This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/Zo68EoQ7mCgSR1Ac-I_gzPgJ-7g.roa
File:                     Zo68EoQ7mCgSR1Ac-I_gzPgJ-7g.roa (raw, json)
Hash identifier:          NtmGEmLHAQTVlb8f9+yZ21VR4Q8gT9lhmPzhrly9Ars=
Subject key identifier:   66:8E:BC:12:84:3B:98:28:12:47:50:1C:F8:8F:E0:CC:F8:09:FB:B8
Certificate issuer:       /CN=4ee0432f5429d861d7743bfc31d7ad019628a5eb
Certificate serial:       019B7EA59A31B7D6BC08A62B989EE8E25A69
Authority key identifier: 4E:E0:43:2F:54:29:D8:61:D7:74:3B:FC:31:D7:AD:01:96:28:A5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/Zo68EoQ7mCgSR1Ac-I_gzPgJ-7g.roa
Signing time:             Fri 02 Jan 2026 12:19:00 +0000
ROA not before:           Fri 02 Jan 2026 12:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8757
IP address blocks:        185.144.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:9a:31:b7:d6:bc:08:a6:2b:98:9e:e8:e2:5a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee0432f5429d861d7743bfc31d7ad019628a5eb
        Validity
            Not Before: Jan  2 12:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=668ebc12843b98281247501cf88fe0ccf809fbb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d2:eb:2c:87:93:74:f4:ab:84:6b:ee:ef:97:
                    56:77:d1:ab:eb:1f:54:e4:a7:f4:01:e1:0d:0f:b1:
                    9e:5f:b2:d8:1e:eb:11:b8:ee:2f:88:09:82:15:e2:
                    19:f2:f5:2f:58:f0:b0:e6:84:8b:1b:21:a9:9b:c1:
                    29:e7:f3:ca:54:fc:56:f4:1a:43:68:62:c1:0b:e2:
                    99:ba:5c:61:8e:a0:e3:c5:6a:65:60:4c:51:2c:bd:
                    b0:9b:1f:36:cf:3e:6b:fd:51:dd:6a:5a:7b:c8:89:
                    a3:a0:59:57:bd:6c:69:b0:bd:df:a7:18:04:2c:7b:
                    b0:1b:03:97:d3:f7:ae:bd:8c:db:8a:3b:cb:95:e2:
                    88:65:49:51:bf:15:9a:d4:a1:ec:e0:88:ca:cb:68:
                    e7:fb:a3:60:45:93:2c:60:cd:00:da:89:10:26:63:
                    b6:04:13:74:92:12:51:8a:0e:89:4e:ac:17:57:24:
                    e1:ab:df:c7:38:84:ee:06:44:62:f4:68:64:d4:d9:
                    ed:89:9e:df:c2:d6:0b:56:72:7e:ea:68:5b:0d:a9:
                    51:8a:2b:be:61:c2:a0:80:9a:1b:66:65:74:9c:9d:
                    0e:17:e0:ac:72:3a:0c:94:5d:21:0e:8c:f0:bd:cd:
                    8d:89:9f:fd:4a:af:c4:79:48:77:d6:ac:58:7e:ec:
                    d7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8E:BC:12:84:3B:98:28:12:47:50:1C:F8:8F:E0:CC:F8:09:FB:B8
            X509v3 Authority Key Identifier:
                keyid:4E:E0:43:2F:54:29:D8:61:D7:74:3B:FC:31:D7:AD:01:96:28:A5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuBDL1Qp2GHXdDv8MdetAZYopes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/Zo68EoQ7mCgSR1Ac-I_gzPgJ-7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b17ca4-2e2e-415a-adde-77257e04765f/1/TuBDL1Qp2GHXdDv8MdetAZYopes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:cd:18:a9:bb:63:a6:b4:cd:1e:e9:2b:c0:c7:5f:3b:09:d7:
         e5:05:20:85:f2:17:b7:7e:4c:de:57:e7:bc:c5:26:b8:e6:ca:
         cd:c6:42:5b:df:d4:9b:52:b6:2e:23:35:15:af:ad:d2:18:d0:
         1a:43:2e:05:6c:15:be:0b:64:7e:61:d7:64:84:05:e3:27:9a:
         2d:58:d6:f9:25:bc:c0:23:f1:3b:f5:08:83:fa:96:de:27:12:
         e6:12:2d:63:c6:94:57:ec:f1:97:61:f6:94:f6:c7:cc:cd:68:
         c0:c7:41:b2:72:f1:28:2c:3a:69:c1:c2:7e:68:f7:f8:12:15:
         91:d7:83:6e:6a:e6:c3:c0:4f:72:f9:a8:46:b5:43:91:de:bf:
         d1:1c:23:36:8b:25:e3:21:3e:52:80:65:6f:3a:fe:96:42:e3:
         be:15:e0:e5:7d:0f:4d:38:2e:64:e6:2e:92:c1:d1:43:cb:75:
         21:5b:5c:5a:67:a3:ac:02:42:93:71:53:ba:9d:50:47:b8:09:
         51:0b:9b:1d:4e:40:ca:2a:19:a3:68:dc:7a:07:f5:26:3b:40:
         64:c7:4d:9e:70:2e:9b:48:c7:ac:5f:7b:a3:d4:46:55:61:6d:
         2e:a6:82:67:73:2c:21:2f:9c:56:d7:75:41:83:a8:a2:b3:9d:
         2a:cb:d9:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pZoxt9a8CKYrmJ7o4lppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTA0MzJmNTQyOWQ4NjFkNzc0M2JmYzMxZDdhZDAxOTYy
OGE1ZWIwHhcNMjYwMTAyMTIxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhlYmMxMjg0M2I5ODI4MTI0NzUwMWNmODhmZTBjY2Y4MDlmYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19LrLIeTdPSrhGvu75dWd9Gr6x9U
5Kf0AeEND7GeX7LYHusRuO4viAmCFeIZ8vUvWPCw5oSLGyGpm8Ep5/PKVPxW9BpD
aGLBC+KZulxhjqDjxWplYExRLL2wmx82zz5r/VHdalp7yImjoFlXvWxpsL3fpxgE
LHuwGwOX0/euvYzbijvLleKIZUlRvxWa1KHs4IjKy2jn+6NgRZMsYM0A2okQJmO2
BBN0khJRig6JTqwXVyThq9/HOITuBkRi9Ghk1NntiZ7fwtYLVnJ+6mhbDalRiiu+
YcKggJobZmV0nJ0OF+CscjoMlF0hDozwvc2NiZ/9Sq/EeUh31qxYfuzX7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaOvBKEO5goEkdQHPiP4Mz4Cfu4MB8GA1UdIwQY
MBaAFE7gQy9UKdhh13Q7/DHXrQGWKKXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVCREwxUXAyR0hYZER2OE1kZXRBWllvcGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iMTdjYTQtMmUyZS00MTVhLWFkZGUt
NzcyNTdlMDQ3NjVmLzEvWm82OEVvUTdtQ2dTUjFBYy1JX2d6UGdKLTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iMTdjYTQtMmUyZS00MTVhLWFkZGUtNzcyNTdlMDQ3NjVm
LzEvVHVCREwxUXAyR0hYZER2OE1kZXRBWllvcGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZBUMA0G
CSqGSIb3DQEBCwUAA4IBAQC9zRipu2OmtM0e6SvAx187CdflBSCF8he3fkzeV+e8
xSa45srNxkJb39SbUrYuIzUVr63SGNAaQy4FbBW+C2R+YddkhAXjJ5otWNb5JbzA
I/E79QiD+pbeJxLmEi1jxpRX7PGXYfaU9sfMzWjAx0GycvEoLDppwcJ+aPf4EhWR
14NuaubDwE9y+ahGtUOR3r/RHCM2iyXjIT5SgGVvOv6WQuO+FeDlfQ9NOC5k5i6S
wdFDy3UhW1xaZ6OsAkKTcVO6nVBHuAlRC5sdTkDKKhmjaNx6B/UmO0Bkx02ecC6b
SMesX3uj1EZVYW0upoJncywhL5xW13VBg6iis50qy9ke
-----END CERTIFICATE-----