This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/J-Bz8qhPimC4GxsugwGSd-nQyU0.roa
File:                     J-Bz8qhPimC4GxsugwGSd-nQyU0.roa (raw, json)
Hash identifier:          L3Vp30KjUA+rcuwya6ShZ/e1i4UzWN1QVD0+o8znoHA=
Subject key identifier:   27:E0:73:F2:A8:4F:8A:60:B8:1B:1B:2E:83:01:92:77:E9:D0:C9:4D
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       019B797DEF0D1F4C247A902E9C84C3618756
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/J-Bz8qhPimC4GxsugwGSd-nQyU0.roa
Signing time:             Thu 01 Jan 2026 12:17:34 +0000
ROA not before:           Thu 01 Jan 2026 12:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.162.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:ef:0d:1f:4c:24:7a:90:2e:9c:84:c3:61:87:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Jan  1 12:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27e073f2a84f8a60b81b1b2e83019277e9d0c94d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:46:04:ff:f5:73:31:0f:57:d4:b5:78:94:0d:
                    f4:2c:5f:84:cb:13:59:c2:3f:6f:c0:6e:60:25:6b:
                    e7:59:70:cd:48:17:1e:d9:c5:fc:33:59:07:b5:38:
                    75:c8:b2:49:c6:1e:a1:60:bd:35:01:8c:8c:07:65:
                    f2:05:30:25:4c:41:5a:aa:c6:be:d4:c6:81:48:45:
                    52:a4:3b:ca:77:a7:de:45:8d:58:59:2f:36:84:ef:
                    20:3d:7d:5b:48:f8:69:b0:f4:8a:b7:52:84:53:2c:
                    63:89:84:22:9d:76:b9:52:5b:0f:fe:b3:12:b9:c7:
                    f2:31:78:3a:16:54:7f:80:d9:ab:af:8f:5c:0f:62:
                    e0:2a:3b:ea:07:39:3e:df:f1:aa:2b:98:36:fa:a1:
                    7e:78:a6:0b:5a:cd:28:f4:23:ad:34:14:0f:fd:07:
                    d4:fb:57:bf:40:a8:23:12:60:18:c8:78:84:03:07:
                    a0:43:28:ab:86:1b:f7:82:cd:c7:a5:cd:6d:24:23:
                    7c:f9:2d:e0:f6:60:9a:17:5c:f1:06:f4:e1:37:a1:
                    8e:bd:9e:99:7d:f0:0a:02:2c:87:d8:50:08:3d:bd:
                    4c:13:3c:60:01:37:d9:13:f4:bb:19:0e:8f:38:4c:
                    79:31:3e:98:ca:0b:c6:66:40:9b:a3:9f:cf:8d:8a:
                    4c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E0:73:F2:A8:4F:8A:60:B8:1B:1B:2E:83:01:92:77:E9:D0:C9:4D
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/J-Bz8qhPimC4GxsugwGSd-nQyU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:f5:e3:9e:9a:03:4b:b1:82:7b:b8:2f:e9:5f:29:4b:95:07:
         ba:ff:6d:0c:b7:09:20:91:0c:3d:b3:43:2a:30:76:24:65:86:
         f3:6f:90:dc:9b:81:20:32:76:e8:e8:f3:1b:35:83:d2:98:72:
         a3:b0:83:75:73:f0:95:3b:21:1c:ea:11:59:5a:17:4f:46:00:
         f3:bf:6b:03:2e:ff:64:89:96:1b:b9:a0:57:15:ba:62:94:d9:
         75:ab:46:3a:b3:7f:2f:1c:1c:c3:17:bc:22:89:46:0a:a2:e0:
         e0:53:04:a5:f7:25:b3:ac:53:d9:9f:ff:db:40:07:38:c8:09:
         6e:37:d9:94:be:6a:14:96:9a:7c:76:63:ea:b9:dd:d6:d9:50:
         6a:7a:76:8c:f8:2c:c4:7f:dd:9b:b3:9d:56:2f:1d:47:db:ff:
         17:89:a8:cb:f5:85:ea:1c:c0:b0:be:67:ff:21:4c:a2:5e:1f:
         9f:65:77:24:ac:5e:c6:c8:51:ba:46:d2:22:e7:2e:7c:32:88:
         64:8a:92:23:af:ba:65:c3:a1:c9:44:fa:6e:2c:28:ec:a3:4f:
         68:a2:e1:44:64:f1:54:f6:c8:ab:90:a7:e6:5a:c3:07:5a:60:
         cf:4e:50:93:f6:1d:aa:25:6b:3b:5c:74:4e:f2:a5:e1:69:a4:
         41:3e:c6:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fe8NH0wkepAunITDYYdWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjYwMTAxMTIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2UwNzNmMmE4NGY4YTYwYjgxYjFiMmU4MzAxOTI3N2U5ZDBjOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEYE//VzMQ9X1LV4lA30LF+EyxNZ
wj9vwG5gJWvnWXDNSBce2cX8M1kHtTh1yLJJxh6hYL01AYyMB2XyBTAlTEFaqsa+
1MaBSEVSpDvKd6feRY1YWS82hO8gPX1bSPhpsPSKt1KEUyxjiYQinXa5UlsP/rMS
ucfyMXg6FlR/gNmrr49cD2LgKjvqBzk+3/GqK5g2+qF+eKYLWs0o9COtNBQP/QfU
+1e/QKgjEmAYyHiEAwegQyirhhv3gs3Hpc1tJCN8+S3g9mCaF1zxBvThN6GOvZ6Z
ffAKAiyH2FAIPb1MEzxgATfZE/S7GQ6POEx5MT6YygvGZkCbo5/PjYpMOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfgc/KoT4pguBsbLoMBknfp0MlNMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvSi1CejhxaFBpbUM0R3hzdWd3R1NkLW5ReVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaL8MA0G
CSqGSIb3DQEBCwUAA4IBAQAL9eOemgNLsYJ7uC/pXylLlQe6/20MtwkgkQw9s0Mq
MHYkZYbzb5Dcm4EgMnbo6PMbNYPSmHKjsIN1c/CVOyEc6hFZWhdPRgDzv2sDLv9k
iZYbuaBXFbpilNl1q0Y6s38vHBzDF7wiiUYKouDgUwSl9yWzrFPZn//bQAc4yAlu
N9mUvmoUlpp8dmPqud3W2VBqenaM+CzEf92bs51WLx1H2/8XiajL9YXqHMCwvmf/
IUyiXh+fZXckrF7GyFG6RtIi5y58MohkipIjr7plw6HJRPpuLCjso09oouFEZPFU
9sirkKfmWsMHWmDPTlCT9h2qJWs7XHRO8qXhaaRBPsbr
-----END CERTIFICATE-----
Generated at Wed Jan 7 23:48:14 2026 by rpki-client