This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/8NrxfJaCOnAAkLXNQJ1IZ-JOwSI.roa
File:                     8NrxfJaCOnAAkLXNQJ1IZ-JOwSI.roa (raw, json)
Hash identifier:          slewiApnTMdXf2TymBJD1AvESrA5YBZngXCsDqMecns=
Subject key identifier:   F0:DA:F1:7C:96:82:3A:70:00:90:B5:CD:40:9D:48:67:E2:4E:C1:22
Certificate issuer:       /CN=78d32c121735449f1538ff0036f4abd0600a825f
Certificate serial:       019B7F83419B847087E180060FA671A84D17
Authority key identifier: 78:D3:2C:12:17:35:44:9F:15:38:FF:00:36:F4:AB:D0:60:0A:82:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/8NrxfJaCOnAAkLXNQJ1IZ-JOwSI.roa
Signing time:             Fri 02 Jan 2026 16:21:06 +0000
ROA not before:           Fri 02 Jan 2026 16:21:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205803
IP address blocks:        185.201.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:41:9b:84:70:87:e1:80:06:0f:a6:71:a8:4d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d32c121735449f1538ff0036f4abd0600a825f
        Validity
            Not Before: Jan  2 16:21:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0daf17c96823a700090b5cd409d4867e24ec122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:79:77:d3:4b:c3:7b:17:c3:96:c5:e2:32:
                    69:35:2a:f0:84:07:68:5f:59:26:8c:79:34:43:43:
                    bb:16:33:96:af:5e:09:3b:d3:8d:b1:4f:89:3d:e2:
                    22:1d:d2:3f:df:eb:33:f1:b7:d4:c1:8b:de:af:df:
                    c7:0f:a7:50:e0:d5:1b:3c:3d:80:70:e4:51:a0:01:
                    d0:16:99:76:c6:de:14:be:70:de:56:52:90:20:c6:
                    cd:ff:c6:fc:26:a5:a4:82:07:7c:c0:3d:70:02:a1:
                    63:00:54:3c:ee:08:09:b6:13:fa:14:aa:39:ce:1a:
                    d7:01:37:b3:e7:03:bf:9e:3f:3e:2e:de:b8:e0:55:
                    da:8e:45:f9:44:01:28:f4:0c:07:44:77:03:7c:96:
                    5d:16:df:c8:1b:6f:b3:88:06:94:8e:7f:15:28:b8:
                    b0:77:90:ca:54:24:5d:56:84:29:29:a9:1b:6a:fe:
                    8c:b2:37:da:fb:a5:84:2d:b2:9d:42:bc:8b:5c:8b:
                    17:3f:c5:6e:ec:be:d6:28:f2:a5:c4:09:ea:1c:3d:
                    bc:79:16:36:3c:20:85:35:10:0e:95:8d:94:db:09:
                    f0:7a:9b:af:48:a4:3c:16:8c:b4:9b:54:d5:ed:80:
                    b1:15:7a:dc:f4:d6:8f:c4:25:a7:e9:27:ae:55:55:
                    50:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:DA:F1:7C:96:82:3A:70:00:90:B5:CD:40:9D:48:67:E2:4E:C1:22
            X509v3 Authority Key Identifier:
                keyid:78:D3:2C:12:17:35:44:9F:15:38:FF:00:36:F4:AB:D0:60:0A:82:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/8NrxfJaCOnAAkLXNQJ1IZ-JOwSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/5c4b13-86cd-4c53-8a95-34a3aa0b6aa0/1/eNMsEhc1RJ8VOP8ANvSr0GAKgl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:a7:dd:89:16:05:99:9d:b0:6a:38:a8:5f:2a:d8:17:37:f9:
         41:e0:cb:2a:cb:40:2a:50:07:70:07:04:1c:63:17:18:27:f9:
         9e:6b:e4:d6:bb:fb:d8:89:43:42:80:35:11:8e:6e:50:7d:5b:
         53:c0:95:1c:02:62:64:05:1d:6b:d4:2d:20:33:37:6d:fb:5e:
         af:f6:76:43:7e:20:ab:aa:a7:84:af:96:7d:05:2e:30:d4:d4:
         62:1d:f6:7e:ab:82:35:7b:a0:32:db:6d:1b:60:a9:59:21:06:
         12:96:ad:f7:94:94:4d:de:eb:04:d7:c3:74:71:6c:bc:1d:a5:
         b3:43:4b:76:c0:f9:a6:9e:18:e4:fb:e1:4e:4d:8a:87:8e:1f:
         b0:03:e4:8a:19:7f:5a:52:2a:e2:cb:c6:a9:83:d4:90:10:8d:
         e0:b1:6c:b3:02:2f:f0:19:eb:82:96:75:91:68:49:a7:9b:40:
         97:23:90:f4:46:7f:2b:76:1f:cc:76:38:19:be:5e:5d:7f:83:
         16:b2:aa:ac:c7:59:e5:09:88:80:19:dc:42:d8:b8:7a:59:e4:
         f4:9d:23:18:b0:59:db:75:d1:ab:14:5a:d5:13:61:c9:72:0e:
         36:98:b5:c4:81:62:96:07:92:a0:95:84:9f:50:f6:ea:da:c7:
         80:7e:17:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g0GbhHCH4YAGD6ZxqE0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDMyYzEyMTczNTQ0OWYxNTM4ZmYwMDM2ZjRhYmQwNjAw
YTgyNWYwHhcNMjYwMTAyMTYyMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGRhZjE3Yzk2ODIzYTcwMDA5MGI1Y2Q0MDlkNDg2N2UyNGVjMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3Z5d9NLw3sXw5bF4jJpNSrwhAdo
X1kmjHk0Q0O7FjOWr14JO9ONsU+JPeIiHdI/3+sz8bfUwYver9/HD6dQ4NUbPD2A
cORRoAHQFpl2xt4UvnDeVlKQIMbN/8b8JqWkggd8wD1wAqFjAFQ87ggJthP6FKo5
zhrXATez5wO/nj8+Lt644FXajkX5RAEo9AwHRHcDfJZdFt/IG2+ziAaUjn8VKLiw
d5DKVCRdVoQpKakbav6Msjfa+6WELbKdQryLXIsXP8Vu7L7WKPKlxAnqHD28eRY2
PCCFNRAOlY2U2wnwepuvSKQ8Foy0m1TV7YCxFXrc9NaPxCWn6SeuVVVQ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDa8XyWgjpwAJC1zUCdSGfiTsEiMB8GA1UdIwQY
MBaAFHjTLBIXNUSfFTj/ADb0q9BgCoJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5Nc0VoYzFSSjhWT1A4QU52U3IwR0FLZ2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81YzRiMTMtODZjZC00YzUzLThhOTUt
MzRhM2FhMGI2YWEwLzEvOE5yeGZKYUNPbkFBa0xYTlFKMUlaLUpPd1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81YzRiMTMtODZjZC00YzUzLThhOTUtMzRhM2FhMGI2YWEw
LzEvZU5Nc0VoYzFSSjhWT1A4QU52U3IwR0FLZ2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucmcMA0G
CSqGSIb3DQEBCwUAA4IBAQB2p92JFgWZnbBqOKhfKtgXN/lB4Msqy0AqUAdwBwQc
YxcYJ/mea+TWu/vYiUNCgDURjm5QfVtTwJUcAmJkBR1r1C0gMzdt+16v9nZDfiCr
qqeEr5Z9BS4w1NRiHfZ+q4I1e6Ay220bYKlZIQYSlq33lJRN3usE18N0cWy8HaWz
Q0t2wPmmnhjk++FOTYqHjh+wA+SKGX9aUiriy8apg9SQEI3gsWyzAi/wGeuClnWR
aEmnm0CXI5D0Rn8rdh/MdjgZvl5df4MWsqqsx1nlCYiAGdxC2Lh6WeT0nSMYsFnb
ddGrFFrVE2HJcg42mLXEgWKWB5KglYSfUPbq2seAfhem
-----END CERTIFICATE-----