    6b:4a:35:97:f3:f0:4c:70:5a:4c:6d:49:85:9d:1a:
                    2f:a0:c0:2a:cd:52:63:85:69:2a:c3:a5:71:91:0c:
                    29:da:db:2e:d5:91:a5:2f:b3:f3:8a:6d:51:2e:f1:
                    5b:dd:12:94:96:da:52:02:5b:65:d1:e3:bf:ce:b2:
                    31:da:33:71:b8:cc:aa:5b:d1:04:85:dc:c7:ad:4b:
                    e3:78:15:7e:29:0d:b5:8d:6f:db:a5:c0:5b:b4:1f:
                    1e:37:7a:76:61:04:ee:69:b0:af:e6:d4:41:04:94:
                    ee:99:62:21:10:e2:e0:3e:13:79:b6:a0:2c:61:27:
                    de:d3:5c:fc:c2:7a:83:68:29:00:02:ec:a9:f6:7a:
                    15:5d:f4:fc:42:cd:d6:37:e0:d5:0e:c7:35:1b:8a:
                    a4:a0:39:64:42:87:8a:c3:c0:2d:05:6b:73:99:39:
                    06:0d:d5:22:aa:d0:b7:42:ad:a9:61:43:69:c9:eb:
                    35:eb:53:2f:9f:2f:94:20:11:c4:a9:73:8a:3d:c3:
                    87:be:ce:ac:a7:fa:d7:c8:06:0b:b6:1c:7c:08:c0:
                    e0:f9:b0:47:b9:07:7c:08:45:03:4c:69:00:26:2e:
                    82:b8:1a:90:16:4a:76:da:1b:d7:3c:a8:bb:c0:30:
                    2d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0F:0F:32:22:FC:5D:B3:2F:74:AA:BC:5F:5E:C9:7B:6B:4C:17:61
            X509v3 Authority Key Identifier:
                keyid:79:77:E4:E2:C2:AA:26:C1:0D:07:1F:A1:04:5C:13:1E:6D:16:0F:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXfk4sKqJsENBx-hBFwTHm0WD3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/Fw8PMiL8XbMvdKq8X17Je2tMF2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/6717d9-8671-4c60-8fd9-2216c3957598/1/eXfk4sKqJsENBx-hBFwTHm0WD3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1b:1b:17:04:c7:f6:91:bc:be:e3:8f:3d:cb:9d:d7:e7:eb:
         30:a0:69:3f:2c:7c:1a:f6:88:86:88:41:ce:54:28:18:41:c8:
         bb:5a:4c:71:5a:b1:a7:cd:50:aa:c0:1d:36:cb:30:cc:19:d4:
         d8:1c:72:2d:a1:e3:5e:0f:f6:1d:3d:aa:c0:e5:df:3a:90:92:
         f6:86:2f:39:e9:6c:05:cd:1c:51:85:87:a8:65:8a:f3:be:ae:
         d7:96:ac:49:62:0f:17:5f:bc:91:bd:6e:a7:36:bc:99:af:9e:
         b0:21:e8:3f:ba:c8:cd:72:10:a2:ff:9a:6a:60:ed:27:1d:ce:
         67:73:3d:d7:5c:90:5b:29:b4:02:e3:a2:62:e7:f1:80:98:85:
         5d:81:71:f5:94:a5:70:d7:2b:a4:86:8f:3f:51:10:ab:76:05:
         a2:77:7b:19:c3:b2:da:cb:3f:a0:a0:ab:7c:7d:e5:39:5b:92:
         42:a3:e4:9e:36:98:83:35:99:b8:30:a0:d2:78:20:3a:4e:92:
         a5:7c:38:9d:3f:5a:0b:85:78:ff:90:0f:d0:7b:8e:d9:81:ea:
         20:25:ff:8d:79:ae:27:1d:63:b4:4d:ab:5e:5a:72:c4:9b:93:
         03:e7:0a:0e:87:02:cc:ed:23:dc:71:b2:3d:cf:f7:de:20:21:
         e7:3f:05:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RAAP5LD/BnnlKef0GoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzdlNGUyYzJhYTI2YzEwZDA3MWZhMTA0NWMxMzFlNmQx
NjBmNzAwHhcNMjYwMTAxMTQxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzBmMGYzMjIyZmM1ZGIzMmY3NGFhYmM1ZjVlYzk3YjZiNGMxNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMOZ8O+TjdKwFPfI4wdrSjWX8/BM
cFpMbUmFnRovoMAqzVJjhWkqw6VxkQwp2tsu1ZGlL7Pzim1RLvFb3RKUltpSAltl
0eO/zrIx2jNxuMyqW9EEhdzHrUvjeBV+KQ21jW/bpcBbtB8eN3p2YQTuabCv5tRB
BJTumWIhEOLgPhN5tqAsYSfe01z8wnqDaCkAAuyp9noVXfT8Qs3WN+DVDsc1G4qk
oDlkQoeKw8AtBWtzmTkGDdUiqtC3Qq2pYUNpyes161Mvny+UIBHEqXOKPcOHvs6s
p/rXyAYLthx8CMDg+bBHuQd8CEUDTGkAJi6CuBqQFkp22hvXPKi7wDAthwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcPDzIi/F2zL3SqvF9eyXtrTBdhMB8GA1UdIwQY
MBaAFHl35OLCqibBDQcfoQRcEx5tFg9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhmazRzS3FKc0VOQngtaEJGd1RIbTBXRDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS82NzE3ZDktODY3MS00YzYwLThmZDkt
MjIxNmMzOTU3NTk4LzEvRnc4UE1pTDhYYk12ZEtxOFgxN0plMnRNRjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS82NzE3ZDktODY3MS00YzYwLThmZDktMjIxNmMzOTU3NTk4
LzEvZVhmazRzS3FKc0VOQngtaEJGd1RIbTBXRDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXOMA0G
CSqGSIb3DQEBCwUAA4IBAQBkGxsXBMf2kby+4489y53X5+swoGk/LHwa9oiGiEHO
VCgYQci7WkxxWrGnzVCqwB02yzDMGdTYHHItoeNeD/YdParA5d86kJL2hi856WwF
zRxRhYeoZYrzvq7XlqxJYg8XX7yRvW6nNryZr56wIeg/usjNchCi/5pqYO0nHc5n
cz3XXJBbKbQC46Ji5/GAmIVdgXH1lKVw1yukho8/URCrdgWid3sZw7Layz+goKt8
feU5W5JCo+SeNpiDNZm4MKDSeCA6TpKlfDidP1oLhXj/kA/Qe47ZgeogJf+Nea4n
HWO0TateWnLEm5MD5woOhwLM7SPccbI9z/feICHnPwWX
-----END CERTIFICATE-----