This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/iY_NBjZ2wKvEhgTBknWfs0fub4o.roa
File:                     iY_NBjZ2wKvEhgTBknWfs0fub4o.roa (raw, json)
Hash identifier:          MW6tL8GWHpevV/SjR3+AcIiCM8p+f2aCKazHwkxkalU=
Subject key identifier:   89:8F:CD:06:36:76:C0:AB:C4:86:04:C1:92:75:9F:B3:47:EE:6F:8A
Certificate issuer:       /CN=2264d8aa1878f9dc1424d2fdade4039e120d5b11
Certificate serial:       019B7BA4E03A483DC5F55CC437D30E9F47FA
Authority key identifier: 22:64:D8:AA:18:78:F9:DC:14:24:D2:FD:AD:E4:03:9E:12:0D:5B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/iY_NBjZ2wKvEhgTBknWfs0fub4o.roa
Signing time:             Thu 01 Jan 2026 22:19:21 +0000
ROA not before:           Thu 01 Jan 2026 22:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        85.202.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e0:3a:48:3d:c5:f5:5c:c4:37:d3:0e:9f:47:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2264d8aa1878f9dc1424d2fdade4039e120d5b11
        Validity
            Not Before: Jan  1 22:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=898fcd063676c0abc48604c192759fb347ee6f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:31:f2:23:dc:be:6a:ce:e6:bc:d1:f4:95:56:
                    8d:55:5a:6c:d8:3d:aa:db:b2:c4:08:b2:90:42:ee:
                    9c:3e:f5:d2:30:2c:68:39:27:e5:2f:5f:06:a2:06:
                    75:2c:e1:71:70:8a:f9:8b:83:bb:6d:80:ea:4b:7f:
                    b4:26:95:1a:f0:5e:3c:d4:da:fd:6c:66:20:4e:1a:
                    79:c9:b1:6c:7d:4c:c8:3a:c6:9c:74:d0:f8:2a:f7:
                    55:da:72:75:0b:2c:04:30:6d:85:82:d3:53:91:6d:
                    0d:76:8a:57:5b:05:29:6e:3b:82:5a:ab:06:ed:f2:
                    1c:38:ab:b7:ff:72:3c:62:3d:1f:c1:8f:94:27:c5:
                    67:92:14:55:72:b5:77:95:fc:88:69:36:03:8f:04:
                    0f:b7:d1:2c:3b:ea:96:38:58:ef:d1:6f:a6:61:4c:
                    ac:5c:a9:0e:45:f5:3b:68:d0:2f:46:d5:35:84:ee:
                    5a:a0:d4:87:f7:cf:16:e5:26:b7:30:c5:8e:47:bc:
                    9e:e8:ec:fa:3a:54:e9:c3:46:05:b0:4d:cf:cc:38:
                    01:d6:ba:c8:c2:44:e1:35:92:ab:de:2f:13:a5:3d:
                    a7:9c:47:f6:25:d9:e8:db:58:a8:2f:93:ee:17:aa:
                    48:9e:79:5c:2b:39:22:62:b1:8a:60:c6:bd:7a:d2:
                    8d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8F:CD:06:36:76:C0:AB:C4:86:04:C1:92:75:9F:B3:47:EE:6F:8A
            X509v3 Authority Key Identifier:
                keyid:22:64:D8:AA:18:78:F9:DC:14:24:D2:FD:AD:E4:03:9E:12:0D:5B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/iY_NBjZ2wKvEhgTBknWfs0fub4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1d:ec:49:00:36:7a:bc:3a:59:ef:57:be:ff:30:7b:85:e8:
         31:65:c0:0f:7f:b8:0c:d8:20:c7:4c:b7:f3:fd:d3:f9:0c:a7:
         18:37:16:f9:5e:40:d6:40:e5:27:6b:de:d5:6a:3c:9a:9b:f0:
         5b:46:68:3c:6c:86:a2:34:4e:20:35:c1:73:0a:7b:aa:22:16:
         a7:5d:92:1b:f8:e6:3b:ad:b7:ed:c3:da:5f:42:92:dd:2e:cf:
         31:03:bf:55:d4:17:3a:b7:2d:8f:51:a4:a8:dc:7e:52:d4:02:
         11:93:8c:a5:7b:1b:4a:04:cc:69:26:92:35:c3:51:04:50:b3:
         61:be:ad:de:e3:f2:1c:8e:c6:e8:fd:d6:28:d6:b6:cd:6c:7a:
         1a:7f:d0:31:bb:b5:d5:ab:06:fd:58:cf:bc:98:23:d7:d3:44:
         e7:69:95:71:d3:35:7e:86:fc:de:33:ea:cb:24:74:34:d7:2b:
         f2:2a:5c:35:24:f2:15:e4:55:a3:4c:4d:0b:32:45:a1:b2:17:
         70:33:5a:59:b4:2a:ee:4b:ff:28:96:bf:21:2d:02:f1:67:a2:
         c1:f3:00:39:15:fe:b9:a9:5d:37:ad:1c:a9:d3:53:a6:81:a7:
         06:34:22:c8:88:42:81:93:75:50:67:3f:c4:e8:78:14:08:8c:
         fe:d5:44:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pOA6SD3F9VzEN9MOn0f6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNjRkOGFhMTg3OGY5ZGMxNDI0ZDJmZGFkZTQwMzllMTIw
ZDViMTEwHhcNMjYwMTAxMjIxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThmY2QwNjM2NzZjMGFiYzQ4NjA0YzE5Mjc1OWZiMzQ3ZWU2ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDHyI9y+as7mvNH0lVaNVVps2D2q
27LECLKQQu6cPvXSMCxoOSflL18GogZ1LOFxcIr5i4O7bYDqS3+0JpUa8F481Nr9
bGYgThp5ybFsfUzIOsacdND4KvdV2nJ1CywEMG2FgtNTkW0NdopXWwUpbjuCWqsG
7fIcOKu3/3I8Yj0fwY+UJ8VnkhRVcrV3lfyIaTYDjwQPt9EsO+qWOFjv0W+mYUys
XKkORfU7aNAvRtU1hO5aoNSH988W5Sa3MMWOR7ye6Oz6OlTpw0YFsE3PzDgB1rrI
wkThNZKr3i8TpT2nnEf2Jdno21ioL5PuF6pInnlcKzkiYrGKYMa9etKNiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImPzQY2dsCrxIYEwZJ1n7NH7m+KMB8GA1UdIwQY
MBaAFCJk2KoYePncFCTS/a3kA54SDVsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1UWXFoaDQtZHdVSk5MOXJlUURuaElOV3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hYzlhNGYtNTc3NC00ZWNjLTljMWQt
Yzk5OGYwMjkyMTM1LzEvaVlfTkJqWjJ3S3ZFaGdUQmtuV2ZzMGZ1YjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hYzlhNGYtNTc3NC00ZWNjLTljMWQtYzk5OGYwMjkyMTM1
LzEvSW1UWXFoaDQtZHdVSk5MOXJlUURuaElOV3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcoWMA0G
CSqGSIb3DQEBCwUAA4IBAQAmHexJADZ6vDpZ71e+/zB7hegxZcAPf7gM2CDHTLfz
/dP5DKcYNxb5XkDWQOUna97Vajyam/BbRmg8bIaiNE4gNcFzCnuqIhanXZIb+OY7
rbftw9pfQpLdLs8xA79V1Bc6ty2PUaSo3H5S1AIRk4ylextKBMxpJpI1w1EEULNh
vq3e4/Icjsbo/dYo1rbNbHoaf9Axu7XVqwb9WM+8mCPX00TnaZVx0zV+hvzeM+rL
JHQ01yvyKlw1JPIV5FWjTE0LMkWhshdwM1pZtCruS/8olr8hLQLxZ6LB8wA5Ff65
qV03rRyp01OmgacGNCLIiEKBk3VQZz/E6HgUCIz+1UQD
-----END CERTIFICATE-----
Generated at Wed Jan 7 23:47:34 2026 by rpki-client