This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ifwrtv1BluoPIkQo_MTDHpf7DWE.roa
File:                     ifwrtv1BluoPIkQo_MTDHpf7DWE.roa (raw, json)
Hash identifier:          +CUdbfSAT9/xrFBhfATn0RACcTSHJXjnjlFP8+UD1sU=
Subject key identifier:   89:FC:2B:B6:FD:41:96:EA:0F:22:44:28:FC:C4:C3:1E:97:FB:0D:61
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C69A1808C38EDAE2BD27C0C250D7B3
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ifwrtv1BluoPIkQo_MTDHpf7DWE.roa
Signing time:             Thu 01 Jan 2026 04:17:42 +0000
ROA not before:           Thu 01 Jan 2026 04:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41500
IP address blocks:        185.17.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9a:18:08:c3:8e:da:e2:bd:27:c0:c2:50:d7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89fc2bb6fd4196ea0f224428fcc4c31e97fb0d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8c:6b:0d:1e:88:3c:a1:0d:40:3e:88:e3:d7:
                    61:e4:71:e5:e4:eb:1a:c2:01:2f:ee:5e:6a:08:cc:
                    e5:ca:0a:7c:8d:2b:f6:0b:19:14:65:08:8b:88:d0:
                    84:18:93:aa:9f:e2:ea:97:1b:ae:4e:b2:c7:88:5e:
                    bb:f6:cb:1c:3e:c2:ca:85:04:f4:68:03:3c:fb:bc:
                    c2:e1:e4:96:ec:f5:8d:66:74:ca:ad:3e:c8:71:69:
                    69:9e:13:23:ba:03:d3:19:ed:23:a7:1d:91:9e:af:
                    b0:f5:8d:7f:ce:5a:a1:0f:f6:86:af:f6:f9:29:59:
                    3e:c8:43:bd:50:b0:2c:91:9a:3b:59:2f:99:d6:05:
                    c3:46:1c:23:a0:69:44:35:d6:a7:64:ca:2a:bb:01:
                    7f:6b:03:6f:e8:ab:e4:92:42:22:d8:43:5f:20:8e:
                    0b:13:ae:41:f3:52:a9:09:3f:19:a9:57:dd:42:7e:
                    bd:ad:0a:7b:33:e7:59:c0:7c:42:e6:87:be:32:e3:
                    2f:91:3c:3f:1f:ea:87:31:04:43:af:3e:b6:7f:f7:
                    b7:dc:c1:85:a6:a4:70:67:a3:74:35:8a:85:78:ed:
                    97:e1:c0:77:4f:09:e3:c5:5e:de:a1:0d:97:6d:f0:
                    7d:e6:81:96:4a:13:6e:44:08:41:73:b4:2d:fc:89:
                    e3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FC:2B:B6:FD:41:96:EA:0F:22:44:28:FC:C4:C3:1E:97:FB:0D:61
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ifwrtv1BluoPIkQo_MTDHpf7DWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:4a:07:06:2e:57:87:d2:49:1a:ed:f0:e7:5a:5d:72:a2:5e:
         34:59:3c:2f:a1:ed:e1:af:58:76:b4:4f:46:dc:7e:ff:e0:bf:
         e2:ba:45:66:6a:43:62:61:15:f9:72:f5:51:c6:99:2e:4a:56:
         57:40:40:79:b4:a9:80:1c:41:af:f8:7e:18:d2:af:62:d7:33:
         c3:81:db:68:aa:ee:11:bc:a9:5d:77:5c:f6:5e:e0:85:ca:ab:
         38:b0:24:0f:d4:15:49:ee:8e:b1:47:3b:2d:a0:2d:d7:26:73:
         8c:8f:83:81:ed:27:ba:b1:79:f7:76:24:b6:8b:92:4c:55:d6:
         dd:e2:a8:69:7d:b1:51:9c:12:4e:ae:c9:a6:32:3e:16:2a:66:
         56:e1:e7:f2:1c:00:37:93:8f:9e:6e:2a:a1:49:0a:09:73:2f:
         b8:fe:44:99:05:c6:6f:fa:cd:4d:ec:e8:f6:a6:cc:56:2d:f8:
         6c:a0:61:a7:75:92:0a:bf:41:24:94:8e:86:be:8d:bd:e2:70:
         1a:f3:1a:e1:ba:f3:36:2b:bb:ae:bf:18:d8:f2:35:ec:ce:8e:
         80:c3:ab:36:41:e3:81:04:0d:3d:19:be:16:e0:81:d8:cd:24:
         17:1a:9c:8d:b1:2b:10:55:f2:18:fb:2c:49:05:82:96:cc:88:
         aa:07:21:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpoYCMOO2uK9J8DCUNezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWZjMmJiNmZkNDE5NmVhMGYyMjQ0MjhmY2M0YzMxZTk3ZmIwZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYxrDR6IPKENQD6I49dh5HHl5Osa
wgEv7l5qCMzlygp8jSv2CxkUZQiLiNCEGJOqn+LqlxuuTrLHiF679sscPsLKhQT0
aAM8+7zC4eSW7PWNZnTKrT7IcWlpnhMjugPTGe0jpx2Rnq+w9Y1/zlqhD/aGr/b5
KVk+yEO9ULAskZo7WS+Z1gXDRhwjoGlENdanZMoquwF/awNv6KvkkkIi2ENfII4L
E65B81KpCT8ZqVfdQn69rQp7M+dZwHxC5oe+MuMvkTw/H+qHMQRDrz62f/e33MGF
pqRwZ6N0NYqFeO2X4cB3TwnjxV7eoQ2XbfB95oGWShNuRAhBc7Qt/Inj7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn8K7b9QZbqDyJEKPzEwx6X+w1hMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvaWZ3cnR2MUJsdW9QSWtRb19NVERIcGY3RFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFDMA0G
CSqGSIb3DQEBCwUAA4IBAQBkSgcGLleH0kka7fDnWl1yol40WTwvoe3hr1h2tE9G
3H7/4L/iukVmakNiYRX5cvVRxpkuSlZXQEB5tKmAHEGv+H4Y0q9i1zPDgdtoqu4R
vKldd1z2XuCFyqs4sCQP1BVJ7o6xRzstoC3XJnOMj4OB7Se6sXn3diS2i5JMVdbd
4qhpfbFRnBJOrsmmMj4WKmZW4efyHAA3k4+ebiqhSQoJcy+4/kSZBcZv+s1N7Oj2
psxWLfhsoGGndZIKv0EklI6Gvo294nAa8xrhuvM2K7uuvxjY8jXszo6Aw6s2QeOB
BA09Gb4W4IHYzSQXGpyNsSsQVfIY+yxJBYKWzIiqByGl
-----END CERTIFICATE-----