This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/x89rzjrs6Nt2XEc3vV8pZLa4I9c.roa
File:                     x89rzjrs6Nt2XEc3vV8pZLa4I9c.roa (raw, json)
Hash identifier:          ye+jK9rOukJBboMMHLahiU263X6F4SzisjCcXlAZk5c=
Subject key identifier:   C7:CF:6B:CE:3A:EC:E8:DB:76:5C:47:37:BD:5F:29:64:B6:B8:23:D7
Certificate issuer:       /CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
Certificate serial:       019B77C722CD1886C02451652EB43F010D03
Authority key identifier: 4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/x89rzjrs6Nt2XEc3vV8pZLa4I9c.roa
Signing time:             Thu 01 Jan 2026 04:18:17 +0000
ROA not before:           Thu 01 Jan 2026 04:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205832
IP address blocks:        185.204.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:22:cd:18:86:c0:24:51:65:2e:b4:3f:01:0d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
        Validity
            Not Before: Jan  1 04:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7cf6bce3aece8db765c4737bd5f2964b6b823d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6f:0d:04:21:eb:cd:6d:89:c9:9f:28:81:36:
                    a1:39:19:95:d9:25:dc:cf:49:6e:b2:e9:7e:c3:ae:
                    f4:de:c1:2d:9e:d9:6b:df:ab:7b:0f:c2:3a:e5:4a:
                    92:af:8a:50:74:07:a3:1b:13:3f:96:e8:3d:68:0c:
                    7f:81:d8:d2:6c:b1:09:84:61:21:fc:1f:d8:e6:e2:
                    3a:8b:57:42:39:8e:70:54:6d:cc:86:29:ff:ae:29:
                    a8:e1:18:38:46:40:ea:7c:96:86:35:fc:17:9d:16:
                    c5:87:fa:80:cb:5b:fd:72:b5:1d:b4:87:d6:18:dc:
                    c2:2b:5f:c1:4b:b5:f2:6b:62:2c:09:d1:14:e3:b3:
                    de:f9:ae:d7:f7:c1:3c:30:a0:89:2e:b7:97:ec:88:
                    d9:4b:e7:28:86:f5:9c:61:63:66:19:26:cb:95:87:
                    8f:84:1c:bc:8c:14:56:70:7e:98:96:42:99:92:66:
                    9c:e7:5f:1a:61:32:e3:6c:bc:f1:75:11:1a:d4:aa:
                    53:99:26:e4:d8:15:d7:ec:ed:0a:8c:fb:c9:22:a0:
                    76:eb:df:8e:70:70:9a:18:17:cb:6e:8d:d6:be:51:
                    68:53:3e:9e:d8:67:91:1d:f8:4d:d0:84:ec:13:b1:
                    b0:9a:81:21:8b:13:b8:5b:90:d9:04:4b:cf:4b:23:
                    78:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:CF:6B:CE:3A:EC:E8:DB:76:5C:47:37:BD:5F:29:64:B6:B8:23:D7
            X509v3 Authority Key Identifier:
                keyid:4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/x89rzjrs6Nt2XEc3vV8pZLa4I9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:9d:cc:17:d1:8f:b8:03:e9:40:11:b8:38:c4:b4:9b:20:0f:
         28:b6:4f:de:38:47:58:14:5b:80:48:19:87:0f:fc:db:da:f3:
         4a:f1:36:69:44:03:0e:7d:5d:e5:ea:12:14:e8:b4:45:9c:b5:
         c6:6a:60:70:dc:21:18:54:4f:3c:8a:67:f9:6b:d5:ce:47:7b:
         39:5f:38:96:11:95:18:16:9e:0b:a8:2f:1d:c4:17:19:40:a7:
         51:80:68:d5:c2:a1:a1:57:70:2d:4d:f2:b0:17:79:9c:c0:dc:
         96:ce:14:d0:bd:22:aa:94:84:10:57:15:34:98:3e:10:92:6b:
         56:90:8b:90:0a:08:b5:b7:50:d8:b4:d2:5f:69:ee:50:7c:03:
         47:34:dd:2b:d6:86:71:a6:f2:1d:ba:15:dc:30:04:1f:13:74:
         9f:4b:51:cc:a1:a9:02:a8:b7:1d:0e:d6:98:be:f3:ff:78:50:
         22:29:e5:77:65:e1:38:e6:f2:3f:6a:15:16:27:5e:de:c6:68:
         15:44:f8:a4:c6:ed:25:be:24:5a:23:3e:f4:86:17:6e:5a:0a:
         05:c3:1e:35:88:a8:ab:4f:0b:2c:c3:26:86:b4:84:d8:58:7d:
         2f:f1:a4:74:1a:8d:ff:d3:41:13:a0:a9:c8:f2:ac:ab:a3:09:
         b9:bc:f5:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyLNGIbAJFFlLrQ/AQ0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWQ1ZmJhYWY3NmE4MGE2NWUwZTkyYzAyMDYxZTg5NWIy
YjgxMTcwHhcNMjYwMTAxMDQxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2NmNmJjZTNhZWNlOGRiNzY1YzQ3MzdiZDVmMjk2NGI2YjgyM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG8NBCHrzW2JyZ8ogTahORmV2SXc
z0lusul+w6703sEtntlr36t7D8I65UqSr4pQdAejGxM/lug9aAx/gdjSbLEJhGEh
/B/Y5uI6i1dCOY5wVG3Mhin/rimo4Rg4RkDqfJaGNfwXnRbFh/qAy1v9crUdtIfW
GNzCK1/BS7Xya2IsCdEU47Pe+a7X98E8MKCJLreX7IjZS+cohvWcYWNmGSbLlYeP
hBy8jBRWcH6YlkKZkmac518aYTLjbLzxdREa1KpTmSbk2BXX7O0KjPvJIqB269+O
cHCaGBfLbo3WvlFoUz6e2GeRHfhN0ITsE7GwmoEhixO4W5DZBEvPSyN4bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfPa8467OjbdlxHN71fKWS2uCPXMB8GA1UdIwQY
MBaAFE+dX7qvdqgKZeDpLAIGHolbK4EXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTct
NjBmNmZhOTExMGUyLzEveDg5cnpqcnM2TnQyWEVjM3ZWOHBaTGE0STljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTctNjBmNmZhOTExMGUy
LzEvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucwgMA0G
CSqGSIb3DQEBCwUAA4IBAQBmncwX0Y+4A+lAEbg4xLSbIA8otk/eOEdYFFuASBmH
D/zb2vNK8TZpRAMOfV3l6hIU6LRFnLXGamBw3CEYVE88imf5a9XOR3s5XziWEZUY
Fp4LqC8dxBcZQKdRgGjVwqGhV3AtTfKwF3mcwNyWzhTQvSKqlIQQVxU0mD4QkmtW
kIuQCgi1t1DYtNJfae5QfANHNN0r1oZxpvIduhXcMAQfE3SfS1HMoakCqLcdDtaY
vvP/eFAiKeV3ZeE45vI/ahUWJ17exmgVRPikxu0lviRaIz70hhduWgoFwx41iKir
TwsswyaGtITYWH0v8aR0Go3/00EToKnI8qyrowm5vPXq
-----END CERTIFICATE-----