This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DBpPzVAJ7ffd9hRybzp4I24ULrQ.roa
File:                     DBpPzVAJ7ffd9hRybzp4I24ULrQ.roa (raw, json)
Hash identifier:          +tGo0Qp78/hxqU6nAPOOfS0khothV/W+YPIlZ6ERGGY=
Subject key identifier:   0C:1A:4F:CD:50:09:ED:F7:DD:F6:14:72:6F:3A:78:23:6E:14:2E:B4
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019ABE7BCC1C4891A792A162659D9913293C
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DBpPzVAJ7ffd9hRybzp4I24ULrQ.roa
Signing time:             Wed 26 Nov 2025 04:46:15 +0000
ROA not before:           Wed 26 Nov 2025 04:46:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.124.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:be:7b:cc:1c:48:91:a7:92:a1:62:65:9d:99:13:29:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Nov 26 04:46:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c1a4fcd5009edf7ddf614726f3a78236e142eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4f:b1:54:b5:4d:ae:22:d9:ef:33:8a:b7:dd:
                    f2:c6:cc:7c:9f:80:12:4c:5e:a5:20:b9:7e:0e:5d:
                    0c:b6:f3:cf:b1:4d:3f:5e:3b:c4:1c:c3:14:ce:d8:
                    35:df:ed:e5:ec:0c:2e:37:83:c6:b7:1d:7a:7b:2c:
                    fd:c3:8b:06:c9:a1:a8:42:7c:7a:23:d7:cb:95:b7:
                    32:0b:5d:e6:48:b2:8a:b4:25:de:25:a9:46:0b:d5:
                    70:be:b3:9b:f3:8a:84:0f:1b:6f:4c:a8:22:f6:14:
                    f1:c4:50:fe:cb:44:17:4f:89:34:e7:b1:af:e7:f0:
                    19:9e:d1:21:64:da:36:36:21:9d:ab:94:0e:81:4d:
                    76:dd:c5:07:ff:9a:3b:25:8f:18:85:d2:f3:a1:e8:
                    37:81:19:bc:cb:16:59:73:d0:9e:61:a6:3a:8f:f8:
                    dc:89:be:29:a8:cf:93:c7:85:c6:be:c3:ab:c7:c6:
                    2c:cd:43:9b:d6:95:ae:11:88:b5:b3:ad:01:83:50:
                    04:6c:81:4b:09:6d:16:74:6a:e4:b8:26:19:38:3b:
                    fe:31:44:48:3b:30:4e:c7:22:32:3c:00:17:bf:12:
                    65:6a:58:9d:65:6c:b5:19:59:12:8c:a1:23:65:85:
                    c6:e3:e3:8a:e2:4d:08:e3:9b:df:3a:da:71:15:17:
                    b4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:1A:4F:CD:50:09:ED:F7:DD:F6:14:72:6F:3A:78:23:6E:14:2E:B4
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/DBpPzVAJ7ffd9hRybzp4I24ULrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:08:52:29:a0:85:6a:51:8c:3a:c5:0f:3c:f4:f7:2c:2e:41:
         a9:c0:fb:a8:4d:4e:3a:4f:55:3a:50:fe:a7:46:32:c2:30:03:
         60:8a:ac:ce:86:bb:a0:ec:25:6a:52:8c:96:7e:7d:bf:4e:3d:
         b2:80:dd:20:4f:dc:1d:5c:10:5a:b6:a9:06:6a:6f:3a:4e:2d:
         44:84:c6:d2:16:a3:da:f8:33:40:82:1b:7a:fb:eb:93:96:dc:
         b3:6e:e5:f9:b4:b4:25:b5:e2:e5:06:ed:90:7d:77:24:97:7b:
         8a:83:00:b9:cb:52:ef:da:be:07:83:bf:c4:f5:07:1b:60:32:
         97:67:40:7e:37:f8:28:1e:82:d9:e1:a2:a1:4e:dc:19:a2:44:
         7d:d9:2e:52:5b:f1:3f:a6:54:b4:29:25:2e:ea:e1:23:6b:d8:
         b3:61:5c:22:92:6a:34:3e:7f:82:c8:0c:6e:6f:66:5b:60:69:
         24:4a:1d:dc:97:28:1f:03:29:85:bd:20:52:63:d2:36:7d:d1:
         0b:c8:33:cd:4a:e0:e2:13:6f:16:4a:72:52:25:3a:87:ce:7c:
         ab:07:4b:2c:c8:c6:1a:78:e1:44:5b:6f:ec:7f:5a:5e:28:3a:
         9d:64:af:06:6c:b3:d3:da:24:b2:b0:03:4a:4d:f9:55:cf:17:
         67:94:6e:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq+e8wcSJGnkqFiZZ2ZEyk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUxMTI2MDQ0NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFhNGZjZDUwMDllZGY3ZGRmNjE0NzI2ZjNhNzgyMzZlMTQyZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0+xVLVNriLZ7zOKt93yxsx8n4AS
TF6lILl+Dl0MtvPPsU0/XjvEHMMUztg13+3l7AwuN4PGtx16eyz9w4sGyaGoQnx6
I9fLlbcyC13mSLKKtCXeJalGC9VwvrOb84qEDxtvTKgi9hTxxFD+y0QXT4k057Gv
5/AZntEhZNo2NiGdq5QOgU123cUH/5o7JY8YhdLzoeg3gRm8yxZZc9CeYaY6j/jc
ib4pqM+Tx4XGvsOrx8YszUOb1pWuEYi1s60Bg1AEbIFLCW0WdGrkuCYZODv+MURI
OzBOxyIyPAAXvxJlalidZWy1GVkSjKEjZYXG4+OK4k0I45vfOtpxFRe0awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwaT81QCe333fYUcm86eCNuFC60MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvREJwUHpWQUo3ZmZkOWhSeWJ6cDRJMjRVTHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXyuMA0G
CSqGSIb3DQEBCwUAA4IBAQAeCFIpoIVqUYw6xQ889PcsLkGpwPuoTU46T1U6UP6n
RjLCMANgiqzOhrug7CVqUoyWfn2/Tj2ygN0gT9wdXBBatqkGam86Ti1EhMbSFqPa
+DNAght6++uTltyzbuX5tLQlteLlBu2QfXckl3uKgwC5y1Lv2r4Hg7/E9QcbYDKX
Z0B+N/goHoLZ4aKhTtwZokR92S5SW/E/plS0KSUu6uEja9izYVwikmo0Pn+CyAxu
b2ZbYGkkSh3clygfAymFvSBSY9I2fdELyDPNSuDiE28WSnJSJTqHznyrB0ssyMYa
eOFEW2/sf1peKDqdZK8GbLPT2iSysANKTflVzxdnlG48
-----END CERTIFICATE-----