This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-ezGqblYU88DYGupfRZt0z0P-c.roa
File:                     1-ezGqblYU88DYGupfRZt0z0P-c.roa (raw, json)
Hash identifier:          3e97e1j/lafVJd2urvOUlhx4dA8czMnXPXhILFMWj/s=
Subject key identifier:   D7:E7:B3:1A:A6:E5:61:4F:3C:0D:81:AE:A5:F4:59:B7:4C:F4:3F:E7
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019B7C1278068A86658C79A0F89B8927427A
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-ezGqblYU88DYGupfRZt0z0P-c.roa
Signing time:             Fri 02 Jan 2026 00:19:03 +0000
ROA not before:           Fri 02 Jan 2026 00:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        185.10.120.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:78:06:8a:86:65:8c:79:a0:f8:9b:89:27:42:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Jan  2 00:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7e7b31aa6e5614f3c0d81aea5f459b74cf43fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:0d:57:1d:49:21:3f:5c:39:65:1a:15:f2:
                    44:36:6a:86:d3:63:70:29:2c:74:4c:24:4d:51:e5:
                    f4:d0:d9:cb:33:a0:3e:03:6f:74:fe:4f:00:e2:38:
                    d3:e8:06:28:06:39:28:4c:71:7e:c1:38:ab:a3:4f:
                    5e:2a:82:65:cd:51:de:47:ff:64:f6:de:9b:6b:17:
                    27:c0:76:03:91:7d:11:0a:ed:f4:b7:42:b2:9d:64:
                    2b:a1:bd:17:23:74:0d:1a:28:7c:04:dd:5b:3b:53:
                    9b:07:5c:e0:34:56:28:f7:23:db:81:6e:3f:b2:e0:
                    b5:1c:73:c5:c1:58:3e:e2:8d:ae:61:90:fb:08:fe:
                    a8:6c:80:33:6e:0a:f3:cc:60:8e:70:da:93:c6:78:
                    b4:10:5a:b2:61:17:1f:d9:f2:f1:ce:fa:b6:b4:9c:
                    26:14:a6:7d:6c:45:af:9e:13:bd:c3:53:88:ed:6d:
                    93:a3:fc:16:fd:4d:40:4f:de:50:f7:0a:85:fa:44:
                    ca:8c:d1:94:86:bd:ce:38:ca:e9:2b:7d:64:26:7f:
                    19:9e:29:6f:d4:a6:a8:54:fd:7f:71:12:14:15:91:
                    25:0d:cc:e6:17:28:5b:24:2f:d7:d8:bd:99:12:cb:
                    69:4e:9c:8d:ef:04:ab:18:60:95:7d:28:f3:6c:4f:
                    de:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E7:B3:1A:A6:E5:61:4F:3C:0D:81:AE:A5:F4:59:B7:4C:F4:3F:E7
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-ezGqblYU88DYGupfRZt0z0P-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:7f:5f:8b:fd:85:6d:20:ae:fe:e6:26:63:06:ed:b8:7b:79:
         7f:c4:d7:a7:f2:61:d1:1a:97:28:c1:21:f3:20:a4:ce:43:95:
         e0:7c:5f:ec:71:ed:59:18:74:f6:be:0f:e6:42:1f:f2:fc:19:
         78:91:c1:40:b7:1a:0b:7f:f2:e2:54:ea:46:6f:77:67:02:f7:
         a4:01:f0:76:ae:c0:c7:4d:c1:d1:bc:fa:ec:10:6d:09:44:c9:
         a2:14:cb:c1:62:d2:02:9a:c9:da:ec:66:4b:57:bc:4a:b3:a3:
         35:00:f2:3c:6a:2f:ae:4a:6a:5a:04:20:22:e6:ed:19:bd:f8:
         0f:02:9e:fb:ee:29:27:01:18:60:ff:23:6f:73:73:c9:79:69:
         14:60:a3:10:f1:36:e2:44:3d:e8:21:cc:17:49:cf:2e:d1:51:
         9f:c1:b8:78:0c:61:de:7e:75:65:e6:d9:10:53:ad:62:e6:92:
         87:99:5a:1e:f7:8c:07:14:e6:ef:26:fb:c7:4a:11:e7:f9:fb:
         2f:f6:42:f5:1c:d5:09:2a:1a:ee:be:7b:8a:9a:fa:a2:7f:b0:
         e6:1a:da:35:fc:83:c9:aa:1d:40:a5:f5:4d:71:60:60:ca:d2:
         81:a7:d9:a2:8e:35:5d:90:ca:f1:bb:47:3f:3a:10:1c:36:d1:
         80:21:63:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EngGioZljHmg+JuJJ0J6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwMTAyMDAxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U3YjMxYWE2ZTU2MTRmM2MwZDgxYWVhNWY0NTliNzRjZjQzZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+YNVx1JIT9cOWUaFfJENmqG02Nw
KSx0TCRNUeX00NnLM6A+A290/k8A4jjT6AYoBjkoTHF+wTiro09eKoJlzVHeR/9k
9t6baxcnwHYDkX0RCu30t0KynWQrob0XI3QNGih8BN1bO1ObB1zgNFYo9yPbgW4/
suC1HHPFwVg+4o2uYZD7CP6obIAzbgrzzGCOcNqTxni0EFqyYRcf2fLxzvq2tJwm
FKZ9bEWvnhO9w1OI7W2To/wW/U1AT95Q9wqF+kTKjNGUhr3OOMrpK31kJn8Znilv
1KaoVP1/cRIUFZElDczmFyhbJC/X2L2ZEstpTpyN7wSrGGCVfSjzbE/edwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfnsxqm5WFPPA2BrqX0WbdM9D/nMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvMS1lekdxYmxZVTg4RFlHdXBmUlp0MHowUC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQp4MA0G
CSqGSIb3DQEBCwUAA4IBAQAPf1+L/YVtIK7+5iZjBu24e3l/xNen8mHRGpcowSHz
IKTOQ5XgfF/sce1ZGHT2vg/mQh/y/Bl4kcFAtxoLf/LiVOpGb3dnAvekAfB2rsDH
TcHRvPrsEG0JRMmiFMvBYtICmsna7GZLV7xKs6M1API8ai+uSmpaBCAi5u0ZvfgP
Ap777iknARhg/yNvc3PJeWkUYKMQ8TbiRD3oIcwXSc8u0VGfwbh4DGHefnVl5tkQ
U61i5pKHmVoe94wHFObvJvvHShHn+fsv9kL1HNUJKhruvnuKmvqif7DmGto1/IPJ
qh1ApfVNcWBgytKBp9mijjVdkMrxu0c/OhAcNtGAIWNw
-----END CERTIFICATE-----