This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/4M_UsjI3sTlD02Fx3KfoZHfdDb0.roa
File:                     4M_UsjI3sTlD02Fx3KfoZHfdDb0.roa (raw, json)
Hash identifier:          dlLvX8/Ejpl0nrFnm4Jn56Ulk4bAMrdScrrJoG2sLZI=
Subject key identifier:   E0:CF:D4:B2:32:37:B1:39:43:D3:61:71:DC:A7:E8:64:77:DD:0D:BD
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       019B7B35F666CC24F461EA92B0DDBB17C0E1
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/4M_UsjI3sTlD02Fx3KfoZHfdDb0.roa
Signing time:             Thu 01 Jan 2026 20:18:12 +0000
ROA not before:           Thu 01 Jan 2026 20:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44802
IP address blocks:        185.17.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f6:66:cc:24:f4:61:ea:92:b0:dd:bb:17:c0:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  1 20:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0cfd4b23237b13943d36171dca7e86477dd0dbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e8:1f:34:7f:a7:cc:59:3b:72:a6:75:16:d2:
                    8d:6d:7e:0e:07:24:5d:d3:e1:11:8c:4a:73:cc:3f:
                    f1:f7:bb:5f:f9:6e:38:01:aa:2a:9f:aa:fb:5a:cf:
                    34:11:02:32:7e:6f:37:67:de:6a:e8:d8:6c:4a:e0:
                    3e:55:c8:ae:7d:0d:fd:de:eb:86:db:01:4f:bb:3f:
                    54:9e:94:f6:3f:48:50:55:b5:2b:7b:0e:03:95:46:
                    c7:76:35:90:0e:7f:3b:49:2d:72:47:dd:49:8b:cd:
                    ab:87:44:8e:d1:fe:17:4a:e9:53:48:d0:43:58:a6:
                    4d:ac:2a:1e:63:8b:65:b1:17:f1:d3:47:db:01:03:
                    a9:6a:fb:4a:a8:36:7a:3e:93:3f:91:cf:6e:50:8b:
                    8e:48:ca:9c:d7:99:2b:6a:6a:7f:0d:98:86:1c:a4:
                    06:d4:e3:01:33:66:f5:5e:dc:a8:e8:96:3b:44:3f:
                    2f:5c:17:a4:05:6f:09:94:d2:89:51:4e:f8:7e:b1:
                    69:e8:f7:76:f0:53:e7:fb:2b:20:03:f8:7d:d2:02:
                    c7:72:cf:80:08:24:46:3e:22:4f:0e:27:71:54:ec:
                    15:84:ea:c3:94:cc:d8:80:0c:0a:3e:17:8f:01:62:
                    04:95:e5:79:68:eb:e8:c7:5a:85:59:35:9f:22:a4:
                    40:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CF:D4:B2:32:37:B1:39:43:D3:61:71:DC:A7:E8:64:77:DD:0D:BD
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/4M_UsjI3sTlD02Fx3KfoZHfdDb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:63:20:96:98:07:e0:63:2b:33:52:9b:79:8b:3e:25:eb:6a:
         13:4f:33:d6:5d:35:94:f2:66:96:be:f2:46:bb:dd:15:8d:50:
         87:91:c6:3f:3f:86:17:11:2f:33:63:df:ea:e9:d9:05:6f:fe:
         90:9f:69:d1:b6:12:7c:b6:fd:1f:d8:63:43:94:1a:ad:c2:73:
         e9:69:19:45:63:31:28:d4:fe:95:84:d3:82:a9:8b:c3:31:78:
         66:8e:82:32:c2:00:3c:b4:6c:c7:2a:28:22:90:25:97:3e:97:
         28:fa:d1:ca:af:e7:df:d6:bd:65:eb:64:63:a9:d6:84:06:a3:
         b1:3a:65:ec:b5:24:32:4c:3d:bb:4e:bc:0e:07:be:df:84:1d:
         61:8b:3c:a8:a1:91:d9:f3:71:40:4c:44:dd:20:14:3a:8b:a6:
         75:04:f4:39:62:56:9f:0b:02:20:52:d2:2d:c2:4f:86:0c:06:
         4a:f1:a9:14:67:de:fc:6d:9a:72:72:f0:3d:fa:58:25:5b:3b:
         69:09:46:ea:2b:b5:ad:9b:82:4a:18:dd:cc:3d:d1:79:0e:3e:
         cd:ee:5f:eb:35:a7:6f:00:5f:a2:fe:74:84:4e:b5:28:a2:c5:
         40:1e:60:1c:39:e3:1e:c6:3a:97:4d:f0:6f:bb:8f:2e:78:0c:
         69:3f:09:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfZmzCT0YeqSsN27F8DhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjYwMTAxMjAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNmZDRiMjMyMzdiMTM5NDNkMzYxNzFkY2E3ZTg2NDc3ZGQwZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOgfNH+nzFk7cqZ1FtKNbX4OByRd
0+ERjEpzzD/x97tf+W44Aaoqn6r7Ws80EQIyfm83Z95q6NhsSuA+VciufQ393uuG
2wFPuz9UnpT2P0hQVbUrew4DlUbHdjWQDn87SS1yR91Ji82rh0SO0f4XSulTSNBD
WKZNrCoeY4tlsRfx00fbAQOpavtKqDZ6PpM/kc9uUIuOSMqc15kramp/DZiGHKQG
1OMBM2b1Xtyo6JY7RD8vXBekBW8JlNKJUU74frFp6Pd28FPn+ysgA/h90gLHcs+A
CCRGPiJPDidxVOwVhOrDlMzYgAwKPhePAWIEleV5aOvox1qFWTWfIqRANQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODP1LIyN7E5Q9Nhcdyn6GR33Q29MB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEvNE1fVXNqSTNzVGxEMDJGeDNLZm9aSGZkRGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuREIMA0G
CSqGSIb3DQEBCwUAA4IBAQBiYyCWmAfgYyszUpt5iz4l62oTTzPWXTWU8maWvvJG
u90VjVCHkcY/P4YXES8zY9/q6dkFb/6Qn2nRthJ8tv0f2GNDlBqtwnPpaRlFYzEo
1P6VhNOCqYvDMXhmjoIywgA8tGzHKigikCWXPpco+tHKr+ff1r1l62RjqdaEBqOx
OmXstSQyTD27TrwOB77fhB1hizyooZHZ83FATETdIBQ6i6Z1BPQ5YlafCwIgUtIt
wk+GDAZK8akUZ978bZpycvA9+lglWztpCUbqK7Wtm4JKGN3MPdF5Dj7N7l/rNadv
AF+i/nSETrUoosVAHmAcOeMexjqXTfBvu48ueAxpPwmU
-----END CERTIFICATE-----