This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/DbhDBOu-4RlIo0LqivfKmdkWxlg.roa
File:                     DbhDBOu-4RlIo0LqivfKmdkWxlg.roa (raw, json)
Hash identifier:          x5EChnPdDWgKtRO63MP5f9gNs9e/wtDm0vinLAhafF8=
Subject key identifier:   0D:B8:43:04:EB:BE:E1:19:48:A3:42:EA:8A:F7:CA:99:D9:16:C6:58
Certificate issuer:       /CN=8afa7e0b34a476222cb1f5bc0c05ec13bbb14a79
Certificate serial:       019B76EB88FB82B45C4291D2647584E5A273
Authority key identifier: 8A:FA:7E:0B:34:A4:76:22:2C:B1:F5:BC:0C:05:EC:13:BB:B1:4A:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivp-CzSkdiIssfW8DAXsE7uxSnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/DbhDBOu-4RlIo0LqivfKmdkWxlg.roa
Signing time:             Thu 01 Jan 2026 00:18:26 +0000
ROA not before:           Thu 01 Jan 2026 00:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198381
IP address blocks:        185.31.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/ivp-CzSkdiIssfW8DAXsE7uxSnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/ivp-CzSkdiIssfW8DAXsE7uxSnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivp-CzSkdiIssfW8DAXsE7uxSnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:88:fb:82:b4:5c:42:91:d2:64:75:84:e5:a2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afa7e0b34a476222cb1f5bc0c05ec13bbb14a79
        Validity
            Not Before: Jan  1 00:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0db84304ebbee11948a342ea8af7ca99d916c658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cf:2b:b9:51:5f:da:78:60:09:87:55:43:73:
                    f6:55:4d:ec:ed:5f:54:3e:6d:9e:95:67:19:92:03:
                    15:d6:9a:b2:eb:39:f4:06:5a:62:ac:d4:ca:71:70:
                    84:91:f9:dd:3d:07:60:88:0a:73:f2:41:5b:9d:c9:
                    a8:d6:ea:82:28:ff:b8:f2:b9:11:f2:70:dd:39:6c:
                    70:75:2f:ca:c7:62:ca:61:43:65:89:13:68:be:c5:
                    9a:38:6b:b0:4e:80:10:1b:27:f6:00:5f:d6:2e:c7:
                    83:b6:e2:7d:d1:b4:4e:f6:7a:ed:64:7a:3b:26:6d:
                    39:04:9e:99:70:40:4e:22:ee:52:2c:a4:3b:86:50:
                    33:3e:8c:28:5b:19:e0:c0:b3:d9:bd:e4:27:2f:03:
                    ba:ce:84:1a:d5:ff:4b:d8:31:dc:76:f4:a2:ee:11:
                    d9:33:a0:81:f3:0f:91:db:34:48:3b:65:2a:90:5e:
                    c5:dc:95:f7:fc:6f:78:9c:c7:b8:53:54:77:a7:ab:
                    72:38:ef:5f:72:1f:39:69:e2:65:64:e5:b2:2d:df:
                    84:a0:97:6e:cf:cd:77:5b:c7:7d:61:4f:72:90:ec:
                    62:12:dd:07:be:63:11:24:e4:4c:d7:ff:aa:43:0e:
                    ae:86:d9:b9:2f:59:9d:7c:84:6e:ae:17:48:93:13:
                    71:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B8:43:04:EB:BE:E1:19:48:A3:42:EA:8A:F7:CA:99:D9:16:C6:58
            X509v3 Authority Key Identifier:
                keyid:8A:FA:7E:0B:34:A4:76:22:2C:B1:F5:BC:0C:05:EC:13:BB:B1:4A:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivp-CzSkdiIssfW8DAXsE7uxSnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/DbhDBOu-4RlIo0LqivfKmdkWxlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba8769-8d8a-4c17-91c7-6ba7a947a7f7/1/ivp-CzSkdiIssfW8DAXsE7uxSnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:c4:40:56:54:da:06:2e:0a:bd:b4:93:c0:b8:16:82:2a:32:
         3b:78:f3:8a:a3:f1:63:6b:8f:a4:a9:e4:65:4b:e1:b8:d9:2c:
         10:dd:a6:3f:fc:87:28:9e:1c:96:02:dc:c6:f0:7d:3d:af:cd:
         cf:30:9b:df:b1:1a:63:b5:a8:d8:6e:32:20:6d:28:83:0b:85:
         d4:ab:28:59:e3:3b:99:72:f8:0e:9c:ae:84:1e:e0:6b:b9:e3:
         94:b2:53:d3:13:63:da:94:54:38:20:74:fe:b7:31:b5:30:f1:
         c0:18:1c:93:15:80:bc:02:1d:51:7d:fe:1f:aa:1b:3f:ac:1e:
         15:f6:92:ee:ce:27:e0:80:67:5e:c5:3a:fc:03:68:1b:91:03:
         7e:e9:b3:ef:73:c4:94:de:e5:81:b0:49:f2:89:33:5d:4b:6b:
         06:86:ea:fd:42:65:aa:95:ea:28:ac:e4:0d:e6:60:4c:c8:6e:
         b6:62:30:cf:16:5a:90:e6:fe:dd:1a:cc:b4:50:16:35:1d:f5:
         52:13:b4:d8:05:52:0b:79:50:56:a5:23:30:d6:27:1e:78:ed:
         b1:17:b2:33:4f:6d:75:7c:61:ca:12:53:56:bc:0a:f5:e8:44:
         34:8e:83:aa:57:02:c4:c3:7e:1c:dc:e0:25:19:28:2c:d0:09:
         72:b3:17:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264j7grRcQpHSZHWE5aJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmE3ZTBiMzRhNDc2MjIyY2IxZjViYzBjMDVlYzEzYmJi
MTRhNzkwHhcNMjYwMTAxMDAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI4NDMwNGViYmVlMTE5NDhhMzQyZWE4YWY3Y2E5OWQ5MTZjNjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s8ruVFf2nhgCYdVQ3P2VU3s7V9U
Pm2elWcZkgMV1pqy6zn0BlpirNTKcXCEkfndPQdgiApz8kFbncmo1uqCKP+48rkR
8nDdOWxwdS/Kx2LKYUNliRNovsWaOGuwToAQGyf2AF/WLseDtuJ90bRO9nrtZHo7
Jm05BJ6ZcEBOIu5SLKQ7hlAzPowoWxngwLPZveQnLwO6zoQa1f9L2DHcdvSi7hHZ
M6CB8w+R2zRIO2UqkF7F3JX3/G94nMe4U1R3p6tyOO9fch85aeJlZOWyLd+EoJdu
z813W8d9YU9ykOxiEt0HvmMRJORM1/+qQw6uhtm5L1mdfIRurhdIkxNx8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA24QwTrvuEZSKNC6or3ypnZFsZYMB8GA1UdIwQY
MBaAFIr6fgs0pHYiLLH1vAwF7BO7sUp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZwLUN6U2tkaUlzc2ZXOERBWHNFN3V4U25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iYTg3NjktOGQ4YS00YzE3LTkxYzct
NmJhN2E5NDdhN2Y3LzEvRGJoREJPdS00UmxJbzBMcWl2ZkttZGtXeGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iYTg3NjktOGQ4YS00YzE3LTkxYzctNmJhN2E5NDdhN2Y3
LzEvaXZwLUN6U2tkaUlzc2ZXOERBWHNFN3V4U25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR+8MA0G
CSqGSIb3DQEBCwUAA4IBAQCDxEBWVNoGLgq9tJPAuBaCKjI7ePOKo/Fja4+kqeRl
S+G42SwQ3aY//IconhyWAtzG8H09r83PMJvfsRpjtajYbjIgbSiDC4XUqyhZ4zuZ
cvgOnK6EHuBrueOUslPTE2PalFQ4IHT+tzG1MPHAGByTFYC8Ah1Rff4fqhs/rB4V
9pLuzifggGdexTr8A2gbkQN+6bPvc8SU3uWBsEnyiTNdS2sGhur9QmWqleoorOQN
5mBMyG62YjDPFlqQ5v7dGsy0UBY1HfVSE7TYBVILeVBWpSMw1iceeO2xF7IzT211
fGHKElNWvAr16EQ0joOqVwLEw34c3OAlGSgs0Alysxfx
-----END CERTIFICATE-----