This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TOJTP6aCIyuU9ChbFBfsnXxD-H8.roa
File:                     TOJTP6aCIyuU9ChbFBfsnXxD-H8.roa (raw, json)
Hash identifier:          a0O5BeY+ZsE5IBWsB/+wo5KKrtn3Xpq59mEWhjnM8ek=
Subject key identifier:   4C:E2:53:3F:A6:82:23:2B:94:F4:28:5B:14:17:EC:9D:7C:43:F8:7F
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B775905FB2AF10722B776BB86191B3E38
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TOJTP6aCIyuU9ChbFBfsnXxD-H8.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202385
IP address blocks:        85.31.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:05:fb:2a:f1:07:22:b7:76:bb:86:19:1b:3e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ce2533fa682232b94f4285b1417ec9d7c43f87f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5f:84:64:7a:d0:ba:34:a0:0c:85:00:8b:32:
                    27:f9:4b:28:14:77:31:29:79:f9:81:b2:fd:22:04:
                    85:1b:34:40:8c:a7:38:ff:94:98:d7:b7:1b:a0:1b:
                    6c:6d:09:53:57:79:b0:8f:85:ef:62:a1:82:76:f9:
                    9a:fd:f5:4b:25:86:bb:9c:af:a6:31:93:ca:30:df:
                    bf:b4:70:e5:bc:d9:b0:ae:ac:ca:1f:f1:c2:ce:a0:
                    fc:77:45:91:00:d1:5f:ab:d9:f8:e1:8a:74:63:b9:
                    cd:dd:69:d9:66:e9:5f:cf:50:77:94:92:c5:48:39:
                    53:86:b5:d9:b3:6e:ed:e9:43:9a:97:f2:04:ec:a4:
                    32:c6:f1:9a:4f:5d:18:55:bc:a5:58:11:7c:bf:3b:
                    ea:09:b8:a3:5b:40:5c:fa:ef:89:e8:37:a7:ec:52:
                    bd:85:f9:ef:99:e4:42:3b:3c:be:8a:ef:d8:19:b5:
                    e3:81:0f:73:57:61:06:01:42:01:31:33:71:60:f4:
                    f7:56:8b:12:f0:6d:52:8f:78:24:6a:58:ba:33:35:
                    a4:b6:9e:a6:25:ac:6e:39:5b:e9:b5:7b:7e:ed:61:
                    38:d5:88:54:78:43:45:a5:25:11:16:fb:bb:66:83:
                    48:61:ce:2f:01:10:e9:a5:41:46:b7:da:c7:91:a9:
                    4a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E2:53:3F:A6:82:23:2B:94:F4:28:5B:14:17:EC:9D:7C:43:F8:7F
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/TOJTP6aCIyuU9ChbFBfsnXxD-H8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:9f:7b:58:06:a3:6a:aa:bb:d3:e8:33:74:25:d9:ec:85:2d:
         05:9a:84:f7:d6:f7:ed:b0:06:a8:87:a9:54:d7:bd:3b:27:f7:
         f2:5b:03:d1:9d:8c:46:72:d1:1a:6a:46:30:15:f1:4b:40:18:
         bc:68:c9:75:77:50:f3:94:40:97:ec:54:5b:37:0d:eb:e6:c9:
         46:e2:45:c1:79:e4:3b:cb:a4:d4:76:ad:36:9b:6c:0f:c1:2d:
         92:4a:a7:60:cb:9e:68:d7:a2:77:3e:f8:03:2c:2f:3b:c1:57:
         ac:bc:50:95:56:06:33:e9:99:a1:dd:ab:89:b3:f0:2a:7c:d6:
         47:e1:1d:2b:43:c6:23:db:85:94:92:ae:c8:84:ca:75:f4:a3:
         5e:16:e9:f1:32:13:6c:a9:7d:90:ff:cd:a2:f9:8e:12:29:23:
         42:5f:6d:90:af:bb:08:5d:dd:b7:12:42:f2:88:3d:66:b1:ed:
         20:6e:ed:43:74:dd:53:2a:b7:ef:f2:31:98:d1:a1:bf:5d:10:
         26:a2:16:57:8a:56:83:d3:4f:8a:0e:c7:30:78:0e:03:b7:5c:
         33:bb:ee:d7:40:82:3c:e7:4d:bb:96:a5:d2:fe:43:47:18:3a:
         e9:ac:3c:ad:55:1e:0e:ea:ce:61:91:8c:fa:27:df:d4:d6:05:
         d1:88:16:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQX7KvEHIrd2u4YZGz44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2UyNTMzZmE2ODIyMzJiOTRmNDI4NWIxNDE3ZWM5ZDdjNDNmODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1+EZHrQujSgDIUAizIn+UsoFHcx
KXn5gbL9IgSFGzRAjKc4/5SY17cboBtsbQlTV3mwj4XvYqGCdvma/fVLJYa7nK+m
MZPKMN+/tHDlvNmwrqzKH/HCzqD8d0WRANFfq9n44Yp0Y7nN3WnZZulfz1B3lJLF
SDlThrXZs27t6UOal/IE7KQyxvGaT10YVbylWBF8vzvqCbijW0Bc+u+J6Den7FK9
hfnvmeRCOzy+iu/YGbXjgQ9zV2EGAUIBMTNxYPT3VosS8G1Sj3gkali6MzWktp6m
JaxuOVvptXt+7WE41YhUeENFpSURFvu7ZoNIYc4vARDppUFGt9rHkalK6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEziUz+mgiMrlPQoWxQX7J18Q/h/MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvVE9KVFA2YUNJeXVVOUNoYkZCZnNuWHhELUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/wMA0G
CSqGSIb3DQEBCwUAA4IBAQA5n3tYBqNqqrvT6DN0JdnshS0FmoT31vftsAaoh6lU
1707J/fyWwPRnYxGctEaakYwFfFLQBi8aMl1d1DzlECX7FRbNw3r5slG4kXBeeQ7
y6TUdq02m2wPwS2SSqdgy55o16J3PvgDLC87wVesvFCVVgYz6Zmh3auJs/AqfNZH
4R0rQ8Yj24WUkq7IhMp19KNeFunxMhNsqX2Q/82i+Y4SKSNCX22Qr7sIXd23EkLy
iD1mse0gbu1DdN1TKrfv8jGY0aG/XRAmohZXilaD00+KDscweA4Dt1wzu+7XQII8
5027lqXS/kNHGDrprDytVR4O6s5hkYz6J9/U1gXRiBaB
-----END CERTIFICATE-----