This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/ckHYyGr3Mw8Qija2YP60OUa1ew0.roa
File:                     ckHYyGr3Mw8Qija2YP60OUa1ew0.roa (raw, json)
Hash identifier:          ublouyar7OpXVPh6lwDgL3vowMyRYwZv2+erG4mp4zU=
Subject key identifier:   72:41:D8:C8:6A:F7:33:0F:10:8A:36:B6:60:FE:B4:39:46:B5:7B:0D
Certificate issuer:       /CN=a1b39d824479d4da7b12f65c15e5c42725f5260b
Certificate serial:       019B7C8062E2D22DEB77EB2C048A98208454
Authority key identifier: A1:B3:9D:82:44:79:D4:DA:7B:12:F6:5C:15:E5:C4:27:25:F5:26:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/ckHYyGr3Mw8Qija2YP60OUa1ew0.roa
Signing time:             Fri 02 Jan 2026 02:19:07 +0000
ROA not before:           Fri 02 Jan 2026 02:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205341
IP address blocks:        185.221.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:62:e2:d2:2d:eb:77:eb:2c:04:8a:98:20:84:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1b39d824479d4da7b12f65c15e5c42725f5260b
        Validity
            Not Before: Jan  2 02:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7241d8c86af7330f108a36b660feb43946b57b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e8:08:e6:a8:0f:c8:fd:0f:99:79:bb:16:e1:
                    37:1b:e0:25:9a:1e:06:85:8f:f8:fe:b9:0a:0b:07:
                    2a:c6:17:9e:a2:14:62:ae:2b:fd:f6:cb:2b:84:49:
                    c4:4f:b2:06:8e:2b:74:c9:9f:0b:a8:ac:23:c4:ba:
                    fe:0a:d8:5d:8d:e1:a3:2d:35:9f:be:5a:d6:df:bc:
                    20:47:d3:bf:9e:84:63:80:72:e9:48:49:3b:87:be:
                    03:12:4c:c3:0a:4f:56:42:b6:b1:87:98:20:88:2e:
                    c5:d7:d0:a3:ec:c5:45:12:d6:2f:51:85:f0:a5:ad:
                    8c:51:28:e8:4b:e3:c1:8e:37:11:a1:21:46:a2:04:
                    7c:4b:59:68:dc:c9:64:1a:67:a0:6f:c7:df:04:c4:
                    c8:1d:6f:b4:f3:4c:49:dc:62:38:98:c9:34:ed:73:
                    2a:82:ac:89:d6:d2:cd:4b:01:af:25:ca:08:bc:b1:
                    ff:36:60:69:4e:47:40:9e:cc:41:aa:11:12:20:df:
                    b2:8c:c8:5a:45:7e:00:a6:b5:aa:f6:09:89:a6:62:
                    8d:f9:80:63:b2:4d:9e:2c:17:b3:8a:03:5f:a4:e4:
                    38:8f:6f:c4:c2:8e:49:53:fd:41:8a:07:6f:6c:dd:
                    0e:55:d2:3c:81:cb:55:e6:f5:78:cd:aa:fa:2c:04:
                    20:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:41:D8:C8:6A:F7:33:0F:10:8A:36:B6:60:FE:B4:39:46:B5:7B:0D
            X509v3 Authority Key Identifier:
                keyid:A1:B3:9D:82:44:79:D4:DA:7B:12:F6:5C:15:E5:C4:27:25:F5:26:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obOdgkR51Np7EvZcFeXEJyX1Jgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/ckHYyGr3Mw8Qija2YP60OUa1ew0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/179f80-8838-4d4c-b8d1-31a964f8a37f/1/obOdgkR51Np7EvZcFeXEJyX1Jgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:82:b7:11:c2:fc:56:a2:43:11:50:06:cd:6e:0a:90:33:10:
         c3:bc:b4:4e:bf:32:94:d1:e1:b2:f6:78:c4:99:e4:f8:24:d0:
         5a:40:75:28:61:b5:92:99:d8:41:dc:e5:35:b9:aa:84:7b:29:
         ec:6a:88:b5:89:88:3a:5f:fa:10:87:d3:da:45:65:73:27:46:
         b0:87:a0:de:d9:5e:6d:d4:03:c6:31:ed:ae:e0:42:bf:a1:87:
         87:c8:ad:ff:88:8d:27:dc:9d:43:67:0f:12:50:bf:56:c5:3a:
         a1:af:a5:ca:85:7a:f0:91:48:c9:ce:5b:94:85:b4:0e:bc:07:
         d4:fa:60:85:5f:b8:ea:22:99:00:50:36:cb:5e:d1:5b:2b:51:
         e3:66:4c:20:eb:ce:44:09:64:ba:38:2b:c4:05:6c:87:af:0a:
         fa:90:b9:f6:47:49:ae:a6:02:48:14:f6:33:42:7d:9e:93:0e:
         38:21:6c:d0:e6:dd:f6:31:23:18:53:44:00:25:7c:3b:ce:fa:
         8f:12:c0:68:c0:2c:aa:51:95:1b:ea:4b:b0:0f:83:71:ee:0e:
         fb:5e:cb:b0:5d:f1:fc:43:32:ad:87:c4:29:6d:2b:69:c4:11:
         29:50:88:67:e8:7d:5b:6f:bd:74:ca:1f:01:4f:04:47:eb:e6:
         2a:cf:86:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gGLi0i3rd+ssBIqYIIRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjM5ZDgyNDQ3OWQ0ZGE3YjEyZjY1YzE1ZTVjNDI3MjVm
NTI2MGIwHhcNMjYwMTAyMDIxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQxZDhjODZhZjczMzBmMTA4YTM2YjY2MGZlYjQzOTQ2YjU3YjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOgI5qgPyP0PmXm7FuE3G+Almh4G
hY/4/rkKCwcqxheeohRiriv99ssrhEnET7IGjit0yZ8LqKwjxLr+CthdjeGjLTWf
vlrW37wgR9O/noRjgHLpSEk7h74DEkzDCk9WQraxh5ggiC7F19Cj7MVFEtYvUYXw
pa2MUSjoS+PBjjcRoSFGogR8S1lo3MlkGmegb8ffBMTIHW+080xJ3GI4mMk07XMq
gqyJ1tLNSwGvJcoIvLH/NmBpTkdAnsxBqhESIN+yjMhaRX4AprWq9gmJpmKN+YBj
sk2eLBezigNfpOQ4j2/Ewo5JU/1BigdvbN0OVdI8gctV5vV4zar6LAQg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJB2Mhq9zMPEIo2tmD+tDlGtXsNMB8GA1UdIwQY
MBaAFKGznYJEedTaexL2XBXlxCcl9SYLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JPZGdrUjUxTnA3RXZaY0ZlWEVKeVgxSmdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8xNzlmODAtODgzOC00ZDRjLWI4ZDEt
MzFhOTY0ZjhhMzdmLzEvY2tIWXlHcjNNdzhRaWphMllQNjBPVWExZXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8xNzlmODAtODgzOC00ZDRjLWI4ZDEtMzFhOTY0ZjhhMzdm
LzEvb2JPZGdrUjUxTnA3RXZaY0ZlWEVKeVgxSmdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud0IMA0G
CSqGSIb3DQEBCwUAA4IBAQA9grcRwvxWokMRUAbNbgqQMxDDvLROvzKU0eGy9njE
meT4JNBaQHUoYbWSmdhB3OU1uaqEeynsaoi1iYg6X/oQh9PaRWVzJ0awh6De2V5t
1APGMe2u4EK/oYeHyK3/iI0n3J1DZw8SUL9WxTqhr6XKhXrwkUjJzluUhbQOvAfU
+mCFX7jqIpkAUDbLXtFbK1HjZkwg685ECWS6OCvEBWyHrwr6kLn2R0mupgJIFPYz
Qn2ekw44IWzQ5t32MSMYU0QAJXw7zvqPEsBowCyqUZUb6kuwD4Nx7g77XsuwXfH8
QzKth8QpbStpxBEpUIhn6H1bb710yh8BTwRH6+Yqz4YS
-----END CERTIFICATE-----