This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/d5uZsHk5psUBNIiK0yURePVkIj4.roa
File:                     d5uZsHk5psUBNIiK0yURePVkIj4.roa (raw, json)
Hash identifier:          s7XGbhnDoYFsLMagak/nA9yObweAfTDGqMpZ2d7pox0=
Subject key identifier:   77:9B:99:B0:79:39:A6:C5:01:34:88:8A:D3:25:11:78:F5:64:22:3E
Certificate issuer:       /CN=6bd19d69701f13a5977cd2296fa87a252fbf05f7
Certificate serial:       019B7F853402AF68099E925028F09832C00D
Authority key identifier: 6B:D1:9D:69:70:1F:13:A5:97:7C:D2:29:6F:A8:7A:25:2F:BF:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/d5uZsHk5psUBNIiK0yURePVkIj4.roa
Signing time:             Fri 02 Jan 2026 16:23:14 +0000
ROA not before:           Fri 02 Jan 2026 16:23:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203361
IP address blocks:        185.42.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:34:02:af:68:09:9e:92:50:28:f0:98:32:c0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bd19d69701f13a5977cd2296fa87a252fbf05f7
        Validity
            Not Before: Jan  2 16:23:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=779b99b07939a6c50134888ad3251178f564223e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:30:e2:64:54:48:db:e3:67:a3:92:a4:3c:10:
                    21:4b:21:ce:e6:07:8e:e3:9e:b0:3d:da:2f:03:bd:
                    bc:5a:db:6d:2c:c1:e7:4b:63:d6:26:8d:2d:75:73:
                    9d:00:8a:15:71:01:da:c5:86:52:76:29:8c:ea:e9:
                    d9:5a:99:dc:a6:c9:ae:6a:28:47:73:ea:cb:80:19:
                    5b:48:eb:4a:31:2e:7f:48:03:5f:d2:34:73:fb:73:
                    e0:d3:b7:0d:a8:47:85:e1:2c:46:94:4a:01:19:92:
                    1b:e8:ec:15:c6:c8:24:c4:b7:66:99:74:61:66:9f:
                    e6:f7:50:43:a7:0c:5f:63:ea:3a:95:da:c6:ec:2e:
                    22:1c:62:ea:22:a8:61:30:b4:a6:bb:09:80:7c:a4:
                    0f:29:ac:bd:93:c4:91:13:e8:3a:27:9e:9d:53:52:
                    ac:3c:b4:2e:1a:bf:f7:cd:c4:69:0e:1b:c2:92:55:
                    b7:c8:44:3a:35:c1:56:bf:9e:fa:3a:cd:96:f6:19:
                    5e:d5:a1:e8:7e:9e:b2:b2:63:0e:76:ba:1a:19:04:
                    16:bb:85:f9:dd:1a:9b:b7:9b:07:50:e3:ed:d7:db:
                    a3:55:f0:c7:ab:27:37:d0:0c:5c:55:ac:3b:28:3c:
                    fd:4a:c5:69:e7:e4:8b:71:98:4e:bc:75:6f:ba:fc:
                    30:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9B:99:B0:79:39:A6:C5:01:34:88:8A:D3:25:11:78:F5:64:22:3E
            X509v3 Authority Key Identifier:
                keyid:6B:D1:9D:69:70:1F:13:A5:97:7C:D2:29:6F:A8:7A:25:2F:BF:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/d5uZsHk5psUBNIiK0yURePVkIj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/4daeba-36b4-4949-8385-8f0d4eef6ab5/1/a9GdaXAfE6WXfNIpb6h6JS-_Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:1b:47:2c:69:ff:af:2c:f4:a6:30:1a:36:0a:dc:8a:08:20:
         e5:22:8b:ee:c3:d2:1a:fc:ec:11:03:8e:00:06:68:64:88:00:
         cc:32:12:db:10:11:12:cc:ec:28:50:9f:65:cf:9b:45:ef:d1:
         b5:c6:7c:df:6d:15:d3:19:3b:2e:12:80:61:50:56:b6:b4:7d:
         e8:c8:ae:65:1a:a1:25:a5:47:3d:d9:f3:75:00:a3:ef:74:dd:
         18:28:87:d2:d1:d6:1c:0c:31:bb:2a:cf:d1:ba:c6:52:12:1e:
         11:cd:8f:38:a6:b2:e0:be:a1:d9:e3:64:f3:16:4b:60:25:52:
         4e:8d:a3:13:da:d4:01:da:3f:24:5f:24:6e:f4:e9:1d:77:fc:
         e7:94:f0:97:db:4b:df:f6:70:7a:55:76:82:91:ba:bd:17:fc:
         f3:f2:97:89:11:46:f6:28:e3:a2:b2:1f:ae:57:6e:e9:7a:51:
         2f:3b:b5:75:2d:27:a2:fa:9e:7f:45:65:30:ad:c2:04:9f:83:
         63:42:fe:89:8d:77:fa:16:11:3e:11:b3:13:cf:36:14:9c:28:
         ba:f8:5a:b9:f9:5e:23:0d:cc:af:7b:68:12:49:73:53:73:18:
         89:48:3b:95:f4:46:13:a1:67:0e:08:e3:9d:f2:fe:08:04:af:
         4d:88:fc:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hTQCr2gJnpJQKPCYMsANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiZDE5ZDY5NzAxZjEzYTU5NzdjZDIyOTZmYTg3YTI1MmZi
ZjA1ZjcwHhcNMjYwMTAyMTYyMzE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzliOTliMDc5MzlhNmM1MDEzNDg4OGFkMzI1MTE3OGY1NjQyMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTDiZFRI2+Nno5KkPBAhSyHO5geO
456wPdovA728WtttLMHnS2PWJo0tdXOdAIoVcQHaxYZSdimM6unZWpncpsmuaihH
c+rLgBlbSOtKMS5/SANf0jRz+3Pg07cNqEeF4SxGlEoBGZIb6OwVxsgkxLdmmXRh
Zp/m91BDpwxfY+o6ldrG7C4iHGLqIqhhMLSmuwmAfKQPKay9k8SRE+g6J56dU1Ks
PLQuGr/3zcRpDhvCklW3yEQ6NcFWv576Os2W9hle1aHofp6ysmMOdroaGQQWu4X5
3Rqbt5sHUOPt19ujVfDHqyc30AxcVaw7KDz9SsVp5+SLcZhOvHVvuvwwowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHebmbB5OabFATSIitMlEXj1ZCI+MB8GA1UdIwQY
MBaAFGvRnWlwHxOll3zSKW+oeiUvvwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTlHZGFYQWZFNldYZk5JcGI2aDZKUy1fQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny80ZGFlYmEtMzZiNC00OTQ5LTgzODUt
OGYwZDRlZWY2YWI1LzEvZDV1WnNIazVwc1VCTklpSzB5VVJlUFZrSWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny80ZGFlYmEtMzZiNC00OTQ5LTgzODUtOGYwZDRlZWY2YWI1
LzEvYTlHZGFYQWZFNldYZk5JcGI2aDZKUy1fQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSpkMA0G
CSqGSIb3DQEBCwUAA4IBAQAjG0csaf+vLPSmMBo2CtyKCCDlIovuw9Ia/OwRA44A
BmhkiADMMhLbEBESzOwoUJ9lz5tF79G1xnzfbRXTGTsuEoBhUFa2tH3oyK5lGqEl
pUc92fN1AKPvdN0YKIfS0dYcDDG7Ks/RusZSEh4RzY84prLgvqHZ42TzFktgJVJO
jaMT2tQB2j8kXyRu9Okdd/znlPCX20vf9nB6VXaCkbq9F/zz8peJEUb2KOOish+u
V27pelEvO7V1LSei+p5/RWUwrcIEn4NjQv6JjXf6FhE+EbMTzzYUnCi6+Fq5+V4j
Dcyve2gSSXNTcxiJSDuV9EYToWcOCOOd8v4IBK9NiPyq
-----END CERTIFICATE-----