This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/AXIymUlrlzOM0VmeGeJxQ_7kyH4.roa
File:                     AXIymUlrlzOM0VmeGeJxQ_7kyH4.roa (raw, json)
Hash identifier:          +4BgqyGI7htQ3HKoZ9DwgLWkJsqWReVSibD9LZAqEhI=
Subject key identifier:   01:72:32:99:49:6B:97:33:8C:D1:59:9E:19:E2:71:43:FE:E4:C8:7E
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       019B5879B465448AB1E7FD92C075A70E717E
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/AXIymUlrlzOM0VmeGeJxQ_7kyH4.roa
Signing time:             Fri 26 Dec 2025 02:25:29 +0000
ROA not before:           Fri 26 Dec 2025 02:25:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.200.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 31 Dec 2025 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:58:79:b4:65:44:8a:b1:e7:fd:92:c0:75:a7:0e:71:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Dec 26 02:25:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01723299496b97338cd1599e19e27143fee4c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ca:66:63:d2:47:67:98:9c:46:9f:40:16:42:
                    9d:83:fa:29:3a:7f:aa:68:ac:19:5e:1d:d7:58:55:
                    1b:30:f9:f2:18:f5:f3:da:21:0e:12:86:a2:d7:ec:
                    6c:54:3b:21:04:9f:4c:0e:6c:ac:08:7f:37:2e:03:
                    95:41:c2:2d:43:9b:4f:0a:9f:79:63:5a:ed:4e:a1:
                    54:65:7e:d7:43:87:4e:ad:04:f5:87:bd:56:7a:97:
                    6b:fd:42:9b:47:fd:3f:e7:94:f3:69:65:60:98:8d:
                    13:06:dd:cb:15:cb:95:20:38:11:5e:01:3f:f2:6a:
                    64:c2:cc:32:b2:3d:fb:3e:03:d6:e2:42:95:a9:82:
                    cc:88:26:7d:9b:fb:6c:7f:fa:e3:5d:e9:75:cc:92:
                    06:1b:ef:c3:d8:63:dc:9f:ee:59:2d:f0:3c:20:d7:
                    df:25:62:71:25:20:51:59:f5:8c:25:84:1c:15:31:
                    af:3d:db:90:3b:48:65:ac:7e:c4:b7:87:37:63:36:
                    72:e6:cc:85:b0:0d:bc:c4:8e:f5:af:e3:26:73:ba:
                    a6:12:05:c8:48:6b:4e:46:89:83:d6:21:c6:8c:9e:
                    e8:8a:39:36:f9:a4:70:1c:75:0e:3c:72:55:9c:7a:
                    a5:40:28:71:31:c6:38:4f:6e:33:d1:50:b7:9a:b5:
                    8f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:72:32:99:49:6B:97:33:8C:D1:59:9E:19:E2:71:43:FE:E4:C8:7E
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/AXIymUlrlzOM0VmeGeJxQ_7kyH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:2c:d6:77:8f:1d:7c:e2:e9:bd:2f:00:f3:5b:d1:04:a7:d1:
         f4:fd:fa:be:9a:6c:03:3d:dd:4e:df:19:ce:88:0a:18:aa:30:
         99:36:78:88:94:30:65:b0:02:f8:d5:87:ef:90:63:48:84:13:
         5d:ea:f6:7e:0a:6c:6d:01:ab:0a:5f:2c:23:21:1e:38:1a:f1:
         7a:53:f3:43:1c:df:6e:a4:f1:62:1a:38:5a:12:e5:58:fd:63:
         7f:53:86:43:23:18:11:c9:66:b0:55:b8:25:56:e1:a9:b9:a7:
         ba:93:eb:07:69:61:a4:c6:28:f0:6b:e5:42:c9:32:b5:71:fb:
         46:d2:47:a4:95:49:19:d3:21:30:29:99:34:17:09:dc:9a:83:
         84:97:07:84:73:e9:58:84:81:c9:e0:5e:2c:45:49:68:21:cd:
         58:51:a4:9d:92:cb:d7:af:30:61:cf:3e:04:66:78:fa:ae:9f:
         b7:12:ad:72:9f:8b:58:11:5c:92:c4:da:67:02:8e:96:a6:89:
         18:64:aa:f2:de:63:ee:0a:de:2b:12:e5:30:ee:53:a6:6b:e9:
         70:79:57:b5:f7:d4:bc:c7:79:39:90:39:c8:a2:86:39:29:f2:
         10:4e:57:32:98:36:be:4f:cb:9c:9a:01:ee:e8:f4:ba:79:65:
         ca:da:06:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtYebRlRIqx5/2SwHWnDnF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjUxMjI2MDIyNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTcyMzI5OTQ5NmI5NzMzOGNkMTU5OWUxOWUyNzE0M2ZlZTRjODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8pmY9JHZ5icRp9AFkKdg/opOn+q
aKwZXh3XWFUbMPnyGPXz2iEOEoai1+xsVDshBJ9MDmysCH83LgOVQcItQ5tPCp95
Y1rtTqFUZX7XQ4dOrQT1h71Wepdr/UKbR/0/55TzaWVgmI0TBt3LFcuVIDgRXgE/
8mpkwswysj37PgPW4kKVqYLMiCZ9m/tsf/rjXel1zJIGG+/D2GPcn+5ZLfA8INff
JWJxJSBRWfWMJYQcFTGvPduQO0hlrH7Et4c3YzZy5syFsA28xI71r+Mmc7qmEgXI
SGtORomD1iHGjJ7oijk2+aRwHHUOPHJVnHqlQChxMcY4T24z0VC3mrWPbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFyMplJa5czjNFZnhnicUP+5Mh+MB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvQVhJeW1VbHJsek9NMFZtZUdlSnhRXzdreUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucj0MA0G
CSqGSIb3DQEBCwUAA4IBAQCULNZ3jx184um9LwDzW9EEp9H0/fq+mmwDPd1O3xnO
iAoYqjCZNniIlDBlsAL41YfvkGNIhBNd6vZ+CmxtAasKXywjIR44GvF6U/NDHN9u
pPFiGjhaEuVY/WN/U4ZDIxgRyWawVbglVuGpuae6k+sHaWGkxijwa+VCyTK1cftG
0keklUkZ0yEwKZk0FwncmoOElweEc+lYhIHJ4F4sRUloIc1YUaSdksvXrzBhzz4E
Znj6rp+3Eq1yn4tYEVySxNpnAo6WpokYZKry3mPuCt4rEuUw7lOma+lweVe199S8
x3k5kDnIooY5KfIQTlcymDa+T8ucmgHu6PS6eWXK2gZi
-----END CERTIFICATE-----