This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/1ikj8K4gg8bqVoOloF1uGBZNs8o.roa
File:                     1ikj8K4gg8bqVoOloF1uGBZNs8o.roa (raw, json)
Hash identifier:          h0BD5Gg3KZmBPBkiYf4wbtFLVw2S7zXsWKI3s1mu0zI=
Subject key identifier:   D6:29:23:F0:AE:20:83:C6:EA:56:83:A5:A0:5D:6E:18:16:4D:B3:CA
Certificate issuer:       /CN=b7a670e51c96419fc52028b12e45655ef914ddbb
Certificate serial:       019B7C1355F05C714C7D91E332947F4EAFC1
Authority key identifier: B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/1ikj8K4gg8bqVoOloF1uGBZNs8o.roa
Signing time:             Fri 02 Jan 2026 00:20:00 +0000
ROA not before:           Fri 02 Jan 2026 00:20:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        185.66.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:55:f0:5c:71:4c:7d:91:e3:32:94:7f:4e:af:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7a670e51c96419fc52028b12e45655ef914ddbb
        Validity
            Not Before: Jan  2 00:20:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d62923f0ae2083c6ea5683a5a05d6e18164db3ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6f:2f:2b:7b:29:3a:11:2a:04:70:fe:8d:40:
                    8d:3a:6a:98:0a:a7:d2:f7:a6:41:ff:11:fc:6e:21:
                    71:7c:a9:93:7c:9c:94:c3:fd:d4:f0:9f:59:f7:b3:
                    59:94:f6:22:c6:44:5d:9a:1b:fb:f1:69:b9:a1:a1:
                    79:ff:56:49:ca:98:4f:64:79:44:10:9f:97:84:63:
                    14:9d:79:dd:3a:67:77:44:54:bf:c5:ed:5c:72:e9:
                    8b:11:da:5b:94:be:49:6e:d2:ba:36:e3:8f:29:72:
                    0d:48:10:eb:b6:4a:2a:a7:b0:e5:99:07:8a:b6:8e:
                    97:9c:81:1b:f1:b0:56:18:98:3f:f3:1a:40:4f:aa:
                    d6:e2:1a:11:07:5f:5e:e5:e7:4c:c5:09:60:9e:0f:
                    e9:c9:36:53:f2:ef:2d:05:63:9b:9e:85:61:fd:31:
                    09:89:5f:ef:30:42:56:1a:94:53:dd:1a:ab:be:34:
                    e9:62:8b:0c:47:2a:fe:6e:ca:58:a8:17:fb:78:54:
                    d3:7b:69:63:d0:40:9d:1f:65:48:15:b8:f0:eb:1f:
                    b9:b8:74:8d:96:2a:0d:ef:fb:ea:b2:db:0c:df:f7:
                    94:45:8c:5a:0e:8f:1a:0c:4f:f1:88:db:aa:54:ff:
                    c6:ca:06:77:38:a4:4d:ac:fe:5a:34:b6:00:52:f1:
                    df:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:29:23:F0:AE:20:83:C6:EA:56:83:A5:A0:5D:6E:18:16:4D:B3:CA
            X509v3 Authority Key Identifier:
                keyid:B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/1ikj8K4gg8bqVoOloF1uGBZNs8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:71:12:c5:9a:7c:f7:01:0e:fe:ec:c9:77:fc:02:ed:5f:90:
         1c:e1:35:75:d3:22:95:58:11:b2:cc:22:fa:a9:32:cd:78:48:
         0e:b9:c1:e0:79:98:5a:5c:5b:ba:17:f7:22:39:e8:8b:65:d0:
         82:0d:9c:72:df:fd:b6:7b:fb:b9:27:3d:da:02:77:16:55:3b:
         b4:3d:6e:30:b8:f8:c0:f9:df:e9:ee:4f:17:86:87:d6:12:f5:
         43:7c:a9:8e:8b:d7:c3:1b:46:bc:4e:6b:c9:d5:93:cc:50:37:
         d7:fd:b5:56:1f:e6:01:70:d1:c0:9e:96:eb:f6:7c:d9:72:48:
         f0:05:88:a5:93:64:de:f6:43:a0:0f:eb:6a:f7:01:ee:6e:3a:
         58:e9:7f:1f:fb:38:3c:12:df:9a:35:a7:c1:6e:42:df:59:a9:
         28:de:f2:2d:75:a2:8b:77:c0:d4:6d:30:a8:e0:ac:77:c2:b2:
         eb:f0:4a:7c:03:8f:e5:04:f9:62:d4:72:e7:79:ac:c4:b6:12:
         d8:1b:96:b1:68:1b:e7:44:6c:ee:2e:e9:e4:55:ae:83:e9:ed:
         e6:90:b2:76:8d:20:e6:87:da:42:3d:62:de:ea:12:ac:3e:c0:
         52:16:ab:5d:31:fd:c7:2c:50:04:7b:a4:05:be:ab:1a:5c:df:
         bb:7e:22:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E1XwXHFMfZHjMpR/Tq/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YTY3MGU1MWM5NjQxOWZjNTIwMjhiMTJlNDU2NTVlZjkx
NGRkYmIwHhcNMjYwMTAyMDAyMDAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI5MjNmMGFlMjA4M2M2ZWE1NjgzYTVhMDVkNmUxODE2NGRiM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG8vK3spOhEqBHD+jUCNOmqYCqfS
96ZB/xH8biFxfKmTfJyUw/3U8J9Z97NZlPYixkRdmhv78Wm5oaF5/1ZJyphPZHlE
EJ+XhGMUnXndOmd3RFS/xe1ccumLEdpblL5JbtK6NuOPKXINSBDrtkoqp7DlmQeK
to6XnIEb8bBWGJg/8xpAT6rW4hoRB19e5edMxQlgng/pyTZT8u8tBWObnoVh/TEJ
iV/vMEJWGpRT3RqrvjTpYosMRyr+bspYqBf7eFTTe2lj0ECdH2VIFbjw6x+5uHSN
lioN7/vqstsM3/eURYxaDo8aDE/xiNuqVP/GygZ3OKRNrP5aNLYAUvHf2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYpI/CuIIPG6laDpaBdbhgWTbPKMB8GA1UdIwQY
MBaAFLemcOUclkGfxSAosS5FZV75FN27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWIt
MTMyOTM3ZDM5Y2VhLzEvMWlrajhLNGdnOGJxVm9PbG9GMXVHQlpOczhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWItMTMyOTM3ZDM5Y2Vh
LzEvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULjMA0G
CSqGSIb3DQEBCwUAA4IBAQCCcRLFmnz3AQ7+7Ml3/ALtX5Ac4TV10yKVWBGyzCL6
qTLNeEgOucHgeZhaXFu6F/ciOeiLZdCCDZxy3/22e/u5Jz3aAncWVTu0PW4wuPjA
+d/p7k8XhofWEvVDfKmOi9fDG0a8TmvJ1ZPMUDfX/bVWH+YBcNHAnpbr9nzZckjw
BYilk2Te9kOgD+tq9wHubjpY6X8f+zg8Et+aNafBbkLfWako3vItdaKLd8DUbTCo
4Kx3wrLr8Ep8A4/lBPli1HLneazEthLYG5axaBvnRGzuLunkVa6D6e3mkLJ2jSDm
h9pCPWLe6hKsPsBSFqtdMf3HLFAEe6QFvqsaXN+7fiIc
-----END CERTIFICATE-----