This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/fgkPvFZ2_f_B8Kes99MALTJ_h0M.roa
File:                     fgkPvFZ2_f_B8Kes99MALTJ_h0M.roa (raw, json)
Hash identifier:          he1XePUMYZj0hBporE6i0fgZ6VJq2FNLflajrVKGWrY=
Subject key identifier:   7E:09:0F:BC:56:76:FD:FF:C1:F0:A7:AC:F7:D3:00:2D:32:7F:87:43
Certificate issuer:       /CN=5ada11556399e28fc55dab3ba07868ff491c6fb8
Certificate serial:       019B7DCABD92B32C2878567512D97905058E
Authority key identifier: 5A:DA:11:55:63:99:E2:8F:C5:5D:AB:3B:A0:78:68:FF:49:1C:6F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/fgkPvFZ2_f_B8Kes99MALTJ_h0M.roa
Signing time:             Fri 02 Jan 2026 08:19:57 +0000
ROA not before:           Fri 02 Jan 2026 08:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56636
IP address blocks:        185.217.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:bd:92:b3:2c:28:78:56:75:12:d9:79:05:05:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ada11556399e28fc55dab3ba07868ff491c6fb8
        Validity
            Not Before: Jan  2 08:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e090fbc5676fdffc1f0a7acf7d3002d327f8743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1d:4c:8a:79:97:a7:84:9f:98:d0:72:89:e4:
                    9b:c1:18:21:e1:56:f4:9a:fa:f1:4e:13:58:92:44:
                    f7:27:f8:f3:d6:0b:6b:04:cf:6b:36:0a:06:12:59:
                    e7:e3:81:24:9a:9f:4a:ff:be:53:85:c7:e0:e1:a0:
                    75:c2:d6:4a:39:9c:e3:c8:de:ec:59:c1:4b:9e:ba:
                    ab:0d:a2:4b:fe:30:fc:2f:cc:00:3d:66:37:fa:d9:
                    e9:aa:b8:c6:3d:32:11:36:06:b2:47:d3:de:e3:de:
                    e1:95:56:b1:e0:b9:a6:1b:03:b9:61:77:0e:65:62:
                    ec:d1:66:31:98:aa:5e:0b:2d:a1:0b:ba:ce:f3:61:
                    8b:d1:f7:c8:3e:1a:e9:ce:9d:2f:2b:6f:5e:6b:f5:
                    04:42:6b:03:81:f5:bc:ce:31:a0:6e:b7:cb:0f:23:
                    e7:7e:69:03:12:2a:80:e3:52:41:50:cf:1f:62:00:
                    39:1d:07:90:b0:93:ff:f6:fb:64:03:27:c7:90:49:
                    af:51:19:6f:f0:4d:22:90:a8:57:67:a6:f9:9e:3a:
                    5e:e3:e4:9a:d0:be:31:00:a4:68:58:82:42:78:6e:
                    6d:92:36:1d:00:19:f6:f3:0c:60:66:84:f1:e4:c0:
                    cc:f0:7f:66:4b:8a:e8:b2:42:e2:f3:84:4a:97:71:
                    d8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:09:0F:BC:56:76:FD:FF:C1:F0:A7:AC:F7:D3:00:2D:32:7F:87:43
            X509v3 Authority Key Identifier:
                keyid:5A:DA:11:55:63:99:E2:8F:C5:5D:AB:3B:A0:78:68:FF:49:1C:6F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtoRVWOZ4o_FXas7oHho_0kcb7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/fgkPvFZ2_f_B8Kes99MALTJ_h0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/812357-3d70-468e-b044-84afeaabb373/1/WtoRVWOZ4o_FXas7oHho_0kcb7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:01:cf:ea:06:86:78:58:5d:54:cf:ee:82:37:e1:20:77:d3:
         0a:5e:cd:5f:72:e1:7f:0c:9e:70:70:08:52:51:de:e5:8d:90:
         76:99:a4:12:af:66:26:41:e1:b0:7a:12:10:ba:85:9a:2e:eb:
         a9:fa:f6:1d:2d:d6:aa:db:4e:d4:9a:f1:ce:58:fc:bc:77:d5:
         37:32:28:a8:a3:c6:cd:7e:b1:ab:b0:b7:47:b2:fd:45:e7:f5:
         9c:6f:5b:2e:74:04:67:cb:c4:7f:81:ae:b6:d6:40:e4:1d:36:
         fd:6c:c1:23:c1:40:6d:9a:08:87:6b:10:00:d6:d9:7a:4a:ea:
         24:2f:de:b5:ba:83:45:ce:da:d3:09:a2:9f:bc:89:c7:a9:2a:
         c1:e1:7f:fe:0e:2c:57:15:76:b8:d2:b0:d5:98:6c:8b:38:a1:
         9d:7b:3a:26:54:7b:c2:43:6b:ff:41:86:c6:2f:ee:97:64:43:
         ae:89:68:b3:f5:ed:e9:75:5c:f8:55:d6:03:77:f1:f6:86:41:
         22:34:3c:7e:6c:dd:d9:10:64:e5:37:f3:e8:64:7e:8f:66:65:
         93:cf:f8:47:46:95:3f:35:c7:bb:23:67:e5:39:aa:8e:6c:8c:
         34:d3:de:18:86:ab:58:75:41:e2:6f:e8:46:d9:13:43:50:5a:
         94:94:00:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yr2SsywoeFZ1Etl5BQWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZGExMTU1NjM5OWUyOGZjNTVkYWIzYmEwNzg2OGZmNDkx
YzZmYjgwHhcNMjYwMTAyMDgxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTA5MGZiYzU2NzZmZGZmYzFmMGE3YWNmN2QzMDAyZDMyN2Y4NzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0x1MinmXp4SfmNByieSbwRgh4Vb0
mvrxThNYkkT3J/jz1gtrBM9rNgoGElnn44Ekmp9K/75Thcfg4aB1wtZKOZzjyN7s
WcFLnrqrDaJL/jD8L8wAPWY3+tnpqrjGPTIRNgayR9Pe497hlVax4LmmGwO5YXcO
ZWLs0WYxmKpeCy2hC7rO82GL0ffIPhrpzp0vK29ea/UEQmsDgfW8zjGgbrfLDyPn
fmkDEiqA41JBUM8fYgA5HQeQsJP/9vtkAyfHkEmvURlv8E0ikKhXZ6b5njpe4+Sa
0L4xAKRoWIJCeG5tkjYdABn28wxgZoTx5MDM8H9mS4roskLi84RKl3HYbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4JD7xWdv3/wfCnrPfTAC0yf4dDMB8GA1UdIwQY
MBaAFFraEVVjmeKPxV2rO6B4aP9JHG+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RvUlZXT1o0b19GWGFzN29IaG9fMGtjYjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84MTIzNTctM2Q3MC00NjhlLWIwNDQt
ODRhZmVhYWJiMzczLzEvZmdrUHZGWjJfZl9COEtlczk5TUFMVEpfaDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84MTIzNTctM2Q3MC00NjhlLWIwNDQtODRhZmVhYWJiMzcz
LzEvV3RvUlZXT1o0b19GWGFzN29IaG9fMGtjYjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudn8MA0G
CSqGSIb3DQEBCwUAA4IBAQCCAc/qBoZ4WF1Uz+6CN+Egd9MKXs1fcuF/DJ5wcAhS
Ud7ljZB2maQSr2YmQeGwehIQuoWaLuup+vYdLdaq207UmvHOWPy8d9U3Miioo8bN
frGrsLdHsv1F5/Wcb1sudARny8R/ga621kDkHTb9bMEjwUBtmgiHaxAA1tl6Suok
L961uoNFztrTCaKfvInHqSrB4X/+DixXFXa40rDVmGyLOKGdezomVHvCQ2v/QYbG
L+6XZEOuiWiz9e3pdVz4VdYDd/H2hkEiNDx+bN3ZEGTlN/PoZH6PZmWTz/hHRpU/
Nce7I2flOaqObIw0094YhqtYdUHib+hG2RNDUFqUlABP
-----END CERTIFICATE-----