This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/dY7kHWeFMhDZws2hWSRr6FVZs_I.roa
File:                     dY7kHWeFMhDZws2hWSRr6FVZs_I.roa (raw, json)
Hash identifier:          rdt/pNuwtO3aFJxSMqCbcGTJLi3K6rH+Uryv+ta2vJI=
Subject key identifier:   75:8E:E4:1D:67:85:32:10:D9:C2:CD:A1:59:24:6B:E8:55:59:B3:F2
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83AB400FCA69A4D52937DFC8D63ED3
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/dY7kHWeFMhDZws2hWSRr6FVZs_I.roa
Signing time:             Fri 02 Jan 2026 16:21:34 +0000
ROA not before:           Fri 02 Jan 2026 16:21:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199530
IP address blocks:        37.230.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:ab:40:0f:ca:69:a4:d5:29:37:df:c8:d6:3e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=758ee41d67853210d9c2cda159246be85559b3f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b2:d6:ff:e7:5c:4a:14:51:5d:d3:fe:ed:fb:
                    3a:68:56:1d:49:19:3d:c8:3c:6c:ba:b8:d8:62:70:
                    a4:f5:d7:ca:91:bc:aa:66:7b:5e:3b:8b:ad:ca:ca:
                    24:8a:78:ba:b4:32:b7:d4:60:0f:ad:74:82:a8:21:
                    0d:24:84:8c:cf:65:a8:f3:47:16:62:6c:e9:4e:18:
                    6b:7b:21:f1:b6:32:95:92:45:df:64:b0:ac:18:64:
                    a6:ce:f2:00:23:c9:6e:44:db:64:06:ec:f3:7f:09:
                    0f:64:d7:74:56:9c:70:f0:b7:1a:04:c3:eb:7b:e9:
                    a0:86:36:c3:8e:40:14:c2:0d:eb:f7:c0:d5:18:93:
                    50:47:f1:a4:b5:b4:0f:5e:f2:d8:99:1b:e2:54:93:
                    dc:91:6a:30:d8:19:88:ef:57:c9:1d:78:b6:b1:80:
                    6d:e3:96:27:fa:09:85:a2:d2:b7:57:93:77:27:97:
                    12:f6:8f:fb:f8:3e:46:f2:fd:ef:67:2b:49:b7:66:
                    c5:e0:58:ef:80:33:92:5e:21:c5:e9:99:21:30:81:
                    92:cf:21:58:c4:6b:fb:4f:d8:f9:22:bb:ed:ed:ed:
                    74:21:3b:fe:a8:3a:ef:29:3d:e4:6f:d0:7e:03:43:
                    ee:b8:7b:ea:c8:06:2b:9f:8e:b2:4d:ee:6e:f0:8a:
                    a2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:8E:E4:1D:67:85:32:10:D9:C2:CD:A1:59:24:6B:E8:55:59:B3:F2
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/dY7kHWeFMhDZws2hWSRr6FVZs_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:0c:56:b6:86:b0:fe:1c:f1:4e:69:ea:22:14:7c:fe:0e:fc:
         83:a1:f0:96:88:4d:6d:b4:3e:1d:80:4a:4f:15:13:1d:9c:56:
         8d:32:39:f6:96:80:95:7f:92:37:a8:84:54:b4:27:de:43:58:
         10:c6:9d:09:2a:82:09:c8:34:37:a1:25:3f:1a:7c:cd:f9:b0:
         27:32:91:8f:b8:ff:42:67:f0:a2:c8:05:33:7e:cf:8f:86:17:
         df:1c:dd:c4:28:b4:3a:df:e8:1f:77:05:63:ea:b5:c3:a3:19:
         dd:e1:e0:96:7d:34:34:a9:12:b7:39:8b:49:e0:c7:7d:ac:a0:
         36:ad:0f:ad:b2:ea:ea:60:89:2f:fc:36:17:35:7d:5b:92:17:
         d2:b8:dd:56:6c:49:5f:c4:12:04:13:57:be:1b:eb:c3:f2:30:
         1b:29:6a:18:6d:da:56:ef:51:d3:c1:3e:c9:35:0a:4e:64:49:
         3c:b5:45:b1:8c:10:ff:57:5b:99:04:9d:ea:50:1d:d4:c8:26:
         e9:16:ba:26:42:49:9c:ef:c1:b1:ce:c4:f5:05:e5:55:3b:74:
         82:e4:b6:db:ac:8e:bd:89:45:c4:19:18:89:49:4f:cd:75:e5:
         ba:72:49:09:81:78:5d:6e:c1:1c:43:ce:fd:13:b0:83:af:cc:
         61:53:ab:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6tAD8pppNUpN9/I1j7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NThlZTQxZDY3ODUzMjEwZDljMmNkYTE1OTI0NmJlODU1NTliM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLLW/+dcShRRXdP+7fs6aFYdSRk9
yDxsurjYYnCk9dfKkbyqZnteO4utysokini6tDK31GAPrXSCqCENJISMz2Wo80cW
YmzpThhreyHxtjKVkkXfZLCsGGSmzvIAI8luRNtkBuzzfwkPZNd0Vpxw8LcaBMPr
e+mghjbDjkAUwg3r98DVGJNQR/GktbQPXvLYmRviVJPckWow2BmI71fJHXi2sYBt
45Yn+gmFotK3V5N3J5cS9o/7+D5G8v3vZytJt2bF4FjvgDOSXiHF6ZkhMIGSzyFY
xGv7T9j5Irvt7e10ITv+qDrvKT3kb9B+A0PuuHvqyAYrn46yTe5u8Iqi+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWO5B1nhTIQ2cLNoVkka+hVWbPyMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvZFk3a0hXZUZNaERad3MyaFdTUnI2RlZac19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJebKMA0G
CSqGSIb3DQEBCwUAA4IBAQAhDFa2hrD+HPFOaeoiFHz+DvyDofCWiE1ttD4dgEpP
FRMdnFaNMjn2loCVf5I3qIRUtCfeQ1gQxp0JKoIJyDQ3oSU/GnzN+bAnMpGPuP9C
Z/CiyAUzfs+PhhffHN3EKLQ63+gfdwVj6rXDoxnd4eCWfTQ0qRK3OYtJ4Md9rKA2
rQ+tsurqYIkv/DYXNX1bkhfSuN1WbElfxBIEE1e+G+vD8jAbKWoYbdpW71HTwT7J
NQpOZEk8tUWxjBD/V1uZBJ3qUB3UyCbpFromQkmc78GxzsT1BeVVO3SC5LbbrI69
iUXEGRiJSU/NdeW6ckkJgXhdbsEcQ879E7CDr8xhU6s6
-----END CERTIFICATE-----