This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/z4xZtO9FtF8o6mwi4QbL-Wu86s4.roa
File:                     z4xZtO9FtF8o6mwi4QbL-Wu86s4.roa (raw, json)
Hash identifier:          vP00qCgQWns/k1mWbLbmAoHCP48JJhdfJx4DqX0YL04=
Subject key identifier:   CF:8C:59:B4:EF:45:B4:5F:28:EA:6C:22:E1:06:CB:F9:6B:BC:EA:CE
Certificate issuer:       /CN=f38627e36a4e16bdc39f0b550d74fd71e442d2c2
Certificate serial:       019B77C764ADEB54634394EC6C0C42112F8A
Authority key identifier: F3:86:27:E3:6A:4E:16:BD:C3:9F:0B:55:0D:74:FD:71:E4:42:D2:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/84Yn42pOFr3DnwtVDXT9ceRC0sI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/z4xZtO9FtF8o6mwi4QbL-Wu86s4.roa
Signing time:             Thu 01 Jan 2026 04:18:34 +0000
ROA not before:           Thu 01 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62211
IP address blocks:        185.43.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/84Yn42pOFr3DnwtVDXT9ceRC0sI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/84Yn42pOFr3DnwtVDXT9ceRC0sI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/84Yn42pOFr3DnwtVDXT9ceRC0sI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:64:ad:eb:54:63:43:94:ec:6c:0c:42:11:2f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f38627e36a4e16bdc39f0b550d74fd71e442d2c2
        Validity
            Not Before: Jan  1 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf8c59b4ef45b45f28ea6c22e106cbf96bbceace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:87:14:84:8a:b4:67:59:7d:2d:14:00:11:77:
                    a6:d0:07:c6:6c:4d:50:c0:39:6c:79:e4:1f:c4:bd:
                    ab:f5:99:83:34:c6:80:e4:a9:d9:cb:b4:c5:04:50:
                    eb:c2:cd:61:cd:e0:31:30:92:9f:1c:1d:1f:e8:57:
                    0e:5c:c7:18:56:86:3d:f7:f2:29:3d:21:49:af:7b:
                    6c:22:9f:17:16:20:3f:dc:6b:0b:90:9b:4a:31:6c:
                    29:5f:45:36:5a:9d:1b:a5:9a:73:4d:04:44:91:bb:
                    6d:f7:2e:c3:7a:da:a5:b8:e5:52:f5:2b:c1:52:84:
                    52:9f:f2:f7:1a:e0:02:ba:3c:48:17:ef:e1:8f:d7:
                    8b:68:5c:0f:45:65:49:46:3c:7a:a9:03:53:44:54:
                    7d:ff:21:73:ec:6f:7d:58:4a:30:5c:f4:1f:25:85:
                    9c:a8:2d:d3:ea:db:81:78:78:2c:52:26:30:c3:30:
                    4e:21:3f:cf:23:c4:39:80:97:68:3f:de:9d:6d:44:
                    9e:3b:09:d4:76:8b:12:8c:82:97:38:ec:f7:be:14:
                    89:c6:e9:3b:a6:fc:51:ee:e9:ac:5f:dc:49:da:ec:
                    fa:c5:27:c7:61:d6:83:66:ac:94:e2:74:9e:b8:6d:
                    8a:99:b6:75:33:70:a3:0d:49:a7:e7:57:02:58:78:
                    4d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8C:59:B4:EF:45:B4:5F:28:EA:6C:22:E1:06:CB:F9:6B:BC:EA:CE
            X509v3 Authority Key Identifier:
                keyid:F3:86:27:E3:6A:4E:16:BD:C3:9F:0B:55:0D:74:FD:71:E4:42:D2:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/84Yn42pOFr3DnwtVDXT9ceRC0sI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/z4xZtO9FtF8o6mwi4QbL-Wu86s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3a8e4c-9217-4b1f-b6fd-842437d27279/1/84Yn42pOFr3DnwtVDXT9ceRC0sI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:6f:81:c7:16:8b:e2:20:c8:e4:34:a8:fb:45:d7:54:94:49:
         e6:23:5e:10:2f:b6:85:59:45:a9:0f:d5:60:b7:6b:39:60:58:
         5d:1b:7f:0b:74:fb:a3:f7:60:2a:84:b1:23:3c:fd:39:e9:fb:
         be:dc:14:55:e5:49:f1:40:22:7f:4b:15:bd:03:cf:fc:78:fc:
         ab:c5:a1:47:30:69:88:a7:53:7e:7c:7c:85:c3:52:74:3e:e6:
         3f:f7:31:18:8f:ad:b5:0d:29:1e:8c:22:ac:03:aa:02:ea:20:
         35:1d:77:c5:a6:e6:dc:6a:c9:68:b4:29:91:d1:c1:97:dd:10:
         bc:60:bf:15:ea:ff:69:77:55:da:91:75:5f:13:01:66:33:40:
         1c:88:7e:78:cc:fe:30:7c:a1:36:68:78:0a:a4:31:1d:6f:43:
         57:94:f4:eb:34:54:c0:59:f0:da:a8:ea:a2:b7:75:03:f3:5d:
         cb:31:88:8e:fc:dc:aa:db:88:31:68:2a:2a:2b:ab:00:76:25:
         78:da:4d:fd:de:bc:a1:38:70:f4:11:3a:d2:c0:34:9d:50:26:
         3f:33:48:b2:df:24:92:64:7a:0e:f9:d2:d5:31:16:e7:b2:c2:
         f8:9b:dd:40:e8:50:56:c0:d0:d3:01:f2:d5:aa:d4:3d:83:08:
         72:d4:ca:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x2St61RjQ5TsbAxCES+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzODYyN2UzNmE0ZTE2YmRjMzlmMGI1NTBkNzRmZDcxZTQ0
MmQyYzIwHhcNMjYwMTAxMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjhjNTliNGVmNDViNDVmMjhlYTZjMjJlMTA2Y2JmOTZiYmNlYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIcUhIq0Z1l9LRQAEXem0AfGbE1Q
wDlseeQfxL2r9ZmDNMaA5KnZy7TFBFDrws1hzeAxMJKfHB0f6FcOXMcYVoY99/Ip
PSFJr3tsIp8XFiA/3GsLkJtKMWwpX0U2Wp0bpZpzTQREkbtt9y7DetqluOVS9SvB
UoRSn/L3GuACujxIF+/hj9eLaFwPRWVJRjx6qQNTRFR9/yFz7G99WEowXPQfJYWc
qC3T6tuBeHgsUiYwwzBOIT/PI8Q5gJdoP96dbUSeOwnUdosSjIKXOOz3vhSJxuk7
pvxR7umsX9xJ2uz6xSfHYdaDZqyU4nSeuG2KmbZ1M3CjDUmn51cCWHhNGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+MWbTvRbRfKOpsIuEGy/lrvOrOMB8GA1UdIwQY
MBaAFPOGJ+NqTha9w58LVQ10/XHkQtLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODRZbjQycE9GcjNEbnd0VkRYVDljZVJDMHNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zYThlNGMtOTIxNy00YjFmLWI2ZmQt
ODQyNDM3ZDI3Mjc5LzEvejR4WnRPOUZ0RjhvNm13aTRRYkwtV3U4NnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zYThlNGMtOTIxNy00YjFmLWI2ZmQtODQyNDM3ZDI3Mjc5
LzEvODRZbjQycE9GcjNEbnd0VkRYVDljZVJDMHNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvkMA0G
CSqGSIb3DQEBCwUAA4IBAQBnb4HHFoviIMjkNKj7RddUlEnmI14QL7aFWUWpD9Vg
t2s5YFhdG38LdPuj92AqhLEjPP056fu+3BRV5UnxQCJ/SxW9A8/8ePyrxaFHMGmI
p1N+fHyFw1J0PuY/9zEYj621DSkejCKsA6oC6iA1HXfFpubcaslotCmR0cGX3RC8
YL8V6v9pd1XakXVfEwFmM0AciH54zP4wfKE2aHgKpDEdb0NXlPTrNFTAWfDaqOqi
t3UD813LMYiO/Nyq24gxaCoqK6sAdiV42k393ryhOHD0ETrSwDSdUCY/M0iy3ySS
ZHoO+dLVMRbnssL4m91A6FBWwNDTAfLVqtQ9gwhy1Mok
-----END CERTIFICATE-----