This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/I-rFUWq3EAExnHfV3__Nsm8v0NU.roa
File:                     I-rFUWq3EAExnHfV3__Nsm8v0NU.roa (raw, json)
Hash identifier:          w2NX+GEdy4OsU2Xy/XfDNnwV8tdkJBtYoAkIKfCH60s=
Subject key identifier:   23:EA:C5:51:6A:B7:10:01:31:9C:77:D5:DF:FF:CD:B2:6F:2F:D0:D5
Certificate issuer:       /CN=d922d8d45f985dc3896c9176a7d48d7658cb4f68
Certificate serial:       019B7CEDEB93DB5954C80885F976B68C3F28
Authority key identifier: D9:22:D8:D4:5F:98:5D:C3:89:6C:91:76:A7:D4:8D:76:58:CB:4F:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/I-rFUWq3EAExnHfV3__Nsm8v0NU.roa
Signing time:             Fri 02 Jan 2026 04:18:45 +0000
ROA not before:           Fri 02 Jan 2026 04:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43790
IP address blocks:        185.154.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:eb:93:db:59:54:c8:08:85:f9:76:b6:8c:3f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d922d8d45f985dc3896c9176a7d48d7658cb4f68
        Validity
            Not Before: Jan  2 04:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23eac5516ab71001319c77d5dfffcdb26f2fd0d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:03:73:cc:cf:25:3e:97:cd:50:be:60:5d:53:
                    38:98:da:7b:7c:b0:ae:29:18:b6:13:1e:b5:cf:e2:
                    fd:da:52:25:6b:f6:42:ae:ce:8c:c9:82:d7:29:70:
                    1e:1e:d3:7d:7b:3f:f6:e4:9a:02:56:81:69:fe:41:
                    42:09:90:24:dc:5b:55:1e:4b:76:a4:e9:8a:ea:fd:
                    18:d4:62:24:ad:bf:4a:92:22:c2:19:f3:72:f3:3d:
                    d7:4b:ab:e8:b8:2d:c6:b7:8a:ae:97:80:b5:df:69:
                    31:15:09:8e:50:31:65:7f:a7:94:30:23:54:32:78:
                    a0:17:80:5c:c5:98:d2:f1:e2:2b:9e:2f:f2:1f:cf:
                    e1:99:9c:78:b6:4e:f9:e2:9d:4b:42:5c:b8:80:fe:
                    55:e7:e0:98:53:9a:44:c4:d4:58:0b:40:4b:97:ce:
                    90:ea:a3:14:13:40:b3:c8:1a:e4:f6:b6:5b:1b:1f:
                    57:49:4e:fb:1d:5c:b5:8b:9d:2d:11:a3:af:42:02:
                    06:a7:7a:b2:d7:2a:a4:70:f8:cb:44:00:84:bd:a8:
                    a5:c7:53:d8:7f:e4:b3:20:df:e6:47:f5:b9:80:59:
                    3d:38:2e:fa:3d:b8:59:18:5f:2e:84:b7:f0:96:26:
                    26:32:a3:bb:b2:17:ea:e2:5f:dd:95:a9:8c:f6:07:
                    8c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EA:C5:51:6A:B7:10:01:31:9C:77:D5:DF:FF:CD:B2:6F:2F:D0:D5
            X509v3 Authority Key Identifier:
                keyid:D9:22:D8:D4:5F:98:5D:C3:89:6C:91:76:A7:D4:8D:76:58:CB:4F:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/I-rFUWq3EAExnHfV3__Nsm8v0NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:35:e1:79:3f:6b:dd:93:ef:c6:c9:29:9d:9d:3f:48:63:f4:
         1e:ad:d8:8f:05:90:59:ff:6c:e2:1a:b3:40:68:1b:1d:9a:95:
         98:b6:84:a3:65:d1:c2:9c:72:95:a7:52:67:81:35:1a:7e:fd:
         8c:7a:4a:ce:8f:17:73:3c:4c:89:42:75:ca:e2:5d:29:f9:1c:
         57:51:a2:a2:c1:03:ed:ef:a3:48:21:5b:4f:75:bc:da:d8:52:
         59:6b:9e:f5:76:34:42:d3:f2:8a:de:73:35:c6:c4:b6:4a:82:
         2c:f6:80:c0:20:8a:19:19:2e:5a:93:31:c1:57:01:78:0f:bb:
         5a:99:30:10:9c:4c:66:db:6d:ee:f3:b4:39:da:10:63:cd:1f:
         ac:e9:73:84:02:db:8a:8b:f2:2d:2d:99:89:eb:25:46:80:57:
         fb:05:9b:8c:a0:e8:8f:14:01:69:2c:a0:ae:62:f6:85:9f:1d:
         10:da:f6:40:d3:0e:81:af:fb:a7:6c:36:f7:84:50:bd:a7:fe:
         07:c3:e5:aa:bb:05:79:74:dd:ce:08:69:59:7f:91:98:fd:1c:
         d7:c8:c3:f7:4e:e3:5b:f3:d3:b1:dd:59:88:d1:13:cf:89:b0:
         5d:af:56:8f:ec:80:40:e8:38:06:3e:6a:43:38:df:b5:cb:e0:
         23:50:33:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87euT21lUyAiF+Xa2jD8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MjJkOGQ0NWY5ODVkYzM4OTZjOTE3NmE3ZDQ4ZDc2NThj
YjRmNjgwHhcNMjYwMTAyMDQxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VhYzU1MTZhYjcxMDAxMzE5Yzc3ZDVkZmZmY2RiMjZmMmZkMGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ANzzM8lPpfNUL5gXVM4mNp7fLCu
KRi2Ex61z+L92lIla/ZCrs6MyYLXKXAeHtN9ez/25JoCVoFp/kFCCZAk3FtVHkt2
pOmK6v0Y1GIkrb9KkiLCGfNy8z3XS6vouC3Gt4qul4C132kxFQmOUDFlf6eUMCNU
MnigF4BcxZjS8eIrni/yH8/hmZx4tk754p1LQly4gP5V5+CYU5pExNRYC0BLl86Q
6qMUE0CzyBrk9rZbGx9XSU77HVy1i50tEaOvQgIGp3qy1yqkcPjLRACEvailx1PY
f+SzIN/mR/W5gFk9OC76PbhZGF8uhLfwliYmMqO7shfq4l/dlamM9geMUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPqxVFqtxABMZx31d//zbJvL9DVMB8GA1UdIwQY
MBaAFNki2NRfmF3DiWyRdqfUjXZYy09oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlNMWTFGLVlYY09KYkpGMnA5U05kbGpMVDJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC85MDAyZTItZGMwNC00YzM5LTkyMzUt
NTRkNWQwNGUzNDZkLzEvSS1yRlVXcTNFQUV4bkhmVjNfX05zbTh2ME5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC85MDAyZTItZGMwNC00YzM5LTkyMzUtNTRkNWQwNGUzNDZk
LzEvMlNMWTFGLVlYY09KYkpGMnA5U05kbGpMVDJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZpHMA0G
CSqGSIb3DQEBCwUAA4IBAQBbNeF5P2vdk+/GySmdnT9IY/QerdiPBZBZ/2ziGrNA
aBsdmpWYtoSjZdHCnHKVp1JngTUafv2MekrOjxdzPEyJQnXK4l0p+RxXUaKiwQPt
76NIIVtPdbza2FJZa571djRC0/KK3nM1xsS2SoIs9oDAIIoZGS5akzHBVwF4D7ta
mTAQnExm223u87Q52hBjzR+s6XOEAtuKi/ItLZmJ6yVGgFf7BZuMoOiPFAFpLKCu
YvaFnx0Q2vZA0w6Br/unbDb3hFC9p/4Hw+WquwV5dN3OCGlZf5GY/RzXyMP3TuNb
89Ox3VmI0RPPibBdr1aP7IBA6DgGPmpDON+1y+AjUDMX
-----END CERTIFICATE-----