This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0PROOXHWtrqTshebWInvLwz5dVE.roa
File:                     0PROOXHWtrqTshebWInvLwz5dVE.roa (raw, json)
Hash identifier:          kuqhwuodobpmINYueeYw21Gf/m1l+ZCaG7GCFJgXBC4=
Subject key identifier:   D0:F4:4E:39:71:D6:B6:BA:93:B2:17:9B:58:89:EF:2F:0C:F9:75:51
Certificate issuer:       /CN=31db847d1db1e0b2c2c25502210ff5a719967a19
Certificate serial:       019B7758CEB3482A814EBF937D79CAAA1740
Authority key identifier: 31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0PROOXHWtrqTshebWInvLwz5dVE.roa
Signing time:             Thu 01 Jan 2026 02:17:47 +0000
ROA not before:           Thu 01 Jan 2026 02:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        185.238.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 05:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ce:b3:48:2a:81:4e:bf:93:7d:79:ca:aa:17:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31db847d1db1e0b2c2c25502210ff5a719967a19
        Validity
            Not Before: Jan  1 02:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0f44e3971d6b6ba93b2179b5889ef2f0cf97551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:af:f7:b5:fe:75:51:5d:ac:f8:62:81:43:b2:
                    36:6d:9f:c0:a3:54:00:95:f2:10:20:aa:58:c3:4f:
                    22:b1:7f:61:e0:ec:55:fc:3a:66:1b:d8:96:8a:5f:
                    f4:a7:e6:5d:7b:98:60:ad:31:69:1c:af:aa:32:c8:
                    7d:98:27:77:1e:aa:9c:2f:b9:12:0c:b8:b8:a7:3d:
                    74:24:78:d7:e7:b4:fa:89:68:55:91:74:04:80:79:
                    47:0b:4c:df:70:5a:22:ba:c4:f4:0d:dc:e5:dd:d5:
                    b7:a8:eb:aa:41:4e:fd:a3:55:de:43:cd:6d:0f:47:
                    e3:96:32:b1:90:75:5c:6c:19:a2:f3:20:05:63:97:
                    02:2a:5e:b6:1a:d8:f9:a1:76:6e:8d:97:a7:f6:19:
                    ac:04:b7:36:b0:6c:91:72:eb:cf:d9:e4:72:45:a5:
                    83:d4:c8:02:b1:01:94:f0:3b:99:61:25:e1:de:86:
                    61:c4:b7:4d:59:52:fa:f3:e7:85:6e:44:b0:63:5c:
                    cd:d2:0d:e4:24:a3:1a:4a:7f:86:f2:70:ad:6e:53:
                    19:50:d7:99:4a:de:78:68:0f:d9:a8:25:e9:c5:4f:
                    91:80:01:d3:b2:6e:d6:ea:98:36:26:7e:ae:1f:dd:
                    8a:5d:f4:24:e5:e5:86:33:8a:ae:0a:57:a7:99:35:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F4:4E:39:71:D6:B6:BA:93:B2:17:9B:58:89:EF:2F:0C:F9:75:51
            X509v3 Authority Key Identifier:
                keyid:31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0PROOXHWtrqTshebWInvLwz5dVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:0a:e0:a3:3d:49:80:7a:37:47:74:8b:59:d8:89:6d:c1:88:
         e5:b4:ba:dc:cd:18:20:83:9c:3a:25:1f:d8:6f:a7:6b:fa:9f:
         67:a8:42:52:40:48:f3:d2:d5:8e:ba:93:58:16:86:02:c4:a2:
         12:cc:c9:90:fb:0f:d0:31:7c:3e:86:ae:15:ef:bb:3b:6b:5a:
         20:9b:4c:01:78:88:5e:28:da:7e:72:ed:f8:9a:ee:df:2f:41:
         cf:29:ac:bf:c1:c4:e4:4e:f4:0a:cb:ec:e9:9a:63:6f:ef:61:
         a8:51:10:5e:46:53:14:5d:c2:17:f6:3d:0a:30:91:1b:42:b2:
         da:92:80:c3:04:2c:c1:2a:91:e3:29:cf:f0:a4:7c:b2:25:68:
         f2:b8:eb:f5:7d:2e:f5:af:b3:bd:fa:5e:56:e4:61:18:9a:64:
         52:cb:d3:03:bd:78:07:30:0d:22:21:b2:b0:bc:ca:ba:2b:ee:
         cb:f9:29:e3:07:69:3c:fd:28:2a:86:01:b9:5c:64:15:dd:b0:
         39:eb:eb:49:d1:39:f5:7f:05:39:ec:e9:83:ff:c5:db:62:46:
         87:e0:50:41:cf:81:23:06:db:5b:f4:1f:a1:8c:66:24:29:ab:
         9c:eb:8c:7c:85:7e:37:dc:c6:ce:f6:7e:4a:36:40:3b:64:7c:
         1b:7c:23:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WM6zSCqBTr+TfXnKqhdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZGI4NDdkMWRiMWUwYjJjMmMyNTUwMjIxMGZmNWE3MTk5
NjdhMTkwHhcNMjYwMTAxMDIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY0NGUzOTcxZDZiNmJhOTNiMjE3OWI1ODg5ZWYyZjBjZjk3NTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq/3tf51UV2s+GKBQ7I2bZ/Ao1QA
lfIQIKpYw08isX9h4OxV/DpmG9iWil/0p+Zde5hgrTFpHK+qMsh9mCd3HqqcL7kS
DLi4pz10JHjX57T6iWhVkXQEgHlHC0zfcFoiusT0Ddzl3dW3qOuqQU79o1XeQ81t
D0fjljKxkHVcbBmi8yAFY5cCKl62Gtj5oXZujZen9hmsBLc2sGyRcuvP2eRyRaWD
1MgCsQGU8DuZYSXh3oZhxLdNWVL68+eFbkSwY1zN0g3kJKMaSn+G8nCtblMZUNeZ
St54aA/ZqCXpxU+RgAHTsm7W6pg2Jn6uH92KXfQk5eWGM4quClenmTURAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND0Tjlx1ra6k7IXm1iJ7y8M+XVRMB8GA1UdIwQY
MBaAFDHbhH0dseCywsJVAiEP9acZlnoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEt
YmQ2ZTNiMDI2YzM3LzEvMFBST09YSFd0cnFUc2hlYldJbnZMd3o1ZFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEtYmQ2ZTNiMDI2YzM3
LzEvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue7WMA0G
CSqGSIb3DQEBCwUAA4IBAQB3CuCjPUmAejdHdItZ2IltwYjltLrczRggg5w6JR/Y
b6dr+p9nqEJSQEjz0tWOupNYFoYCxKISzMmQ+w/QMXw+hq4V77s7a1ogm0wBeIhe
KNp+cu34mu7fL0HPKay/wcTkTvQKy+zpmmNv72GoURBeRlMUXcIX9j0KMJEbQrLa
koDDBCzBKpHjKc/wpHyyJWjyuOv1fS71r7O9+l5W5GEYmmRSy9MDvXgHMA0iIbKw
vMq6K+7L+SnjB2k8/SgqhgG5XGQV3bA56+tJ0Tn1fwU57OmD/8XbYkaH4FBBz4Ej
Bttb9B+hjGYkKauc64x8hX433MbO9n5KNkA7ZHwbfCOn
-----END CERTIFICATE-----