This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/I_klKsqV4Xc27UFkAneEsuB-gHk.roa
File:                     I_klKsqV4Xc27UFkAneEsuB-gHk.roa (raw, json)
Hash identifier:          AkW1e4Xf71kIFS8tvO/5F4giqlxcvlPyuHSMW67qHI0=
Subject key identifier:   23:F9:25:2A:CA:95:E1:77:36:ED:41:64:02:77:84:B2:E0:7E:80:79
Certificate issuer:       /CN=dff5cc4848943b4fe89d2ce71fdc1e4ff7d7f3e3
Certificate serial:       019B79ED56E1250F1A94D59C5B9BA992ECE3
Authority key identifier: DF:F5:CC:48:48:94:3B:4F:E8:9D:2C:E7:1F:DC:1E:4F:F7:D7:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_XMSEiUO0_onSznH9weT_fX8-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/I_klKsqV4Xc27UFkAneEsuB-gHk.roa
Signing time:             Thu 01 Jan 2026 14:19:16 +0000
ROA not before:           Thu 01 Jan 2026 14:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49936
IP address blocks:        85.159.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/3_XMSEiUO0_onSznH9weT_fX8-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/3_XMSEiUO0_onSznH9weT_fX8-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_XMSEiUO0_onSznH9weT_fX8-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:56:e1:25:0f:1a:94:d5:9c:5b:9b:a9:92:ec:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff5cc4848943b4fe89d2ce71fdc1e4ff7d7f3e3
        Validity
            Not Before: Jan  1 14:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23f9252aca95e17736ed4164027784b2e07e8079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fe:a6:65:e6:c4:a5:83:73:11:9e:22:4e:28:
                    54:d3:0f:58:41:a4:15:45:ce:cb:44:70:c9:9f:bd:
                    5d:05:cb:ba:62:65:fe:e7:f7:1f:93:d0:50:93:63:
                    85:7c:fd:ae:5c:60:c6:34:70:44:01:8d:d0:70:ab:
                    7b:7d:e1:29:63:71:21:b5:32:cd:05:5c:d0:02:d5:
                    06:d6:ef:e4:e0:4c:e4:93:e3:59:89:f9:1f:ad:fd:
                    7b:ab:0c:12:ee:c6:6a:84:bb:76:1f:44:e9:cb:6c:
                    02:29:fe:66:55:df:f9:0f:de:34:3b:fd:26:55:f2:
                    7c:1a:de:62:b8:35:7e:b9:33:e6:be:fe:cd:1a:c3:
                    d7:20:0e:f7:d0:53:a0:53:da:01:87:59:2f:85:dd:
                    3d:c6:be:19:d3:f4:75:ea:22:47:31:0b:20:0c:e5:
                    15:19:7f:0e:ac:6a:ec:c8:d3:e9:35:20:e1:59:e8:
                    61:72:b8:83:c3:2b:8e:bc:5b:56:ed:3a:23:ec:38:
                    ab:21:bc:ff:ff:ae:09:40:e5:d4:a6:c9:c4:00:e0:
                    d2:26:ca:5f:34:48:5a:ca:12:80:c9:ca:04:7b:5b:
                    b2:b9:6f:12:a7:5c:c5:5b:3c:d1:44:5e:af:dc:5f:
                    dd:35:97:4f:22:00:9a:e7:3f:46:32:73:bf:d5:77:
                    49:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F9:25:2A:CA:95:E1:77:36:ED:41:64:02:77:84:B2:E0:7E:80:79
            X509v3 Authority Key Identifier:
                keyid:DF:F5:CC:48:48:94:3B:4F:E8:9D:2C:E7:1F:DC:1E:4F:F7:D7:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_XMSEiUO0_onSznH9weT_fX8-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/I_klKsqV4Xc27UFkAneEsuB-gHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f419eb-2331-4bc7-8f1b-2689c85878ad/1/3_XMSEiUO0_onSznH9weT_fX8-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:db:61:37:25:53:a4:3a:73:a1:3a:39:e4:3b:85:58:e8:e8:
         13:db:db:77:69:72:36:06:66:31:74:c8:ca:67:ac:79:d7:4e:
         c8:3a:fb:a5:6c:8e:c6:89:a4:f9:b4:07:3b:3d:7d:7a:1a:96:
         2e:33:7c:dd:ae:ed:72:fa:6e:57:b1:bc:7a:c9:b0:52:83:3d:
         d1:b0:b1:68:d0:61:5e:e5:bf:8e:ee:b0:62:c1:27:92:6f:10:
         14:83:c1:a0:05:51:7a:66:66:8a:e1:6c:ba:c6:30:ac:0e:c6:
         de:22:c1:24:e8:41:54:ac:de:79:b4:24:dc:af:82:93:19:0f:
         1b:0f:a4:2e:d1:76:4d:e1:cd:ff:be:6d:fc:f4:ae:44:a4:fa:
         2c:94:0b:5a:12:2f:19:9d:51:7d:01:2d:18:21:47:75:d1:ff:
         68:ca:bf:ba:d2:45:7c:95:a9:58:55:51:8e:53:01:a6:67:a6:
         a8:10:99:3d:87:93:2c:c7:32:92:5c:67:c7:55:8d:76:ad:19:
         85:30:81:2f:eb:93:a4:2e:cc:25:a3:2e:7e:59:a4:c6:9d:d2:
         8c:dc:a7:87:a8:7f:45:8a:1f:c2:92:21:2b:ee:b8:c4:17:4e:
         86:bc:4b:49:20:29:60:26:78:a7:82:54:c5:ff:09:1e:40:a8:
         0b:2c:8a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57VbhJQ8alNWcW5upkuzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjVjYzQ4NDg5NDNiNGZlODlkMmNlNzFmZGMxZTRmZjdk
N2YzZTMwHhcNMjYwMTAxMTQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y5MjUyYWNhOTVlMTc3MzZlZDQxNjQwMjc3ODRiMmUwN2U4MDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/6mZebEpYNzEZ4iTihU0w9YQaQV
Rc7LRHDJn71dBcu6YmX+5/cfk9BQk2OFfP2uXGDGNHBEAY3QcKt7feEpY3EhtTLN
BVzQAtUG1u/k4Ezkk+NZifkfrf17qwwS7sZqhLt2H0Tpy2wCKf5mVd/5D940O/0m
VfJ8Gt5iuDV+uTPmvv7NGsPXIA730FOgU9oBh1kvhd09xr4Z0/R16iJHMQsgDOUV
GX8OrGrsyNPpNSDhWehhcriDwyuOvFtW7Toj7DirIbz//64JQOXUpsnEAODSJspf
NEhayhKAycoEe1uyuW8Sp1zFWzzRRF6v3F/dNZdPIgCa5z9GMnO/1XdJ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCP5JSrKleF3Nu1BZAJ3hLLgfoB5MB8GA1UdIwQY
MBaAFN/1zEhIlDtP6J0s5x/cHk/31/PjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19YTVNFaVVPMF9vblN6bkg5d2VUX2ZYOC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNDE5ZWItMjMzMS00YmM3LThmMWIt
MjY4OWM4NTg3OGFkLzEvSV9rbEtzcVY0WGMyN1VGa0FuZUVzdUItZ0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNDE5ZWItMjMzMS00YmM3LThmMWItMjY4OWM4NTg3OGFk
LzEvM19YTVNFaVVPMF9vblN6bkg5d2VUX2ZYOC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ9xMA0G
CSqGSIb3DQEBCwUAA4IBAQBo22E3JVOkOnOhOjnkO4VY6OgT29t3aXI2BmYxdMjK
Z6x5107IOvulbI7GiaT5tAc7PX16GpYuM3zdru1y+m5Xsbx6ybBSgz3RsLFo0GFe
5b+O7rBiwSeSbxAUg8GgBVF6ZmaK4Wy6xjCsDsbeIsEk6EFUrN55tCTcr4KTGQ8b
D6Qu0XZN4c3/vm389K5EpPoslAtaEi8ZnVF9AS0YIUd10f9oyr+60kV8lalYVVGO
UwGmZ6aoEJk9h5MsxzKSXGfHVY12rRmFMIEv65OkLswloy5+WaTGndKM3KeHqH9F
ih/CkiEr7rjEF06GvEtJIClgJninglTF/wkeQKgLLIo7
-----END CERTIFICATE-----