This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_xVkrUedo2BlTf2yVRcNixO70fU.roa
File:                     _xVkrUedo2BlTf2yVRcNixO70fU.roa (raw, json)
Hash identifier:          XWlnQ9LpA++K4KyrXTVlrtrb25pSBUMvSNc5QyzpVek=
Subject key identifier:   FF:15:64:AD:47:9D:A3:60:65:4D:FD:B2:55:17:0D:8B:13:BB:D1:F5
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B7B360502B27861BB39280E0B3EC90553
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_xVkrUedo2BlTf2yVRcNixO70fU.roa
Signing time:             Thu 01 Jan 2026 20:18:16 +0000
ROA not before:           Thu 01 Jan 2026 20:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133929
IP address blocks:        185.243.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:05:02:b2:78:61:bb:39:28:0e:0b:3e:c9:05:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  1 20:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff1564ad479da360654dfdb255170d8b13bbd1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:30:16:e5:f8:77:1f:8d:87:94:bf:43:75:eb:
                    03:2e:05:d9:15:dd:7e:4f:04:02:cf:de:59:a8:a9:
                    6e:da:79:47:78:ae:e8:e9:9a:09:ea:a3:6d:11:5f:
                    e1:25:1e:c5:17:ac:57:c3:2f:6c:94:ba:11:b5:d3:
                    15:ab:2a:55:c4:36:fd:aa:fc:39:80:d2:80:e3:6e:
                    4a:b8:f3:6e:26:3f:1a:75:f0:6e:e8:20:db:71:8d:
                    18:f0:39:8a:58:7a:66:bb:84:66:0b:04:7c:5f:86:
                    db:f5:94:9b:5c:cf:8e:6c:de:8b:9e:ab:fd:ca:1f:
                    63:9e:c3:ad:4e:8a:09:4d:dc:e7:a4:ae:ba:fb:d7:
                    fa:f7:c2:84:6b:58:20:a4:11:d9:65:6f:2d:52:7f:
                    a7:8b:7d:a5:ff:3e:87:7c:1c:bd:1f:de:2a:a1:1d:
                    84:b3:6c:99:9e:79:04:20:35:ea:57:3c:f7:25:45:
                    ac:02:30:14:d6:7d:82:27:1a:89:64:64:d6:99:d0:
                    22:53:2b:da:6d:bb:ce:f8:24:30:b2:83:6b:da:d4:
                    c9:3a:2a:7b:23:dd:c1:7b:83:22:80:29:91:bf:3d:
                    cb:8f:35:a6:a8:7e:83:a8:de:11:89:48:b2:1d:d1:
                    3f:5e:33:20:cb:9c:ed:07:89:92:12:54:36:33:74:
                    a5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:15:64:AD:47:9D:A3:60:65:4D:FD:B2:55:17:0D:8B:13:BB:D1:F5
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_xVkrUedo2BlTf2yVRcNixO70fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9e:d3:fd:21:72:0c:69:19:46:c2:ab:db:7f:9b:76:1c:26:
         c7:36:c3:c4:d3:dc:ed:d6:01:16:ab:4f:28:6a:7a:05:f4:05:
         43:6d:cf:3a:21:b3:81:76:58:2c:f4:e3:cb:51:4b:f3:de:9b:
         fd:14:08:37:01:ca:37:b7:8b:52:df:72:10:0b:43:37:dc:81:
         b6:a4:a5:59:a3:84:4f:2d:9a:5a:dd:64:bb:66:a1:46:c0:5b:
         74:55:65:8f:8e:27:77:bc:1e:be:94:e2:1a:15:d4:e6:6f:d4:
         d9:8f:6d:27:21:17:91:10:4a:21:bb:4e:20:06:94:13:b1:c8:
         49:50:15:ea:bd:45:74:ca:86:1f:06:6a:40:a4:a2:00:2d:0b:
         ee:3b:e1:75:b9:41:69:3f:98:20:1f:75:de:b3:14:ee:26:c0:
         d1:49:da:9b:92:09:5f:36:00:5f:c1:fd:d1:18:d8:62:b0:d2:
         5d:3a:ae:00:d5:d4:49:a4:03:40:60:6b:33:49:53:e3:32:ae:
         bd:4e:a0:87:49:71:b5:97:75:1b:25:90:9c:2e:29:af:4a:9b:
         99:ec:04:e8:c5:5a:91:e2:bf:75:7c:45:8d:26:06:5d:23:ae:
         a3:cb:99:98:47:5c:fd:7d:ec:12:f3:db:97:39:f4:59:c1:6e:
         5a:0d:5c:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NgUCsnhhuzkoDgs+yQVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTAxMjAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE1NjRhZDQ3OWRhMzYwNjU0ZGZkYjI1NTE3MGQ4YjEzYmJkMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzAW5fh3H42HlL9DdesDLgXZFd1+
TwQCz95ZqKlu2nlHeK7o6ZoJ6qNtEV/hJR7FF6xXwy9slLoRtdMVqypVxDb9qvw5
gNKA425KuPNuJj8adfBu6CDbcY0Y8DmKWHpmu4RmCwR8X4bb9ZSbXM+ObN6Lnqv9
yh9jnsOtTooJTdznpK66+9f698KEa1ggpBHZZW8tUn+ni32l/z6HfBy9H94qoR2E
s2yZnnkEIDXqVzz3JUWsAjAU1n2CJxqJZGTWmdAiUyvabbvO+CQwsoNr2tTJOip7
I93Be4MigCmRvz3LjzWmqH6DqN4RiUiyHdE/XjMgy5ztB4mSElQ2M3SlhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8VZK1HnaNgZU39slUXDYsTu9H1MB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvX3hWa3JVZWRvMkJsVGYyeVZSY05peE83MGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMGMA0G
CSqGSIb3DQEBCwUAA4IBAQAontP9IXIMaRlGwqvbf5t2HCbHNsPE09zt1gEWq08o
anoF9AVDbc86IbOBdlgs9OPLUUvz3pv9FAg3Aco3t4tS33IQC0M33IG2pKVZo4RP
LZpa3WS7ZqFGwFt0VWWPjid3vB6+lOIaFdTmb9TZj20nIReREEohu04gBpQTschJ
UBXqvUV0yoYfBmpApKIALQvuO+F1uUFpP5ggH3XesxTuJsDRSdqbkglfNgBfwf3R
GNhisNJdOq4A1dRJpANAYGszSVPjMq69TqCHSXG1l3UbJZCcLimvSpuZ7AToxVqR
4r91fEWNJgZdI66jy5mYR1z9fewS89uXOfRZwW5aDVxE
-----END CERTIFICATE-----