This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/AChfLsrRS-2-kW4RWZ5iRhVszUM.roa
File:                     AChfLsrRS-2-kW4RWZ5iRhVszUM.roa (raw, json)
Hash identifier:          pmsmYmynCxOmEk4WbIlOsiqVwMRhJkkL4vtqIjc11Fs=
Subject key identifier:   00:28:5F:2E:CA:D1:4B:ED:BE:91:6E:11:59:9E:62:46:15:6C:CD:43
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C131EF9C9A673D7E7CC9E8AF1CB0880
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/AChfLsrRS-2-kW4RWZ5iRhVszUM.roa
Signing time:             Fri 02 Jan 2026 00:19:46 +0000
ROA not before:           Fri 02 Jan 2026 00:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        185.227.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:1e:f9:c9:a6:73:d7:e7:cc:9e:8a:f1:cb:08:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00285f2ecad14bedbe916e11599e6246156ccd43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:38:54:17:9f:14:51:6e:01:da:ca:c7:49:59:
                    0b:a8:71:db:40:1c:27:b0:47:02:25:c5:75:73:15:
                    42:68:22:ed:b6:2c:d0:4a:b3:43:bb:8a:13:81:dc:
                    da:d0:8b:6c:f9:a8:03:19:97:6b:33:72:6c:83:29:
                    b2:cd:67:ec:d4:d8:4b:88:45:0a:fb:33:d6:b2:53:
                    4f:ab:56:36:64:2b:6e:fa:17:40:85:3b:12:ea:18:
                    40:80:30:c0:a6:97:9d:22:ee:ce:d0:45:ec:17:17:
                    0b:d8:ea:0e:74:c6:99:f6:01:e3:2e:9c:1b:4b:23:
                    d6:67:50:4f:3e:e0:d7:d4:d2:15:78:36:32:4e:3c:
                    3c:53:e8:c0:d2:e8:7d:c5:e4:c0:6c:a0:ea:0f:b8:
                    29:ec:db:ea:01:12:e0:74:67:a4:1e:b0:4b:51:33:
                    54:e1:db:34:f5:84:91:b5:36:29:3c:b8:ff:d3:d9:
                    2e:49:f3:4c:5e:b6:b7:59:c8:1c:6c:8d:75:18:71:
                    88:8e:2b:97:49:19:a3:65:04:f4:1e:1d:f4:35:dc:
                    7c:aa:66:42:59:1a:e6:78:73:37:f5:47:0e:f6:f3:
                    34:81:21:61:1c:7f:4b:2c:7a:64:5a:6f:ee:97:0f:
                    5e:de:0e:e1:61:95:7a:f5:9e:81:c7:70:4f:4e:ad:
                    8a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:28:5F:2E:CA:D1:4B:ED:BE:91:6E:11:59:9E:62:46:15:6C:CD:43
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/AChfLsrRS-2-kW4RWZ5iRhVszUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:13:95:ae:10:57:18:c0:e0:0f:ac:3c:0a:3f:dd:1b:ec:d7:
         66:6f:75:5d:63:c4:b8:f2:e7:e5:a9:3b:65:3e:22:f9:d5:4a:
         2f:8e:44:e9:86:56:5d:17:71:48:27:a4:b0:f0:f2:fe:3b:42:
         b9:31:36:1e:09:56:c7:b7:f2:bb:9a:03:70:e2:ff:bf:db:df:
         b0:b1:d4:a6:f2:c7:11:aa:3a:e4:2c:24:4a:4e:8c:04:59:4e:
         73:c3:a7:41:1f:c0:98:88:64:86:05:9a:cf:30:81:b5:2e:58:
         27:19:53:69:2b:51:b9:ed:37:dc:dc:42:e4:c2:54:c2:c0:dc:
         17:dd:cc:61:43:f6:55:50:b3:c7:cd:ca:43:34:18:03:09:a0:
         46:59:2f:22:c5:07:c0:77:d0:63:13:ec:4a:3c:59:51:f7:dc:
         99:2b:28:84:d7:ac:f1:92:8b:b8:22:12:15:0e:5f:fe:76:e1:
         d8:5b:a2:d3:00:3c:11:47:58:1d:cb:36:b5:48:76:5a:f4:39:
         ca:f2:7d:d7:86:a8:92:fb:dd:45:31:00:ce:3b:f8:ff:d6:0a:
         1e:2f:f4:ca:9d:71:61:b8:cc:78:e7:ef:a6:48:77:01:e2:43:
         6e:c8:13:f2:21:ac:ac:55:80:9a:f4:85:ec:60:bf:96:d3:69:
         50:43:f5:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ex75yaZz1+fMnorxywiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDI4NWYyZWNhZDE0YmVkYmU5MTZlMTE1OTllNjI0NjE1NmNjZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDhUF58UUW4B2srHSVkLqHHbQBwn
sEcCJcV1cxVCaCLttizQSrNDu4oTgdza0Its+agDGZdrM3JsgymyzWfs1NhLiEUK
+zPWslNPq1Y2ZCtu+hdAhTsS6hhAgDDAppedIu7O0EXsFxcL2OoOdMaZ9gHjLpwb
SyPWZ1BPPuDX1NIVeDYyTjw8U+jA0uh9xeTAbKDqD7gp7NvqARLgdGekHrBLUTNU
4ds09YSRtTYpPLj/09kuSfNMXra3WcgcbI11GHGIjiuXSRmjZQT0Hh30Ndx8qmZC
WRrmeHM39UcO9vM0gSFhHH9LLHpkWm/ulw9e3g7hYZV69Z6Bx3BPTq2KsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAoXy7K0UvtvpFuEVmeYkYVbM1DMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvQUNoZkxzclJTLTIta1c0UldaNWlSaFZzelVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueNmMA0G
CSqGSIb3DQEBCwUAA4IBAQB2E5WuEFcYwOAPrDwKP90b7Ndmb3VdY8S48uflqTtl
PiL51UovjkTphlZdF3FIJ6Sw8PL+O0K5MTYeCVbHt/K7mgNw4v+/29+wsdSm8scR
qjrkLCRKTowEWU5zw6dBH8CYiGSGBZrPMIG1LlgnGVNpK1G57Tfc3ELkwlTCwNwX
3cxhQ/ZVULPHzcpDNBgDCaBGWS8ixQfAd9BjE+xKPFlR99yZKyiE16zxkou4IhIV
Dl/+duHYW6LTADwRR1gdyza1SHZa9DnK8n3XhqiS+91FMQDOO/j/1goeL/TKnXFh
uMx45++mSHcB4kNuyBPyIaysVYCa9IXsYL+W02lQQ/WH
-----END CERTIFICATE-----