This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/CB2ITi-RxPyoR7XH1NEi7Vwgbyg.roa
File:                     CB2ITi-RxPyoR7XH1NEi7Vwgbyg.roa (raw, json)
Hash identifier:          e+/EujUqMgrunBdFLMp3Y5r4ddJZRAWO/cMR+Mtb/4w=
Subject key identifier:   08:1D:88:4E:2F:91:C4:FC:A8:47:B5:C7:D4:D1:22:ED:5C:20:6F:28
Certificate issuer:       /CN=bc63a36d5c80651a89a76906c9e3402fb34568da
Certificate serial:       019B7BA4D7E72696E41D3D189A80CF9672DE
Authority key identifier: BC:63:A3:6D:5C:80:65:1A:89:A7:69:06:C9:E3:40:2F:B3:45:68:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/CB2ITi-RxPyoR7XH1NEi7Vwgbyg.roa
Signing time:             Thu 01 Jan 2026 22:19:19 +0000
ROA not before:           Thu 01 Jan 2026 22:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32787
IP address blocks:        185.145.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:d7:e7:26:96:e4:1d:3d:18:9a:80:cf:96:72:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc63a36d5c80651a89a76906c9e3402fb34568da
        Validity
            Not Before: Jan  1 22:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=081d884e2f91c4fca847b5c7d4d122ed5c206f28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:66:e5:59:4e:69:b6:c3:16:1c:bf:13:27:bf:
                    6d:a0:67:6a:f6:e3:3f:3c:9b:09:ce:5d:bf:ec:ed:
                    7e:8e:2b:b1:94:d6:dd:1a:5c:c1:9a:93:48:44:f2:
                    26:26:65:ba:05:dc:d1:46:cb:6d:08:ae:80:7e:0e:
                    cc:94:84:de:0d:9a:0a:3b:1a:6d:54:68:d7:cf:15:
                    3f:75:8c:a9:fb:78:9f:1f:19:9d:9e:51:aa:55:ff:
                    af:26:82:40:26:c9:24:32:c0:31:25:1c:15:d7:e6:
                    b8:7e:25:dc:bb:da:fe:38:bc:c6:20:a9:4f:e1:f0:
                    c2:60:d6:43:ff:16:16:ff:c3:19:f2:cf:07:ae:2b:
                    e3:49:76:33:b3:5b:c6:8f:9c:9c:1b:34:91:e3:ee:
                    86:e7:67:b0:43:73:d9:8d:d1:b0:84:4a:25:fa:6e:
                    c1:8f:ff:35:a0:44:28:bc:5f:76:00:e0:df:6f:e9:
                    4a:71:d0:e6:84:f3:2a:95:20:83:65:5c:85:d3:05:
                    55:d3:b4:47:31:91:2e:1c:fd:a3:88:ae:81:89:80:
                    c3:3d:e5:14:ed:18:52:30:5c:f0:fa:54:0b:2f:43:
                    da:72:c9:99:d4:51:ed:2d:84:e0:76:e4:09:3f:55:
                    d5:ce:1e:b8:9a:78:3d:c8:97:d4:29:c0:12:d9:4d:
                    dd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1D:88:4E:2F:91:C4:FC:A8:47:B5:C7:D4:D1:22:ED:5C:20:6F:28
            X509v3 Authority Key Identifier:
                keyid:BC:63:A3:6D:5C:80:65:1A:89:A7:69:06:C9:E3:40:2F:B3:45:68:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGOjbVyAZRqJp2kGyeNAL7NFaNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/CB2ITi-RxPyoR7XH1NEi7Vwgbyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/c3ab69-7162-4222-aa20-4e3b20ec16a3/1/vGOjbVyAZRqJp2kGyeNAL7NFaNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:2c:1a:e9:33:36:6e:f5:c3:56:93:ad:e7:8e:40:d1:4e:1e:
         76:3a:2e:b9:51:90:a9:cb:68:05:7b:cd:8d:9c:a1:b8:89:bf:
         9f:cf:76:a4:2c:02:d4:93:e2:86:18:42:90:c8:ef:39:d7:b4:
         75:b8:1c:07:a9:3a:82:6c:29:1d:cc:31:21:db:9c:83:38:9e:
         f6:9c:e5:28:33:0a:48:e7:e0:8a:52:3a:0f:6c:7e:cd:e4:e5:
         e7:9c:83:cb:7f:47:9c:4c:87:51:4d:1e:f1:50:3c:03:d5:34:
         00:1e:4e:37:8f:b1:05:9c:02:be:dd:0d:db:20:2d:09:57:a0:
         e9:60:84:9a:ee:b6:35:0d:9a:9d:0e:fd:0a:b8:ee:05:42:00:
         15:d8:4a:04:4f:0b:11:7f:97:01:04:31:98:38:29:c6:94:b0:
         f7:10:73:2b:93:dc:9b:ac:21:a9:57:51:d9:a7:b1:1a:a3:29:
         c0:14:da:98:69:72:86:bd:2f:55:8c:36:48:f5:67:41:20:c9:
         a6:43:86:07:ff:ec:02:37:bb:8f:4a:f8:46:09:af:4a:2d:2c:
         30:af:10:02:32:a7:41:c3:6f:1e:f5:be:25:60:c6:9f:2b:58:
         25:2d:75:8f:ad:b3:67:27:04:4f:37:bd:51:7a:09:c0:de:49:
         ae:e1:fd:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pNfnJpbkHT0YmoDPlnLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjNhMzZkNWM4MDY1MWE4OWE3NjkwNmM5ZTM0MDJmYjM0
NTY4ZGEwHhcNMjYwMTAxMjIxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFkODg0ZTJmOTFjNGZjYTg0N2I1YzdkNGQxMjJlZDVjMjA2ZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WblWU5ptsMWHL8TJ79toGdq9uM/
PJsJzl2/7O1+jiuxlNbdGlzBmpNIRPImJmW6BdzRRsttCK6Afg7MlITeDZoKOxpt
VGjXzxU/dYyp+3ifHxmdnlGqVf+vJoJAJskkMsAxJRwV1+a4fiXcu9r+OLzGIKlP
4fDCYNZD/xYW/8MZ8s8HrivjSXYzs1vGj5ycGzSR4+6G52ewQ3PZjdGwhEol+m7B
j/81oEQovF92AODfb+lKcdDmhPMqlSCDZVyF0wVV07RHMZEuHP2jiK6BiYDDPeUU
7RhSMFzw+lQLL0PacsmZ1FHtLYTgduQJP1XVzh64mng9yJfUKcAS2U3dHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgdiE4vkcT8qEe1x9TRIu1cIG8oMB8GA1UdIwQY
MBaAFLxjo21cgGUaiadpBsnjQC+zRWjaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdPamJWeUFaUnFKcDJrR3llTkFMN05GYU5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jM2FiNjktNzE2Mi00MjIyLWFhMjAt
NGUzYjIwZWMxNmEzLzEvQ0IySVRpLVJ4UHlvUjdYSDFORWk3VndnYnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jM2FiNjktNzE2Mi00MjIyLWFhMjAtNGUzYjIwZWMxNmEz
LzEvdkdPamJWeUFaUnFKcDJrR3llTkFMN05GYU5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFkMA0G
CSqGSIb3DQEBCwUAA4IBAQALLBrpMzZu9cNWk63njkDRTh52Oi65UZCpy2gFe82N
nKG4ib+fz3akLALUk+KGGEKQyO8517R1uBwHqTqCbCkdzDEh25yDOJ72nOUoMwpI
5+CKUjoPbH7N5OXnnIPLf0ecTIdRTR7xUDwD1TQAHk43j7EFnAK+3Q3bIC0JV6Dp
YISa7rY1DZqdDv0KuO4FQgAV2EoETwsRf5cBBDGYOCnGlLD3EHMrk9ybrCGpV1HZ
p7EaoynAFNqYaXKGvS9VjDZI9WdBIMmmQ4YH/+wCN7uPSvhGCa9KLSwwrxACMqdB
w28e9b4lYMafK1glLXWPrbNnJwRPN71RegnA3kmu4f0B
-----END CERTIFICATE-----