This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/IqDk70cLXy5ctG1rDEeGFfF59jg.roa
File:                     IqDk70cLXy5ctG1rDEeGFfF59jg.roa (raw, json)
Hash identifier:          vafj7r3xYeztEbvYB8EHkTcY/G9sazYa9VigZ3f0jGc=
Subject key identifier:   22:A0:E4:EF:47:0B:5F:2E:5C:B4:6D:6B:0C:47:86:15:F1:79:F6:38
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019B7F81785EA3DB60D0FDF03B9CB63E5B39
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/IqDk70cLXy5ctG1rDEeGFfF59jg.roa
Signing time:             Fri 02 Jan 2026 16:19:09 +0000
ROA not before:           Fri 02 Jan 2026 16:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202855
IP address blocks:        168.199.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:78:5e:a3:db:60:d0:fd:f0:3b:9c:b6:3e:5b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 16:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22a0e4ef470b5f2e5cb46d6b0c478615f179f638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c4:a1:87:1f:b4:62:89:34:0c:c1:d6:a4:6a:
                    a6:0a:d5:86:21:b7:8c:a1:18:33:be:7d:54:25:b2:
                    c7:04:bb:9a:67:19:b5:05:a5:d6:c8:d6:6b:cd:59:
                    c2:13:a1:37:ee:1a:e8:ec:cc:f8:4a:be:01:60:6d:
                    06:8e:5e:be:85:48:ba:1e:a2:de:53:80:4e:15:80:
                    3b:3e:31:45:23:cd:cd:79:9a:62:1d:c8:fc:f4:a7:
                    af:d3:1b:fd:bc:3f:fe:87:f6:96:88:23:21:28:8f:
                    8b:19:94:8a:60:4b:46:e1:5d:a2:d3:f4:68:3a:44:
                    1b:f9:36:1e:0c:bc:92:da:a9:c8:d9:18:69:7a:f8:
                    62:08:25:41:84:dd:41:96:25:a8:b7:20:5f:47:64:
                    53:15:52:af:82:d5:b4:5f:2a:c3:87:2b:5c:e9:22:
                    c2:21:2a:78:e0:a3:27:d8:2b:bb:bf:48:eb:34:7c:
                    6e:02:0e:bb:73:04:b5:59:56:d3:e1:57:c9:53:f4:
                    84:4c:87:75:78:c4:4d:7e:72:d6:0b:2b:30:5a:d9:
                    ec:46:6c:0b:d7:74:15:3b:bb:3c:d5:06:6e:c5:a7:
                    54:40:26:90:86:6d:21:61:7a:a8:e6:02:aa:6d:3f:
                    95:79:3c:bc:16:e9:bb:f4:c4:64:7b:7e:4a:91:3b:
                    2a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A0:E4:EF:47:0B:5F:2E:5C:B4:6D:6B:0C:47:86:15:F1:79:F6:38
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/IqDk70cLXy5ctG1rDEeGFfF59jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:bd:5c:4c:8f:b2:03:81:c7:ea:48:31:d5:99:99:7e:07:41:
         44:30:9a:4e:37:f2:8e:c7:99:19:ae:e7:e9:8c:12:43:aa:c4:
         c0:37:74:87:11:d2:38:60:12:63:54:30:be:2c:79:4d:76:3c:
         52:63:ab:f4:56:c8:d7:e6:4b:ae:2c:05:6d:34:1e:74:90:dc:
         f1:d4:7e:36:13:f0:81:09:3f:61:95:b1:85:bf:14:a1:74:96:
         ab:31:b8:78:a1:27:25:ec:da:d9:48:77:e7:c1:20:c9:61:57:
         7d:f3:06:69:25:0e:4e:03:0c:99:65:03:1b:af:c2:58:6c:12:
         2e:1b:4a:30:0e:a9:00:39:17:b1:52:52:b9:76:e3:ef:8e:7f:
         57:e2:e6:cb:78:08:fd:b2:b7:20:01:8d:13:82:b0:9f:00:21:
         0f:20:05:cd:23:1c:ab:aa:93:91:c4:83:bb:31:29:db:d8:67:
         e6:dd:8f:92:37:d0:ea:d5:8e:de:f3:61:67:c3:7f:08:b4:17:
         78:92:bc:d8:a0:7b:da:98:9f:e6:c3:67:7e:b0:3d:70:fb:6b:
         a2:c4:b4:d4:95:0d:f7:13:ae:8d:d6:45:1f:ad:84:03:41:a7:
         f5:91:53:53:5e:b7:85:ef:10:d0:e2:6c:07:be:a5:40:cf:87:
         76:15:5c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gXheo9tg0P3wO5y2Pls5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjYwMTAyMTYxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmEwZTRlZjQ3MGI1ZjJlNWNiNDZkNmIwYzQ3ODYxNWYxNzlmNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycShhx+0Yok0DMHWpGqmCtWGIbeM
oRgzvn1UJbLHBLuaZxm1BaXWyNZrzVnCE6E37hro7Mz4Sr4BYG0Gjl6+hUi6HqLe
U4BOFYA7PjFFI83NeZpiHcj89Kev0xv9vD/+h/aWiCMhKI+LGZSKYEtG4V2i0/Ro
OkQb+TYeDLyS2qnI2RhpevhiCCVBhN1BliWotyBfR2RTFVKvgtW0XyrDhytc6SLC
ISp44KMn2Cu7v0jrNHxuAg67cwS1WVbT4VfJU/SETId1eMRNfnLWCyswWtnsRmwL
13QVO7s81QZuxadUQCaQhm0hYXqo5gKqbT+VeTy8Fum79MRke35KkTsq1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKg5O9HC18uXLRtawxHhhXxefY4MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvSXFEazcwY0xYeTVjdEcxckRFZUdGZkY1OWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqMcSMA0G
CSqGSIb3DQEBCwUAA4IBAQACvVxMj7IDgcfqSDHVmZl+B0FEMJpON/KOx5kZrufp
jBJDqsTAN3SHEdI4YBJjVDC+LHlNdjxSY6v0VsjX5kuuLAVtNB50kNzx1H42E/CB
CT9hlbGFvxShdJarMbh4oScl7NrZSHfnwSDJYVd98wZpJQ5OAwyZZQMbr8JYbBIu
G0owDqkAORexUlK5duPvjn9X4ubLeAj9srcgAY0TgrCfACEPIAXNIxyrqpORxIO7
MSnb2Gfm3Y+SN9Dq1Y7e82Fnw38ItBd4krzYoHvamJ/mw2d+sD1w+2uixLTUlQ33
E66N1kUfrYQDQaf1kVNTXreF7xDQ4mwHvqVAz4d2FVxB
-----END CERTIFICATE-----