This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/sxVjjTuZsumW0h6mF4GiRANgUvg.roa
File:                     sxVjjTuZsumW0h6mF4GiRANgUvg.roa (raw, json)
Hash identifier:          z5zoee9BxxfVBHQHis7Mo+eHgddxsrIvf3XwtD1/H80=
Subject key identifier:   B3:15:63:8D:3B:99:B2:E9:96:D2:1E:A6:17:81:A2:44:03:60:52:F8
Certificate issuer:       /CN=d777943b341188e9cd2e93de288b33ffe041c7d2
Certificate serial:       019B7910C0116620F556D6F0489A04D58383
Authority key identifier: D7:77:94:3B:34:11:88:E9:CD:2E:93:DE:28:8B:33:FF:E0:41:C7:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/13eUOzQRiOnNLpPeKIsz_-BBx9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/sxVjjTuZsumW0h6mF4GiRANgUvg.roa
Signing time:             Thu 01 Jan 2026 10:18:19 +0000
ROA not before:           Thu 01 Jan 2026 10:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199758
IP address blocks:        185.86.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/13eUOzQRiOnNLpPeKIsz_-BBx9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/13eUOzQRiOnNLpPeKIsz_-BBx9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/13eUOzQRiOnNLpPeKIsz_-BBx9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:c0:11:66:20:f5:56:d6:f0:48:9a:04:d5:83:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d777943b341188e9cd2e93de288b33ffe041c7d2
        Validity
            Not Before: Jan  1 10:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b315638d3b99b2e996d21ea61781a244036052f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:68:9c:db:01:10:8c:7e:a0:6e:74:b6:bf:aa:
                    71:8d:a0:28:38:1c:3d:9a:80:b0:60:75:1f:23:96:
                    ee:02:ef:56:17:e5:eb:30:b1:59:94:61:d3:58:2b:
                    18:a2:64:5e:3c:98:fe:b3:2d:25:80:f3:d9:d7:3d:
                    b7:c6:11:9c:aa:c7:08:03:20:e3:49:ed:a9:de:b3:
                    3f:bd:8e:8b:09:50:d1:ef:f3:c0:8c:50:80:0f:30:
                    3b:6c:92:6d:bd:0f:47:15:fa:08:98:a7:13:5b:8c:
                    e9:97:6d:24:ed:8d:34:2d:d5:1f:79:b8:3f:76:54:
                    b8:42:78:30:9f:c7:37:73:fa:17:6a:4b:9e:51:94:
                    fe:f4:7f:70:85:98:6d:70:c8:ab:41:70:91:97:12:
                    54:55:c1:2d:37:e3:71:34:ae:fb:2f:0c:e7:d5:89:
                    1f:90:9a:8e:d5:41:7d:86:e0:f0:e0:2c:4a:c7:af:
                    aa:8a:aa:b4:f6:92:32:7c:3e:3d:55:46:b2:47:96:
                    61:37:36:51:73:b4:a5:eb:da:2b:b4:1c:1c:8c:62:
                    b0:ae:ca:1f:21:a4:ec:84:a1:d6:1d:c8:da:71:c1:
                    62:df:d6:72:60:ce:9e:43:de:5c:75:57:bc:f4:12:
                    8a:aa:9a:75:24:ce:17:37:39:75:2a:79:fa:f1:d6:
                    86:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:15:63:8D:3B:99:B2:E9:96:D2:1E:A6:17:81:A2:44:03:60:52:F8
            X509v3 Authority Key Identifier:
                keyid:D7:77:94:3B:34:11:88:E9:CD:2E:93:DE:28:8B:33:FF:E0:41:C7:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/13eUOzQRiOnNLpPeKIsz_-BBx9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/sxVjjTuZsumW0h6mF4GiRANgUvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/35b1df-78cf-4818-b33a-cda7fc7eb092/1/13eUOzQRiOnNLpPeKIsz_-BBx9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:ab:df:36:40:a2:b8:08:cc:16:39:76:2b:9e:88:ea:54:55:
         42:72:20:09:9c:8e:a0:61:28:fe:ac:e1:16:d6:66:c0:50:d1:
         18:13:3a:21:37:c6:1d:0e:56:6a:2e:77:14:25:54:54:6e:07:
         8c:07:8e:8a:2f:84:d6:6f:0d:bd:c8:f7:d1:28:d9:28:da:7f:
         a2:9d:3c:a4:33:27:3d:7c:03:9e:8e:e5:58:d2:78:f6:d6:44:
         5b:6a:62:b2:60:59:4b:66:4d:1a:94:1d:3b:b6:ce:51:c4:f7:
         de:c6:db:31:b0:25:58:36:64:e0:09:e2:56:2c:b0:20:37:66:
         ce:7f:0d:eb:98:b2:2d:e3:cb:4d:57:a8:5c:3e:cd:19:74:39:
         92:5f:00:e9:93:cf:0c:5e:11:b1:63:2d:32:79:67:0f:99:ee:
         0e:8b:dd:62:32:af:63:c4:b7:62:1b:f0:58:4f:64:7d:c5:7c:
         40:8a:83:9f:a3:25:d7:93:d8:b9:ee:12:4c:de:95:73:21:ff:
         14:20:33:74:d8:ad:a3:34:06:66:02:c7:52:ad:cb:1c:c1:94:
         2d:d9:1c:d8:0f:14:6a:9b:34:62:4a:1d:e4:62:8b:36:03:89:
         9c:02:4c:75:f6:40:ca:fa:6c:49:37:57:dc:cb:95:a8:15:91:
         87:7c:8b:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EMARZiD1VtbwSJoE1YODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Nzc5NDNiMzQxMTg4ZTljZDJlOTNkZTI4OGIzM2ZmZTA0
MWM3ZDIwHhcNMjYwMTAxMTAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE1NjM4ZDNiOTliMmU5OTZkMjFlYTYxNzgxYTI0NDAzNjA1MmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2ic2wEQjH6gbnS2v6pxjaAoOBw9
moCwYHUfI5buAu9WF+XrMLFZlGHTWCsYomRePJj+sy0lgPPZ1z23xhGcqscIAyDj
Se2p3rM/vY6LCVDR7/PAjFCADzA7bJJtvQ9HFfoImKcTW4zpl20k7Y00LdUfebg/
dlS4Qngwn8c3c/oXakueUZT+9H9whZhtcMirQXCRlxJUVcEtN+NxNK77Lwzn1Ykf
kJqO1UF9huDw4CxKx6+qiqq09pIyfD49VUayR5ZhNzZRc7Sl69ortBwcjGKwrsof
IaTshKHWHcjaccFi39ZyYM6eQ95cdVe89BKKqpp1JM4XNzl1Knn68daGLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMVY407mbLpltIepheBokQDYFL4MB8GA1UdIwQY
MBaAFNd3lDs0EYjpzS6T3iiLM//gQcfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTNlVU96UVJpT25OTHBQZUtJc3pfLUJCeDlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8zNWIxZGYtNzhjZi00ODE4LWIzM2Et
Y2RhN2ZjN2ViMDkyLzEvc3hWampUdVpzdW1XMGg2bUY0R2lSQU5nVXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8zNWIxZGYtNzhjZi00ODE4LWIzM2EtY2RhN2ZjN2ViMDky
LzEvMTNlVU96UVJpT25OTHBQZUtJc3pfLUJCeDlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVbEMA0G
CSqGSIb3DQEBCwUAA4IBAQBJq982QKK4CMwWOXYrnojqVFVCciAJnI6gYSj+rOEW
1mbAUNEYEzohN8YdDlZqLncUJVRUbgeMB46KL4TWbw29yPfRKNko2n+inTykMyc9
fAOejuVY0nj21kRbamKyYFlLZk0alB07ts5RxPfextsxsCVYNmTgCeJWLLAgN2bO
fw3rmLIt48tNV6hcPs0ZdDmSXwDpk88MXhGxYy0yeWcPme4Oi91iMq9jxLdiG/BY
T2R9xXxAioOfoyXXk9i57hJM3pVzIf8UIDN02K2jNAZmAsdSrcscwZQt2RzYDxRq
mzRiSh3kYos2A4mcAkx19kDK+mxJN1fcy5WoFZGHfItH
-----END CERTIFICATE-----