This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/tPOM2vOyRXLlpAH8tGuHWMTFfJE.roa
File:                     tPOM2vOyRXLlpAH8tGuHWMTFfJE.roa (raw, json)
Hash identifier:          +fqqEcmQJOglmRruo7MOCNENvJ3e5VUzYn6LUaZmpyE=
Subject key identifier:   B4:F3:8C:DA:F3:B2:45:72:E5:A4:01:FC:B4:6B:87:58:C4:C5:7C:91
Certificate issuer:       /CN=44c3b44cbbc4f3da5a4b4285c96ea3cb50d4d073
Certificate serial:       019B7A5A22C22E6FD0A9B1CB92ADB64AD70E
Authority key identifier: 44:C3:B4:4C:BB:C4:F3:DA:5A:4B:42:85:C9:6E:A3:CB:50:D4:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RMO0TLvE89paS0KFyW6jy1DU0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/tPOM2vOyRXLlpAH8tGuHWMTFfJE.roa
Signing time:             Thu 01 Jan 2026 16:18:06 +0000
ROA not before:           Thu 01 Jan 2026 16:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24961
IP address blocks:        185.249.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/RMO0TLvE89paS0KFyW6jy1DU0HM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/RMO0TLvE89paS0KFyW6jy1DU0HM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RMO0TLvE89paS0KFyW6jy1DU0HM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:22:c2:2e:6f:d0:a9:b1:cb:92:ad:b6:4a:d7:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44c3b44cbbc4f3da5a4b4285c96ea3cb50d4d073
        Validity
            Not Before: Jan  1 16:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4f38cdaf3b24572e5a401fcb46b8758c4c57c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bb:fa:ba:32:05:86:ad:5a:01:4d:cb:f1:5b:
                    fe:e7:d6:13:de:fb:9f:dc:b0:2c:a0:07:89:54:b0:
                    d0:c3:8c:9c:a5:33:3f:6f:bc:78:d9:d8:70:5e:3c:
                    4b:4d:a5:03:b0:ee:8f:4e:68:a7:20:9f:e2:7a:ed:
                    d7:2e:e3:70:a1:52:d5:6f:01:26:bd:df:ed:a8:dd:
                    7e:73:b4:0a:f6:77:df:f9:9f:70:f4:88:d5:ba:91:
                    a1:48:7c:1d:e6:70:0a:67:e4:5b:47:c6:c2:67:94:
                    14:8c:a0:ee:43:d6:0a:9a:03:d9:17:3a:f0:86:cc:
                    3c:ff:d7:37:f8:34:b3:a0:ae:e7:19:35:f4:7f:0a:
                    f6:99:d5:fb:2a:57:2c:de:01:b4:7a:a9:44:7e:e8:
                    13:fa:22:0e:47:1f:16:01:da:54:04:f8:48:9f:ad:
                    3d:d8:1b:e6:fb:49:79:6a:ba:a7:a3:56:3e:e5:a2:
                    89:fe:25:0b:b5:0b:6d:a7:20:e1:09:58:4d:1c:f2:
                    fa:0a:61:64:db:21:71:17:b4:82:0a:7e:a1:4e:0f:
                    37:de:f4:0d:96:a7:36:15:58:c0:73:9a:a3:3e:4c:
                    43:f2:29:61:fc:ef:8c:09:cd:0c:7c:aa:e5:ed:fe:
                    9e:08:0f:08:ea:49:98:cb:f8:ad:14:c5:2f:cd:70:
                    95:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F3:8C:DA:F3:B2:45:72:E5:A4:01:FC:B4:6B:87:58:C4:C5:7C:91
            X509v3 Authority Key Identifier:
                keyid:44:C3:B4:4C:BB:C4:F3:DA:5A:4B:42:85:C9:6E:A3:CB:50:D4:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RMO0TLvE89paS0KFyW6jy1DU0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/tPOM2vOyRXLlpAH8tGuHWMTFfJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/b284a3-c2f1-4205-b1d5-47977669958d/1/RMO0TLvE89paS0KFyW6jy1DU0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:48:76:9d:c5:00:ad:5f:d6:37:52:59:b4:0f:4a:c7:05:17:
         f2:80:fd:75:fc:b8:47:6b:8c:e6:91:67:ac:c5:3c:c7:19:f5:
         b3:04:d0:55:f8:1e:4b:3c:d6:33:1f:63:19:25:58:77:3e:9d:
         22:ca:f1:84:2d:3b:3e:98:47:a6:fa:95:f0:83:5d:e3:80:27:
         8e:c5:99:6e:9d:26:20:76:7d:7e:51:ef:c8:e5:82:d1:e7:9c:
         48:ce:94:87:38:44:21:52:bc:6c:cd:d6:3b:14:87:9d:fd:6a:
         cc:64:2c:ca:cf:27:f2:f4:bc:f6:2d:2c:c3:38:af:51:5a:42:
         b9:c8:f7:42:2e:d0:b0:32:57:0c:93:34:a0:e4:98:ff:11:99:
         f0:e5:17:f8:cf:e9:d0:fe:e3:74:97:98:b6:f3:0e:1e:4d:6e:
         15:d8:2d:de:a7:fd:43:1e:85:15:64:2d:05:5c:5a:de:0d:63:
         b4:93:5e:ef:58:bf:94:e3:68:d0:b8:24:2d:85:a2:4d:d0:eb:
         f1:10:eb:92:49:2e:49:09:85:86:8b:6f:98:9a:2c:20:ee:6c:
         c6:88:90:a1:ee:37:d9:46:51:83:95:6f:b4:97:4b:70:8a:8b:
         57:cc:4a:eb:86:3a:dc:7a:00:ba:d3:ea:f5:4d:9b:23:85:86:
         78:57:6a:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WiLCLm/QqbHLkq22StcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YzNiNDRjYmJjNGYzZGE1YTRiNDI4NWM5NmVhM2NiNTBk
NGQwNzMwHhcNMjYwMTAxMTYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYzOGNkYWYzYjI0NTcyZTVhNDAxZmNiNDZiODc1OGM0YzU3YzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7v6ujIFhq1aAU3L8Vv+59YT3vuf
3LAsoAeJVLDQw4ycpTM/b7x42dhwXjxLTaUDsO6PTminIJ/ieu3XLuNwoVLVbwEm
vd/tqN1+c7QK9nff+Z9w9IjVupGhSHwd5nAKZ+RbR8bCZ5QUjKDuQ9YKmgPZFzrw
hsw8/9c3+DSzoK7nGTX0fwr2mdX7Klcs3gG0eqlEfugT+iIORx8WAdpUBPhIn609
2Bvm+0l5arqno1Y+5aKJ/iULtQttpyDhCVhNHPL6CmFk2yFxF7SCCn6hTg833vQN
lqc2FVjAc5qjPkxD8ilh/O+MCc0MfKrl7f6eCA8I6kmYy/itFMUvzXCVKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTzjNrzskVy5aQB/LRrh1jExXyRMB8GA1UdIwQY
MBaAFETDtEy7xPPaWktChcluo8tQ1NBzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk1PMFRMdkU4OXBhUzBLRnlXNmp5MURVMEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iMjg0YTMtYzJmMS00MjA1LWIxZDUt
NDc5Nzc2Njk5NThkLzEvdFBPTTJ2T3lSWExscEFIOHRHdUhXTVRGZkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iMjg0YTMtYzJmMS00MjA1LWIxZDUtNDc5Nzc2Njk5NThk
LzEvUk1PMFRMdkU4OXBhUzBLRnlXNmp5MURVMEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuflAMA0G
CSqGSIb3DQEBCwUAA4IBAQA7SHadxQCtX9Y3Ulm0D0rHBRfygP11/LhHa4zmkWes
xTzHGfWzBNBV+B5LPNYzH2MZJVh3Pp0iyvGELTs+mEem+pXwg13jgCeOxZlunSYg
dn1+Ue/I5YLR55xIzpSHOEQhUrxszdY7FIed/WrMZCzKzyfy9Lz2LSzDOK9RWkK5
yPdCLtCwMlcMkzSg5Jj/EZnw5Rf4z+nQ/uN0l5i28w4eTW4V2C3ep/1DHoUVZC0F
XFreDWO0k17vWL+U42jQuCQthaJN0OvxEOuSSS5JCYWGi2+Ymiwg7mzGiJCh7jfZ
RlGDlW+0l0twiotXzErrhjrcegC60+r1TZsjhYZ4V2p9
-----END CERTIFICATE-----