This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/_A5n5MVXPTeaMo3rQ1IAu9qOAK4.roa
File:                     _A5n5MVXPTeaMo3rQ1IAu9qOAK4.roa (raw, json)
Hash identifier:          yReqynf2cE/kYXyRmKMW4pCg/G9fnV1VQ2BAqlqWIHY=
Subject key identifier:   FC:0E:67:E4:C5:57:3D:37:9A:32:8D:EB:43:52:00:BB:DA:8E:00:AE
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC797CF28749FC1348ABD29642DC825
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/_A5n5MVXPTeaMo3rQ1IAu9qOAK4.roa
Signing time:             Thu 01 Jan 2026 18:17:39 +0000
ROA not before:           Thu 01 Jan 2026 18:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59633
IP address blocks:        185.149.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:97:cf:28:74:9f:c1:34:8a:bd:29:64:2d:c8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc0e67e4c5573d379a328deb435200bbda8e00ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7a:ee:3c:2a:3b:ec:a3:52:3b:17:59:19:16:
                    d9:c3:92:0b:55:28:69:79:e8:03:44:e7:73:a1:c9:
                    37:69:94:3d:9c:7e:36:64:b8:2d:7d:ed:8e:94:cf:
                    f9:83:e0:a0:6e:e6:b5:cd:88:12:67:f4:23:6e:ea:
                    b9:16:c7:02:d1:6d:90:6f:b8:9a:b6:a2:c4:66:fd:
                    44:89:9f:11:6f:fc:b3:05:60:46:d0:a7:14:f1:45:
                    f9:d1:4d:1a:44:ad:b5:60:b5:55:b1:02:50:75:cf:
                    70:b0:52:08:72:0a:a2:81:82:30:93:1d:62:94:5e:
                    a6:9f:0e:e5:8d:fc:47:75:48:27:bf:3d:a3:5e:05:
                    82:5f:5c:06:36:a0:08:dc:53:de:53:0e:7d:d4:38:
                    e4:5e:c3:9f:6e:72:6a:32:13:a9:53:db:b3:b9:7e:
                    73:91:f9:17:07:46:cf:d3:26:a0:aa:49:fe:81:2d:
                    30:29:ad:a2:92:a9:d4:73:ec:f0:6d:ee:53:ce:65:
                    08:33:b3:0b:97:c0:64:37:eb:e7:b9:27:50:41:e6:
                    3b:54:39:04:6c:5e:1d:b1:c6:6c:b1:d2:d2:62:89:
                    bc:c4:e7:13:19:20:e2:2f:9c:cf:dc:be:5f:01:a0:
                    ff:c7:10:00:e8:78:64:81:8d:fb:92:dd:f8:87:26:
                    4e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:0E:67:E4:C5:57:3D:37:9A:32:8D:EB:43:52:00:BB:DA:8E:00:AE
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/_A5n5MVXPTeaMo3rQ1IAu9qOAK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:dc:30:80:fc:1a:78:f0:e0:be:6f:94:ac:94:7f:ff:ef:ef:
         ed:35:ba:db:0a:73:c1:e9:7c:f9:26:be:1f:fd:2e:29:9f:33:
         c7:4c:69:5c:b2:12:a8:21:6c:47:22:27:c4:3b:f5:1d:59:ea:
         b9:5c:44:39:8d:3f:57:c3:29:42:ac:ae:79:6a:01:f7:fa:d0:
         47:ec:af:09:6a:a9:34:38:f2:66:39:8f:7b:dc:78:0a:1a:6a:
         ee:7c:8f:89:8d:c2:6d:a4:fb:58:4c:b9:8a:fc:0f:63:15:a8:
         7f:6b:c4:39:06:b0:91:c5:3f:0b:19:96:22:13:4d:09:0b:5c:
         79:92:04:c4:67:2c:41:96:e8:f0:45:58:70:fa:f1:11:35:28:
         06:b2:6d:e4:3c:48:70:ef:b0:26:91:12:ce:14:8a:0a:31:3c:
         dd:0a:e1:1e:61:fe:9d:d4:b9:5f:ed:b4:42:81:c5:60:b9:50:
         95:4e:84:1d:30:e1:8d:18:47:af:bd:44:0d:dd:e8:05:e9:03:
         aa:92:11:bc:11:e7:47:fa:2c:06:8f:07:d7:39:5b:23:23:30:
         71:58:ea:49:da:49:cc:02:e3:13:c1:14:b3:e9:a0:c8:4a:ad:
         41:0d:73:5d:69:58:e0:b9:5c:ae:de:a9:02:32:e4:61:20:6e:
         25:cf:fa:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5fPKHSfwTSKvSlkLcglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzBlNjdlNGM1NTczZDM3OWEzMjhkZWI0MzUyMDBiYmRhOGUwMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHruPCo77KNSOxdZGRbZw5ILVShp
eegDROdzock3aZQ9nH42ZLgtfe2OlM/5g+Cgbua1zYgSZ/Qjbuq5FscC0W2Qb7ia
tqLEZv1EiZ8Rb/yzBWBG0KcU8UX50U0aRK21YLVVsQJQdc9wsFIIcgqigYIwkx1i
lF6mnw7ljfxHdUgnvz2jXgWCX1wGNqAI3FPeUw591DjkXsOfbnJqMhOpU9uzuX5z
kfkXB0bP0yagqkn+gS0wKa2ikqnUc+zwbe5TzmUIM7MLl8BkN+vnuSdQQeY7VDkE
bF4dscZssdLSYom8xOcTGSDiL5zP3L5fAaD/xxAA6HhkgY37kt34hyZOgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwOZ+TFVz03mjKN60NSALvajgCuMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvX0E1bjVNVlhQVGVhTW8zclExSUF1OXFPQUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZV6MA0G
CSqGSIb3DQEBCwUAA4IBAQAg3DCA/Bp48OC+b5SslH//7+/tNbrbCnPB6Xz5Jr4f
/S4pnzPHTGlcshKoIWxHIifEO/UdWeq5XEQ5jT9XwylCrK55agH3+tBH7K8Jaqk0
OPJmOY973HgKGmrufI+JjcJtpPtYTLmK/A9jFah/a8Q5BrCRxT8LGZYiE00JC1x5
kgTEZyxBlujwRVhw+vERNSgGsm3kPEhw77AmkRLOFIoKMTzdCuEeYf6d1Llf7bRC
gcVguVCVToQdMOGNGEevvUQN3egF6QOqkhG8EedH+iwGjwfXOVsjIzBxWOpJ2knM
AuMTwRSz6aDISq1BDXNdaVjguVyu3qkCMuRhIG4lz/qO
-----END CERTIFICATE-----