This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/4qUkTKGm6pGhy2LKyNsE9JLEu9s.roa
File:                     4qUkTKGm6pGhy2LKyNsE9JLEu9s.roa (raw, json)
Hash identifier:          n8RFY9wAkRTw92IGWmg3oXl6nw20aGymGHPFNpvZX/Q=
Subject key identifier:   E2:A5:24:4C:A1:A6:EA:91:A1:CB:62:CA:C8:DB:04:F4:92:C4:BB:DB
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       019B7B36A0BCF9551BBB98CED28941694488
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/4qUkTKGm6pGhy2LKyNsE9JLEu9s.roa
Signing time:             Thu 01 Jan 2026 20:18:56 +0000
ROA not before:           Thu 01 Jan 2026 20:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206804
IP address blocks:        85.203.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a0:bc:f9:55:1b:bb:98:ce:d2:89:41:69:44:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Jan  1 20:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2a5244ca1a6ea91a1cb62cac8db04f492c4bbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8f:0c:a5:ec:0a:15:0d:88:3e:9b:67:6f:86:
                    2b:4d:db:a2:06:03:c7:cc:ce:7b:a9:bc:bb:1a:41:
                    09:ab:07:e4:50:72:6e:fe:76:42:61:1f:4b:d6:59:
                    5b:e5:b8:48:51:00:73:77:f9:c2:09:91:d2:08:75:
                    73:6f:45:f7:89:22:56:e4:20:52:42:3e:69:25:22:
                    4e:6c:d8:b6:4d:b8:19:bd:eb:2a:db:5e:43:7e:a5:
                    ce:2d:2b:11:9f:fb:ff:3c:55:14:37:70:fd:8b:69:
                    26:9f:7e:ad:bf:30:e9:04:5c:2c:f6:fa:74:0c:b1:
                    9e:04:99:20:a8:ce:45:9f:9b:dc:4f:e5:ed:df:7c:
                    ba:67:8d:90:a9:81:33:18:d2:42:2b:f9:48:98:c6:
                    5d:a6:76:6a:fe:6c:2e:58:49:84:e8:2f:63:4a:c1:
                    b8:6e:d4:62:11:b2:54:07:34:81:d1:a3:c5:9b:56:
                    ca:b2:dc:fd:0c:29:a7:c0:ba:60:48:06:1d:ca:3a:
                    5a:2e:18:34:30:74:49:6d:2b:10:5e:48:17:82:86:
                    a4:b3:11:8a:1d:59:b3:2e:fc:b4:a0:bc:5c:95:fa:
                    08:05:2b:8a:b0:c5:c7:6f:b5:ff:b1:bf:75:c0:db:
                    eb:8b:0d:d8:3f:33:90:c6:e7:46:d4:6d:6d:53:58:
                    e1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A5:24:4C:A1:A6:EA:91:A1:CB:62:CA:C8:DB:04:F4:92:C4:BB:DB
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/4qUkTKGm6pGhy2LKyNsE9JLEu9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f7:d6:17:3e:c9:60:e8:4f:d6:79:3a:f4:3e:dc:39:9b:77:
         28:06:c4:61:4d:2b:6a:a7:5b:dc:d1:45:5a:eb:d3:a0:29:ee:
         db:ec:a8:69:f0:ea:09:c0:54:53:4e:e7:e4:b9:3c:23:10:a7:
         2c:1e:01:38:4d:34:ed:66:e0:bf:98:27:fe:e2:9f:5c:08:78:
         01:71:97:06:c6:e0:e0:d6:31:94:32:03:8b:75:65:f7:bf:1e:
         77:d0:95:58:48:b9:40:51:8c:20:28:02:90:6e:f5:d8:67:6a:
         f4:46:60:47:2f:3a:63:56:ad:aa:c5:44:7d:a4:f3:98:69:55:
         30:e5:3e:eb:9a:31:21:b3:93:d5:3d:7f:bd:7f:c1:1b:2e:4d:
         9b:60:06:b6:80:99:ac:f0:08:07:0b:13:a6:0f:0f:73:bf:8b:
         bb:eb:3e:0c:48:1e:6d:49:a0:ed:19:b4:cb:9a:12:00:d9:69:
         b6:27:76:c1:ea:60:be:05:22:6e:69:88:35:10:3f:a0:36:71:
         ab:4a:09:2c:63:81:46:e3:a1:a2:3e:3d:e4:1a:44:90:ce:ca:
         2a:e2:69:94:0c:f7:77:8b:6f:c0:71:15:2d:a4:f6:1f:7c:6e:
         84:fe:6a:3e:83:b4:0f:49:60:97:ec:00:a9:47:46:e3:f9:b0:
         38:4e:ac:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqC8+VUbu5jO0olBaUSIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjYwMTAxMjAxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE1MjQ0Y2ExYTZlYTkxYTFjYjYyY2FjOGRiMDRmNDkyYzRiYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY8MpewKFQ2IPptnb4YrTduiBgPH
zM57qby7GkEJqwfkUHJu/nZCYR9L1llb5bhIUQBzd/nCCZHSCHVzb0X3iSJW5CBS
Qj5pJSJObNi2TbgZvesq215DfqXOLSsRn/v/PFUUN3D9i2kmn36tvzDpBFws9vp0
DLGeBJkgqM5Fn5vcT+Xt33y6Z42QqYEzGNJCK/lImMZdpnZq/mwuWEmE6C9jSsG4
btRiEbJUBzSB0aPFm1bKstz9DCmnwLpgSAYdyjpaLhg0MHRJbSsQXkgXgoaksxGK
HVmzLvy0oLxclfoIBSuKsMXHb7X/sb91wNvriw3YPzOQxudG1G1tU1jhnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKlJEyhpuqRoctiysjbBPSSxLvbMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvNHFVa1RLR202cEdoeTJMS3lOc0U5SkxFdTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsnMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ99YXPslg6E/WeTr0Ptw5m3coBsRhTStqp1vc0UVa
69OgKe7b7Khp8OoJwFRTTufkuTwjEKcsHgE4TTTtZuC/mCf+4p9cCHgBcZcGxuDg
1jGUMgOLdWX3vx530JVYSLlAUYwgKAKQbvXYZ2r0RmBHLzpjVq2qxUR9pPOYaVUw
5T7rmjEhs5PVPX+9f8EbLk2bYAa2gJms8AgHCxOmDw9zv4u76z4MSB5tSaDtGbTL
mhIA2Wm2J3bB6mC+BSJuaYg1ED+gNnGrSgksY4FG46GiPj3kGkSQzsoq4mmUDPd3
i2/AcRUtpPYffG6E/mo+g7QPSWCX7ACpR0bj+bA4TqwQ
-----END CERTIFICATE-----