This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/iWP4svoOPBmLWqsmXNureCvqWt0.roa
File:                     iWP4svoOPBmLWqsmXNureCvqWt0.roa (raw, json)
Hash identifier:          NogACOntswbtzLCi1NQN4fIlpsGo2D3P9AqJg73o1QA=
Subject key identifier:   89:63:F8:B2:FA:0E:3C:19:8B:5A:AB:26:5C:DB:AB:78:2B:EA:5A:DD
Certificate issuer:       /CN=614256ed38fb1e96944926db4c66c4d088acfbd6
Certificate serial:       019B78A301EA9F0B88D6603A64D747C37D22
Authority key identifier: 61:42:56:ED:38:FB:1E:96:94:49:26:DB:4C:66:C4:D0:88:AC:FB:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/iWP4svoOPBmLWqsmXNureCvqWt0.roa
Signing time:             Thu 01 Jan 2026 08:18:27 +0000
ROA not before:           Thu 01 Jan 2026 08:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207017
IP address blocks:        185.168.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:01:ea:9f:0b:88:d6:60:3a:64:d7:47:c3:7d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614256ed38fb1e96944926db4c66c4d088acfbd6
        Validity
            Not Before: Jan  1 08:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8963f8b2fa0e3c198b5aab265cdbab782bea5add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:ab:f9:86:b7:84:dc:c3:2b:bf:da:a0:61:
                    04:5c:e9:97:9b:17:b8:ae:9a:ac:25:a9:13:18:1e:
                    58:4d:42:c5:e6:02:f5:4f:53:13:69:54:6c:58:b3:
                    da:0f:7c:45:71:cf:71:fb:db:65:8d:30:8f:86:7c:
                    51:68:18:fd:61:1d:95:0d:23:63:98:87:05:9f:ca:
                    27:f1:f3:3c:51:e8:22:73:08:49:00:07:5f:eb:5e:
                    d7:16:26:5e:98:58:dd:11:b5:f4:b2:71:35:bb:79:
                    25:86:4a:12:b6:a6:03:ed:dd:0d:25:29:19:f4:b8:
                    b9:76:db:c0:f9:35:6f:9b:2e:90:2b:0f:fc:74:ff:
                    76:7a:2f:33:2b:02:0b:a5:e1:5c:56:9b:d8:61:9b:
                    d9:38:bc:3c:1a:14:28:91:ae:1c:8b:40:06:df:eb:
                    d4:cb:0a:24:d0:4f:d7:a9:5c:b0:5e:50:fe:91:b5:
                    3b:3a:78:15:5d:d2:12:58:bf:da:ff:db:b2:4a:bb:
                    cd:0a:e3:76:f6:40:c3:13:a1:58:31:98:20:cf:33:
                    53:7d:02:ab:76:fb:d6:d7:c9:af:5d:17:2c:a8:48:
                    36:86:8c:f2:8e:70:a1:4d:d0:8b:e1:c1:9a:8f:a6:
                    34:66:f1:20:c7:3e:bc:0d:b5:af:2b:38:da:19:a2:
                    33:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:63:F8:B2:FA:0E:3C:19:8B:5A:AB:26:5C:DB:AB:78:2B:EA:5A:DD
            X509v3 Authority Key Identifier:
                keyid:61:42:56:ED:38:FB:1E:96:94:49:26:DB:4C:66:C4:D0:88:AC:FB:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/iWP4svoOPBmLWqsmXNureCvqWt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/fca369-6b85-4e03-ab71-68ba6c54ef9a/1/YUJW7Tj7HpaUSSbbTGbE0Iis-9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:06:13:e9:ac:ff:4e:64:b3:ee:59:0f:61:15:c0:be:b2:c9:
         34:2c:fb:1e:db:c1:90:3e:50:92:f0:f5:42:d6:04:ce:e8:2b:
         29:56:2f:60:6a:43:c7:e9:29:2d:db:15:51:27:cb:71:bb:c9:
         b3:e0:4e:d5:e0:8d:22:08:33:c1:c8:ca:09:71:44:89:d0:28:
         ec:53:87:4b:dc:80:24:b3:a9:10:ae:0b:b6:52:b8:c7:0a:6b:
         88:a6:47:8b:af:8f:05:82:8f:af:08:26:c1:1c:e0:fd:88:94:
         51:2a:d1:73:95:8e:80:c2:5e:2b:1d:4b:8e:58:40:ec:fb:3a:
         b4:5a:b0:d5:2e:32:07:fc:5b:da:40:cd:4e:3d:7f:d4:8d:65:
         27:06:c4:03:d6:c3:07:f7:47:8d:91:da:4e:fd:f9:18:f6:5f:
         f3:b4:34:8d:1b:75:d7:69:f2:16:a5:7c:17:92:e2:4f:e3:75:
         5b:18:69:d3:7f:38:8f:5f:8f:22:61:de:66:cb:f8:de:66:dd:
         1a:0a:d5:91:2b:cc:be:df:9e:06:0a:05:52:17:53:ef:86:20:
         40:0f:2b:b8:72:df:97:1a:f5:b4:c8:c3:f4:21:07:0a:d2:ec:
         45:86:f0:de:ce:de:53:9f:5a:c4:63:9a:30:df:c6:98:c6:93:
         8d:d8:1e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4owHqnwuI1mA6ZNdHw30iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNDI1NmVkMzhmYjFlOTY5NDQ5MjZkYjRjNjZjNGQwODhh
Y2ZiZDYwHhcNMjYwMTAxMDgxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTYzZjhiMmZhMGUzYzE5OGI1YWFiMjY1Y2RiYWI3ODJiZWE1YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKmr+Ya3hNzDK7/aoGEEXOmXmxe4
rpqsJakTGB5YTULF5gL1T1MTaVRsWLPaD3xFcc9x+9tljTCPhnxRaBj9YR2VDSNj
mIcFn8on8fM8UegicwhJAAdf617XFiZemFjdEbX0snE1u3klhkoStqYD7d0NJSkZ
9Li5dtvA+TVvmy6QKw/8dP92ei8zKwILpeFcVpvYYZvZOLw8GhQoka4ci0AG3+vU
ywok0E/XqVywXlD+kbU7OngVXdISWL/a/9uySrvNCuN29kDDE6FYMZggzzNTfQKr
dvvW18mvXRcsqEg2hozyjnChTdCL4cGaj6Y0ZvEgxz68DbWvKzjaGaIzewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlj+LL6DjwZi1qrJlzbq3gr6lrdMB8GA1UdIwQY
MBaAFGFCVu04+x6WlEkm20xmxNCIrPvWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVVKVzdUajdIcGFVU1NiYlRHYkUwSWlzLTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9mY2EzNjktNmI4NS00ZTAzLWFiNzEt
NjhiYTZjNTRlZjlhLzEvaVdQNHN2b09QQm1MV3FzbVhOdXJlQ3ZxV3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9mY2EzNjktNmI4NS00ZTAzLWFiNzEtNjhiYTZjNTRlZjlh
LzEvWVVKVzdUajdIcGFVU1NiYlRHYkUwSWlzLTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuajEMA0G
CSqGSIb3DQEBCwUAA4IBAQBrBhPprP9OZLPuWQ9hFcC+ssk0LPse28GQPlCS8PVC
1gTO6CspVi9gakPH6Skt2xVRJ8txu8mz4E7V4I0iCDPByMoJcUSJ0CjsU4dL3IAk
s6kQrgu2UrjHCmuIpkeLr48Fgo+vCCbBHOD9iJRRKtFzlY6Awl4rHUuOWEDs+zq0
WrDVLjIH/FvaQM1OPX/UjWUnBsQD1sMH90eNkdpO/fkY9l/ztDSNG3XXafIWpXwX
kuJP43VbGGnTfziPX48iYd5my/jeZt0aCtWRK8y+354GCgVSF1PvhiBADyu4ct+X
GvW0yMP0IQcK0uxFhvDezt5Tn1rEY5ow38aYxpON2B4l
-----END CERTIFICATE-----