This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/c3mRC2zskUzL_6AdndC0KZP1S14.roa
File:                     c3mRC2zskUzL_6AdndC0KZP1S14.roa (raw, json)
Hash identifier:          BCkPN8vUy3sfeplOO5KxZSim29zaECBgi+38mZOABLM=
Subject key identifier:   73:79:91:0B:6C:EC:91:4C:CB:FF:A0:1D:9D:D0:B4:29:93:F5:4B:5E
Certificate issuer:       /CN=f566016d878230128b58e279d661c195e6399588
Certificate serial:       019B7C1120EF0433BA40FF2257261097DEF4
Authority key identifier: F5:66:01:6D:87:82:30:12:8B:58:E2:79:D6:61:C1:95:E6:39:95:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/c3mRC2zskUzL_6AdndC0KZP1S14.roa
Signing time:             Fri 02 Jan 2026 00:17:35 +0000
ROA not before:           Fri 02 Jan 2026 00:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.158.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:20:ef:04:33:ba:40:ff:22:57:26:10:97:de:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f566016d878230128b58e279d661c195e6399588
        Validity
            Not Before: Jan  2 00:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7379910b6cec914ccbffa01d9dd0b42993f54b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:39:c7:c5:42:81:19:0e:f6:8e:6e:d1:08:34:
                    32:9f:ef:be:fd:c8:54:51:b1:1d:b2:bb:50:d3:a4:
                    e9:03:6f:37:6f:16:68:56:e5:11:73:ec:7c:c4:7b:
                    f1:6a:f8:a0:6a:0c:a8:ac:9f:a4:85:fa:e4:dd:8a:
                    4e:75:c7:75:58:62:1f:c3:41:a4:2a:93:43:c0:11:
                    61:7b:3e:50:b3:6d:8c:89:48:25:89:31:58:91:a4:
                    51:dc:e7:7c:53:b2:6b:23:84:df:22:29:88:26:31:
                    07:e4:91:3e:7b:ca:df:15:95:9e:1b:c6:42:89:70:
                    ef:69:0b:23:1a:c0:b7:8c:f2:ac:52:68:dd:5a:f1:
                    f5:62:a0:f0:0d:af:a6:ab:25:ac:a6:5b:53:f0:3d:
                    51:e9:14:20:70:79:56:6d:7a:f1:69:c5:c5:b5:31:
                    19:2f:a8:6f:39:75:b8:91:a4:3a:8b:f8:4b:51:c9:
                    06:5f:e0:50:fe:84:66:a7:b6:d0:c5:1d:4e:a9:36:
                    7a:93:d3:1e:d0:4c:8a:7d:e8:98:0a:c8:81:50:ba:
                    a5:44:0f:8f:68:0e:52:94:44:86:0e:25:cf:a2:00:
                    01:3e:da:73:e7:e5:a8:9d:d9:5d:c8:57:2f:17:85:
                    05:66:b4:18:82:20:71:1e:e6:d2:fb:b4:d2:be:4b:
                    b7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:79:91:0B:6C:EC:91:4C:CB:FF:A0:1D:9D:D0:B4:29:93:F5:4B:5E
            X509v3 Authority Key Identifier:
                keyid:F5:66:01:6D:87:82:30:12:8B:58:E2:79:D6:61:C1:95:E6:39:95:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/c3mRC2zskUzL_6AdndC0KZP1S14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:cb:7b:33:8b:12:07:76:4f:e2:61:62:a6:95:ea:f0:a5:7a:
         43:ae:0b:41:a0:86:73:02:e4:75:f1:21:f8:91:f6:01:dd:b2:
         be:2d:06:a6:00:86:16:7c:0a:ef:99:39:40:d3:68:d9:01:24:
         69:15:dd:27:4e:14:11:cf:eb:7b:75:ab:21:4d:8b:96:9b:32:
         6c:09:33:7a:9b:82:40:ad:a2:09:64:44:a7:7c:85:8a:30:38:
         e1:aa:c7:ee:5e:6c:23:6b:ca:40:88:0a:32:4f:af:12:5a:ef:
         e4:41:a2:d1:1d:c6:e7:24:db:cf:34:73:ef:58:94:ad:2e:ea:
         c5:66:09:50:19:47:a5:12:a9:a4:06:60:e7:bf:eb:6b:23:88:
         3c:14:e6:a1:b3:a4:51:04:c3:3b:c0:37:76:9e:da:d9:df:47:
         fe:a0:d6:58:e7:18:4c:f6:e9:b1:fb:be:60:cb:be:7b:f5:67:
         e9:93:27:13:be:07:39:2a:e5:da:75:b7:3c:df:d2:b7:c6:41:
         fc:4b:11:a9:ba:85:0e:2c:cf:3e:c9:86:16:4b:ce:e7:58:97:
         8a:52:6f:de:a5:2f:b5:38:9a:08:11:ce:7e:8d:c3:5e:a9:f0:
         e0:f3:37:7f:18:a0:3d:c8:db:31:c5:53:5f:17:b4:cd:78:cd:
         de:bc:b8:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ESDvBDO6QP8iVyYQl970MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NjYwMTZkODc4MjMwMTI4YjU4ZTI3OWQ2NjFjMTk1ZTYz
OTk1ODgwHhcNMjYwMTAyMDAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc5OTEwYjZjZWM5MTRjY2JmZmEwMWQ5ZGQwYjQyOTkzZjU0YjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5znHxUKBGQ72jm7RCDQyn+++/chU
UbEdsrtQ06TpA283bxZoVuURc+x8xHvxavigagyorJ+khfrk3YpOdcd1WGIfw0Gk
KpNDwBFhez5Qs22MiUgliTFYkaRR3Od8U7JrI4TfIimIJjEH5JE+e8rfFZWeG8ZC
iXDvaQsjGsC3jPKsUmjdWvH1YqDwDa+mqyWspltT8D1R6RQgcHlWbXrxacXFtTEZ
L6hvOXW4kaQ6i/hLUckGX+BQ/oRmp7bQxR1OqTZ6k9Me0EyKfeiYCsiBULqlRA+P
aA5SlESGDiXPogABPtpz5+WondldyFcvF4UFZrQYgiBxHubS+7TSvku36wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHN5kQts7JFMy/+gHZ3QtCmT9UteMB8GA1UdIwQY
MBaAFPVmAW2HgjASi1jiedZhwZXmOZWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdZQmJZZUNNQktMV09KNTFtSEJsZVk1bFlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8wOTNhNTEtMTA3NS00MGJlLTlkYzIt
ZDE1YjA3OWMzNWZiLzEvYzNtUkMyenNrVXpMXzZBZG5kQzBLWlAxUzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8wOTNhNTEtMTA3NS00MGJlLTlkYzItZDE1YjA3OWMzNWZi
LzEvOVdZQmJZZUNNQktMV09KNTFtSEJsZVk1bFlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ5tMA0G
CSqGSIb3DQEBCwUAA4IBAQBWy3szixIHdk/iYWKmlerwpXpDrgtBoIZzAuR18SH4
kfYB3bK+LQamAIYWfArvmTlA02jZASRpFd0nThQRz+t7dashTYuWmzJsCTN6m4JA
raIJZESnfIWKMDjhqsfuXmwja8pAiAoyT68SWu/kQaLRHcbnJNvPNHPvWJStLurF
ZglQGUelEqmkBmDnv+trI4g8FOahs6RRBMM7wDd2ntrZ30f+oNZY5xhM9umx+75g
y7579WfpkycTvgc5KuXadbc839K3xkH8SxGpuoUOLM8+yYYWS87nWJeKUm/epS+1
OJoIEc5+jcNeqfDg8zd/GKA9yNsxxVNfF7TNeM3evLhf
-----END CERTIFICATE-----