This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/miIF7cKPQgBw0FAQgFgTnKxWG70.roa
File:                     miIF7cKPQgBw0FAQgFgTnKxWG70.roa (raw, json)
Hash identifier:          RlEN9ZFVRfvKtRA7xfX2xwkOVgWXXIc6PBrgfB1+iXU=
Subject key identifier:   9A:22:05:ED:C2:8F:42:00:70:D0:50:10:80:58:13:9C:AC:56:1B:BD
Certificate issuer:       /CN=3ee93eb7d4b5baff7206855b14e0ee586113d09f
Certificate serial:       019B76EAEEE28C07E18F42CD593CD22D157E
Authority key identifier: 3E:E9:3E:B7:D4:B5:BA:FF:72:06:85:5B:14:E0:EE:58:61:13:D0:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Puk-t9S1uv9yBoVbFODuWGET0J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/miIF7cKPQgBw0FAQgFgTnKxWG70.roa
Signing time:             Thu 01 Jan 2026 00:17:46 +0000
ROA not before:           Thu 01 Jan 2026 00:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212849
IP address blocks:        185.120.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/Puk-t9S1uv9yBoVbFODuWGET0J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/Puk-t9S1uv9yBoVbFODuWGET0J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Puk-t9S1uv9yBoVbFODuWGET0J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ee:e2:8c:07:e1:8f:42:cd:59:3c:d2:2d:15:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee93eb7d4b5baff7206855b14e0ee586113d09f
        Validity
            Not Before: Jan  1 00:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a2205edc28f420070d050108058139cac561bbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a3:5c:70:d5:b4:09:93:72:2c:5f:1b:4b:0c:
                    cf:d5:35:6a:9d:fa:f1:ab:74:0b:d7:ec:ce:6d:5f:
                    12:93:a4:2c:6b:d6:5f:6f:77:a8:43:f1:f9:4f:87:
                    9f:1b:59:c4:09:3a:54:a8:32:89:99:b9:fa:c9:06:
                    9b:63:c9:aa:75:ae:5f:89:d8:65:73:53:a7:8d:94:
                    d9:c0:c7:5a:de:f4:ca:9a:d6:95:8c:0c:61:e3:ea:
                    09:31:72:47:1d:5b:cb:e1:ea:ad:12:c7:cf:48:27:
                    be:ce:c9:62:88:09:a7:8a:85:78:bd:c5:4f:d9:99:
                    7c:05:c4:b1:6f:c9:72:2e:a0:bc:08:9f:f4:67:da:
                    66:71:b8:c4:ac:ab:f7:0b:b9:7a:bc:83:b8:19:6e:
                    1f:22:89:df:eb:f2:17:77:50:39:c4:fe:e1:76:c9:
                    f8:9d:80:50:a9:6b:70:10:5f:bc:78:17:2e:76:d8:
                    c1:71:9c:a9:b5:59:1f:64:d1:f8:c2:65:69:2d:2e:
                    97:72:4f:47:a9:08:7a:8c:e4:0a:fc:43:b9:dc:ca:
                    a5:43:f6:52:4c:82:3f:2d:3b:33:57:1d:4e:1a:eb:
                    8d:c7:12:f3:00:35:ba:af:66:98:59:5c:89:9c:28:
                    78:51:cd:c8:d9:d7:49:dd:f8:47:a4:2a:45:c1:20:
                    24:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:22:05:ED:C2:8F:42:00:70:D0:50:10:80:58:13:9C:AC:56:1B:BD
            X509v3 Authority Key Identifier:
                keyid:3E:E9:3E:B7:D4:B5:BA:FF:72:06:85:5B:14:E0:EE:58:61:13:D0:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Puk-t9S1uv9yBoVbFODuWGET0J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/miIF7cKPQgBw0FAQgFgTnKxWG70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3c5ddd-d621-4dd0-ad67-98d9046694e7/1/Puk-t9S1uv9yBoVbFODuWGET0J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:37:66:87:9a:a6:f7:76:f0:c9:e0:bf:46:8e:96:14:be:c9:
         c3:d1:8e:40:25:51:d2:62:46:24:8d:b9:c7:9c:76:7d:70:92:
         b1:61:a8:2a:83:2d:97:4e:fb:11:8c:92:d4:48:c0:c2:32:07:
         67:10:16:2c:57:db:a8:87:a8:ba:9f:d9:df:04:50:9a:75:39:
         59:26:b3:cc:af:06:5d:21:b5:8d:20:4d:11:4f:a7:09:95:af:
         6c:14:d8:ac:86:3a:1c:3e:08:e4:3f:38:49:40:9f:65:72:a5:
         17:3c:63:ce:a0:82:89:e8:ba:49:ae:b1:1e:9c:3b:57:77:a2:
         69:92:9a:51:2d:1c:2e:88:99:78:65:fe:0e:e7:20:7d:65:2a:
         d5:a0:5a:77:8b:4f:d3:7a:8d:43:dd:52:cd:32:e6:9b:1a:83:
         cf:a6:33:0b:41:92:be:70:e3:49:c6:f6:0b:dd:a7:f3:f5:f4:
         77:05:be:e6:02:3f:83:37:8c:a0:ba:0d:51:c7:eb:62:4c:90:
         69:f8:b8:5f:74:16:e2:17:fe:f5:3d:a6:54:39:15:27:b6:ba:
         7d:58:cf:46:67:9f:e1:bd:07:10:45:63:16:fc:b8:8c:73:39:
         e1:89:02:cf:e1:25:82:da:5f:14:44:87:76:94:c7:42:95:39:
         5e:6e:00:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26u7ijAfhj0LNWTzSLRV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTkzZWI3ZDRiNWJhZmY3MjA2ODU1YjE0ZTBlZTU4NjEx
M2QwOWYwHhcNMjYwMTAxMDAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTIyMDVlZGMyOGY0MjAwNzBkMDUwMTA4MDU4MTM5Y2FjNTYxYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaNccNW0CZNyLF8bSwzP1TVqnfrx
q3QL1+zObV8Sk6Qsa9Zfb3eoQ/H5T4efG1nECTpUqDKJmbn6yQabY8mqda5fidhl
c1OnjZTZwMda3vTKmtaVjAxh4+oJMXJHHVvL4eqtEsfPSCe+zsliiAmnioV4vcVP
2Zl8BcSxb8lyLqC8CJ/0Z9pmcbjErKv3C7l6vIO4GW4fIonf6/IXd1A5xP7hdsn4
nYBQqWtwEF+8eBcudtjBcZyptVkfZNH4wmVpLS6Xck9HqQh6jOQK/EO53MqlQ/ZS
TII/LTszVx1OGuuNxxLzADW6r2aYWVyJnCh4Uc3I2ddJ3fhHpCpFwSAkLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoiBe3Cj0IAcNBQEIBYE5ysVhu9MB8GA1UdIwQY
MBaAFD7pPrfUtbr/cgaFWxTg7lhhE9CfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHVrLXQ5UzF1djl5Qm9WYkZPRHVXR0VUMEo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zYzVkZGQtZDYyMS00ZGQwLWFkNjct
OThkOTA0NjY5NGU3LzEvbWlJRjdjS1BRZ0J3MEZBUWdGZ1RuS3hXRzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8zYzVkZGQtZDYyMS00ZGQwLWFkNjctOThkOTA0NjY5NGU3
LzEvUHVrLXQ5UzF1djl5Qm9WYkZPRHVXR0VUMEo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXiOMA0G
CSqGSIb3DQEBCwUAA4IBAQC5N2aHmqb3dvDJ4L9GjpYUvsnD0Y5AJVHSYkYkjbnH
nHZ9cJKxYagqgy2XTvsRjJLUSMDCMgdnEBYsV9uoh6i6n9nfBFCadTlZJrPMrwZd
IbWNIE0RT6cJla9sFNishjocPgjkPzhJQJ9lcqUXPGPOoIKJ6LpJrrEenDtXd6Jp
kppRLRwuiJl4Zf4O5yB9ZSrVoFp3i0/Teo1D3VLNMuabGoPPpjMLQZK+cONJxvYL
3afz9fR3Bb7mAj+DN4ygug1Rx+tiTJBp+LhfdBbiF/71PaZUORUntrp9WM9GZ5/h
vQcQRWMW/LiMcznhiQLP4SWC2l8URId2lMdClTlebgDg
-----END CERTIFICATE-----