This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/b3tykz7qYBo8FHo1Alq0xkKOZ7o.roa
File:                     b3tykz7qYBo8FHo1Alq0xkKOZ7o.roa (raw, json)
Hash identifier:          1ypK/Mw+A8zmnLsUWYOUbBmARKUuAvo9CZIkqCyhL9k=
Subject key identifier:   6F:7B:72:93:3E:EA:60:1A:3C:14:7A:35:02:5A:B4:C6:42:8E:67:BA
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       019B7EA73DAA06ECB5A502BAA8B801BFF510
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/b3tykz7qYBo8FHo1Alq0xkKOZ7o.roa
Signing time:             Fri 02 Jan 2026 12:20:47 +0000
ROA not before:           Fri 02 Jan 2026 12:20:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20648
IP address blocks:        185.91.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:3d:aa:06:ec:b5:a5:02:ba:a8:b8:01:bf:f5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Jan  2 12:20:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f7b72933eea601a3c147a35025ab4c6428e67ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e8:11:3c:16:7f:f8:40:b2:85:00:27:33:52:
                    05:0e:0a:fc:22:71:ef:e5:15:d6:f5:82:1e:88:e7:
                    3e:a5:bb:f1:3d:b3:d3:9c:5f:a2:76:71:f2:50:8c:
                    30:cd:2f:3a:f8:3b:34:54:2e:aa:53:b0:15:d0:b0:
                    e0:10:1f:5c:0a:3b:6e:27:30:10:e0:bd:45:9b:49:
                    21:74:fa:bd:7d:4c:8f:3a:cb:38:3b:18:1c:c3:aa:
                    4b:f1:ae:f1:31:e4:e1:34:f4:d5:8d:00:e1:66:fa:
                    6b:20:ca:e4:6a:8b:82:1d:13:01:df:c6:e6:58:8d:
                    ef:da:c2:bb:d7:bf:ee:8a:fb:36:c9:d4:c4:ee:c7:
                    d3:b8:a4:11:78:fe:15:f2:70:49:a6:8e:69:79:f3:
                    ab:ff:86:fe:49:47:84:03:c0:d4:b2:6d:29:28:d7:
                    63:00:83:53:3a:87:4f:f6:1e:3a:fc:38:8e:52:1d:
                    ba:88:11:cd:c3:0f:66:65:ad:96:a5:c0:6a:f5:dd:
                    80:b6:ac:6a:62:4c:e0:ae:3e:54:d6:1d:71:95:02:
                    56:26:95:cf:26:35:4e:72:35:68:a6:23:61:51:db:
                    15:dd:bf:eb:98:8d:c5:fa:6d:23:95:c4:47:e6:7e:
                    20:ed:47:34:4a:37:c6:7a:04:6a:64:d3:1a:bf:7c:
                    69:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:7B:72:93:3E:EA:60:1A:3C:14:7A:35:02:5A:B4:C6:42:8E:67:BA
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/b3tykz7qYBo8FHo1Alq0xkKOZ7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:34:0a:c2:a8:93:2b:8c:26:88:6b:4e:1a:13:87:66:e3:81:
         c2:9f:26:50:e3:18:7a:61:22:13:3e:5b:d3:a9:d3:14:09:8c:
         d9:d2:a6:3d:c0:91:3d:ae:e1:4d:98:1b:4f:f6:54:67:90:15:
         0b:07:df:eb:0d:5e:ea:26:2f:3e:e2:28:42:83:cf:91:63:6d:
         21:0e:41:d1:d0:18:a7:f0:b7:a9:6a:a8:e0:c1:8c:92:da:cd:
         a6:ff:81:12:f6:1f:99:ce:44:81:15:72:b5:ce:41:57:a8:5a:
         05:55:c6:00:1a:ba:4c:4f:c5:d4:cc:3c:88:e0:b0:d9:c6:d0:
         05:37:cc:f6:c1:2a:67:92:ce:43:f7:b1:fd:cb:d8:1a:eb:8e:
         a5:1c:3c:64:a7:7b:4b:dd:0b:9e:2f:55:da:ac:cf:78:9b:f2:
         3b:f7:79:82:5d:46:d8:e8:13:03:49:ec:1c:64:35:2f:15:15:
         f9:dd:a7:0e:a2:9e:7d:15:05:02:eb:66:6e:15:6b:50:2f:27:
         58:36:36:92:80:f3:c1:c1:32:d7:e3:15:4c:cf:ac:40:f8:e3:
         7a:4e:cc:b7:7e:db:3f:ac:2e:2b:03:da:34:12:cf:3d:a8:7b:
         49:53:ae:da:e1:0f:dc:87:39:70:7f:4a:4e:bf:f8:b9:a6:b4:
         1f:bd:ca:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pz2qBuy1pQK6qLgBv/UQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjYwMTAyMTIyMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjdiNzI5MzNlZWE2MDFhM2MxNDdhMzUwMjVhYjRjNjQyOGU2N2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlugRPBZ/+ECyhQAnM1IFDgr8InHv
5RXW9YIeiOc+pbvxPbPTnF+idnHyUIwwzS86+Ds0VC6qU7AV0LDgEB9cCjtuJzAQ
4L1Fm0khdPq9fUyPOss4Oxgcw6pL8a7xMeThNPTVjQDhZvprIMrkaouCHRMB38bm
WI3v2sK717/uivs2ydTE7sfTuKQReP4V8nBJpo5pefOr/4b+SUeEA8DUsm0pKNdj
AINTOodP9h46/DiOUh26iBHNww9mZa2WpcBq9d2AtqxqYkzgrj5U1h1xlQJWJpXP
JjVOcjVopiNhUdsV3b/rmI3F+m0jlcRH5n4g7Uc0SjfGegRqZNMav3xpFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG97cpM+6mAaPBR6NQJatMZCjme6MB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvYjN0eWt6N3FZQm84RkhvMUFscTB4a0tPWjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVvNMA0G
CSqGSIb3DQEBCwUAA4IBAQBqNArCqJMrjCaIa04aE4dm44HCnyZQ4xh6YSITPlvT
qdMUCYzZ0qY9wJE9ruFNmBtP9lRnkBULB9/rDV7qJi8+4ihCg8+RY20hDkHR0Bin
8LepaqjgwYyS2s2m/4ES9h+ZzkSBFXK1zkFXqFoFVcYAGrpMT8XUzDyI4LDZxtAF
N8z2wSpnks5D97H9y9ga646lHDxkp3tL3QueL1XarM94m/I793mCXUbY6BMDSewc
ZDUvFRX53acOop59FQUC62ZuFWtQLydYNjaSgPPBwTLX4xVMz6xA+ON6Tsy3fts/
rC4rA9o0Es89qHtJU67a4Q/chzlwf0pOv/i5prQfvcpK
-----END CERTIFICATE-----