This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/ODUIcf_bzTk9SnI9p0ZWNlAJV7o.roa
File:                     ODUIcf_bzTk9SnI9p0ZWNlAJV7o.roa (raw, json)
Hash identifier:          VKZbJqQvpkLB2V2H0OwBchWw7SJMHdH4Zv7oFAfio1s=
Subject key identifier:   38:35:08:71:FF:DB:CD:39:3D:4A:72:3D:A7:46:56:36:50:09:57:BA
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019B7BA412E4C06A62B818B7B6E24064ADE0
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/ODUIcf_bzTk9SnI9p0ZWNlAJV7o.roa
Signing time:             Thu 01 Jan 2026 22:18:28 +0000
ROA not before:           Thu 01 Jan 2026 22:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206044
IP address blocks:        185.212.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:12:e4:c0:6a:62:b8:18:b7:b6:e2:40:64:ad:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jan  1 22:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38350871ffdbcd393d4a723da7465636500957ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6d:ff:43:cc:19:d5:94:51:c4:77:bb:ae:8c:
                    c2:23:71:d3:35:6a:69:57:45:0d:71:81:67:5b:3d:
                    e3:e1:e3:7e:f6:f8:03:85:bd:61:f0:f5:92:cc:7d:
                    f3:c4:ed:62:6c:b2:62:b8:54:cf:c9:af:57:c7:f3:
                    7c:6e:ab:ad:be:2d:58:ca:2a:34:ca:6d:07:72:2b:
                    8b:bd:57:d4:43:ff:e0:94:2e:3e:81:38:08:34:54:
                    b5:ad:6d:bb:6a:8d:0c:db:ad:e2:8c:40:b3:74:0c:
                    c3:84:cb:d1:25:28:44:77:dc:04:2d:c6:16:a0:86:
                    95:23:db:59:3f:50:b6:2d:9c:f4:d5:99:ef:32:dd:
                    b3:75:76:05:fe:5f:59:ef:a0:ee:d6:23:1b:58:df:
                    98:17:cc:bb:74:75:0f:74:73:a2:3e:86:7e:9f:2c:
                    db:b4:f8:5f:9e:d0:d8:07:01:cb:d6:00:a2:05:35:
                    0a:30:40:43:3d:35:16:9b:3d:40:49:5a:b4:5c:26:
                    f8:d8:80:dc:47:27:a5:e1:e7:02:f8:01:c7:fa:17:
                    73:37:01:ca:7d:fd:34:34:88:02:98:51:aa:24:f7:
                    c6:2b:25:24:d8:ad:cb:0b:77:60:69:a9:ff:df:2b:
                    38:21:f6:93:e7:55:de:d4:58:9d:58:2e:15:5d:89:
                    27:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:35:08:71:FF:DB:CD:39:3D:4A:72:3D:A7:46:56:36:50:09:57:BA
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/ODUIcf_bzTk9SnI9p0ZWNlAJV7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:a3:fe:41:10:d2:e1:f4:1b:22:8b:9b:9b:32:31:08:14:73:
         42:ca:93:2e:fc:3b:3a:06:dd:d0:6f:59:6c:1c:e3:33:73:be:
         83:59:8b:97:fa:dc:92:e8:80:c8:ee:39:09:04:b4:41:c7:29:
         28:ed:e9:84:e4:d9:48:9d:64:ca:e4:d7:2f:be:b2:fe:98:0f:
         89:c8:b2:ee:2d:01:2c:90:43:bc:a7:3a:74:df:12:a3:9b:5a:
         27:59:24:9d:52:19:2f:ea:6e:d1:bf:08:fa:a6:70:bc:b5:0b:
         16:54:67:4e:c0:6b:5d:1a:ed:5b:3c:a7:48:ea:1b:bb:97:dc:
         9b:46:31:3d:2e:49:39:97:48:3f:f0:6d:df:c2:b0:64:b4:25:
         b2:4c:64:6c:46:81:1b:98:10:83:97:69:8f:78:37:50:de:41:
         8b:b6:9d:00:8d:d8:8a:df:78:44:83:f6:49:42:11:f7:f6:e5:
         04:61:01:c3:7e:18:c8:bf:3b:35:32:82:54:82:40:c8:d4:fd:
         24:9c:b9:80:dd:1d:af:38:0d:d6:47:78:4e:d9:c0:ca:43:e4:
         35:91:c8:f0:17:b3:f7:76:98:ed:f1:83:f3:4c:fb:2f:6f:ee:
         9b:4c:7e:b5:c0:b3:09:ec:85:c6:fc:33:b9:f7:f7:7c:38:e9:
         3e:43:2c:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pBLkwGpiuBi3tuJAZK3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjYwMTAxMjIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM1MDg3MWZmZGJjZDM5M2Q0YTcyM2RhNzQ2NTYzNjUwMDk1N2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG3/Q8wZ1ZRRxHe7rozCI3HTNWpp
V0UNcYFnWz3j4eN+9vgDhb1h8PWSzH3zxO1ibLJiuFTPya9Xx/N8bqutvi1Yyio0
ym0HciuLvVfUQ//glC4+gTgINFS1rW27ao0M263ijECzdAzDhMvRJShEd9wELcYW
oIaVI9tZP1C2LZz01ZnvMt2zdXYF/l9Z76Du1iMbWN+YF8y7dHUPdHOiPoZ+nyzb
tPhfntDYBwHL1gCiBTUKMEBDPTUWmz1ASVq0XCb42IDcRyel4ecC+AHH+hdzNwHK
ff00NIgCmFGqJPfGKyUk2K3LC3dgaan/3ys4IfaT51Xe1FidWC4VXYknaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg1CHH/2805PUpyPadGVjZQCVe6MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvT0RVSWNmX2J6VGs5U25JOXAwWldObEFKVjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudSWMA0G
CSqGSIb3DQEBCwUAA4IBAQCBo/5BENLh9Bsii5ubMjEIFHNCypMu/Ds6Bt3Qb1ls
HOMzc76DWYuX+tyS6IDI7jkJBLRBxyko7emE5NlInWTK5NcvvrL+mA+JyLLuLQEs
kEO8pzp03xKjm1onWSSdUhkv6m7Rvwj6pnC8tQsWVGdOwGtdGu1bPKdI6hu7l9yb
RjE9Lkk5l0g/8G3fwrBktCWyTGRsRoEbmBCDl2mPeDdQ3kGLtp0AjdiK33hEg/ZJ
QhH39uUEYQHDfhjIvzs1MoJUgkDI1P0knLmA3R2vOA3WR3hO2cDKQ+Q1kcjwF7P3
dpjt8YPzTPsvb+6bTH61wLMJ7IXG/DO59/d8OOk+Qywp
-----END CERTIFICATE-----