This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/jRaIj2LT8WIXU3iA4cJ8_db3efw.roa
File:                     jRaIj2LT8WIXU3iA4cJ8_db3efw.roa (raw, json)
Hash identifier:          tCAkC3mU7deWUJjP8Hv0/NGEuNV3/CbI9UawHSvYVy8=
Subject key identifier:   8D:16:88:8F:62:D3:F1:62:17:53:78:80:E1:C2:7C:FD:D6:F7:79:FC
Certificate issuer:       /CN=2264d8aa1878f9dc1424d2fdade4039e120d5b11
Certificate serial:       019B7BA4E0A01CDEB50656DDA0743A4C89B4
Authority key identifier: 22:64:D8:AA:18:78:F9:DC:14:24:D2:FD:AD:E4:03:9E:12:0D:5B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/jRaIj2LT8WIXU3iA4cJ8_db3efw.roa
Signing time:             Thu 01 Jan 2026 22:19:21 +0000
ROA not before:           Thu 01 Jan 2026 22:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        85.202.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e0:a0:1c:de:b5:06:56:dd:a0:74:3a:4c:89:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2264d8aa1878f9dc1424d2fdade4039e120d5b11
        Validity
            Not Before: Jan  1 22:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d16888f62d3f16217537880e1c27cfdd6f779fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:93:78:a8:be:fd:e7:b7:99:a0:2e:9d:6a:
                    c2:e9:d4:88:1d:47:9e:78:9d:f2:f6:16:dc:05:9e:
                    91:28:c4:36:0f:d8:81:69:10:18:53:05:86:57:c3:
                    d4:1a:44:53:56:0c:1f:2f:01:b9:73:2a:ca:53:3c:
                    8d:ec:ec:30:50:c2:e4:26:bf:df:2e:27:ab:0b:27:
                    e7:03:4f:36:20:5d:e2:15:d5:91:25:01:96:df:db:
                    3a:26:44:21:b5:8c:c8:ac:f0:7d:5e:96:0c:ce:83:
                    1a:dd:5b:00:74:55:51:0c:9b:e8:37:b1:0c:9c:6a:
                    9d:47:c5:c3:61:1d:55:68:29:1e:45:b8:89:2c:d8:
                    84:9d:32:95:9e:c3:72:d6:73:30:db:93:b7:ef:ca:
                    21:69:f4:49:af:24:ef:c2:b7:68:17:6b:7b:e3:b2:
                    73:52:05:a3:6b:9c:fa:d7:22:7e:d4:11:ab:f3:15:
                    d4:a5:3a:15:16:91:de:e6:6f:bb:5f:4d:46:7f:12:
                    cf:c8:53:aa:bd:61:00:30:ab:d6:42:84:11:99:df:
                    32:ab:c0:b6:37:49:8f:b2:93:28:97:16:bf:4d:97:
                    33:88:b9:c0:bf:0d:38:61:56:48:fb:fd:0c:66:8e:
                    f6:9f:fc:75:41:42:84:b9:f5:42:85:d5:e8:7a:03:
                    f0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:16:88:8F:62:D3:F1:62:17:53:78:80:E1:C2:7C:FD:D6:F7:79:FC
            X509v3 Authority Key Identifier:
                keyid:22:64:D8:AA:18:78:F9:DC:14:24:D2:FD:AD:E4:03:9E:12:0D:5B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImTYqhh4-dwUJNL9reQDnhINWxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/jRaIj2LT8WIXU3iA4cJ8_db3efw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/ac9a4f-5774-4ecc-9c1d-c998f0292135/1/ImTYqhh4-dwUJNL9reQDnhINWxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e0:6b:67:66:1d:cc:aa:2d:0c:02:9b:3b:32:a5:c0:e5:cd:
         c7:44:93:e0:98:b6:db:26:fc:7a:de:8f:b9:66:49:a2:46:e3:
         81:6b:fa:78:6e:63:1d:01:38:0b:80:78:25:0d:81:7c:27:ad:
         a3:dd:33:b4:ae:03:84:2a:2c:39:fe:5b:9b:66:ca:b2:dc:73:
         38:e1:a7:f1:2b:4f:62:2d:7a:a3:59:61:5f:30:4d:c7:3f:28:
         84:92:16:2c:d7:15:d1:3a:d4:1a:6c:40:37:b0:f5:e3:6b:d4:
         55:de:7e:68:b8:1e:24:7d:01:27:d6:bc:47:31:0c:de:95:1a:
         1a:26:11:76:fe:fa:3d:57:5c:af:24:c1:43:6e:4a:e0:7d:e7:
         3e:9a:6e:ee:f3:2e:da:0f:17:18:c5:d3:f4:49:8d:88:4e:6b:
         0f:fa:f3:c3:e8:d3:cf:bf:b7:f4:f7:57:5a:54:ce:a5:d3:d1:
         f5:5d:10:f7:63:ab:86:eb:18:5d:d7:71:43:53:ba:f2:37:65:
         9c:54:0c:67:1b:f6:1f:7e:c6:00:63:98:a1:d7:34:c2:53:3b:
         f1:2b:07:bb:b2:08:cb:df:b7:3d:01:93:58:05:15:30:f6:30:
         8f:fa:e8:bc:ac:19:f8:59:58:36:9e:7e:35:01:e9:83:4d:12:
         d6:d8:8d:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pOCgHN61BlbdoHQ6TIm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNjRkOGFhMTg3OGY5ZGMxNDI0ZDJmZGFkZTQwMzllMTIw
ZDViMTEwHhcNMjYwMTAxMjIxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDE2ODg4ZjYyZDNmMTYyMTc1Mzc4ODBlMWMyN2NmZGQ2Zjc3OWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVGTeKi+/ee3maAunWrC6dSIHUee
eJ3y9hbcBZ6RKMQ2D9iBaRAYUwWGV8PUGkRTVgwfLwG5cyrKUzyN7OwwUMLkJr/f
LierCyfnA082IF3iFdWRJQGW39s6JkQhtYzIrPB9XpYMzoMa3VsAdFVRDJvoN7EM
nGqdR8XDYR1VaCkeRbiJLNiEnTKVnsNy1nMw25O378ohafRJryTvwrdoF2t747Jz
UgWja5z61yJ+1BGr8xXUpToVFpHe5m+7X01GfxLPyFOqvWEAMKvWQoQRmd8yq8C2
N0mPspMolxa/TZcziLnAvw04YVZI+/0MZo72n/x1QUKEufVChdXoegPwrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0WiI9i0/FiF1N4gOHCfP3W93n8MB8GA1UdIwQY
MBaAFCJk2KoYePncFCTS/a3kA54SDVsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1UWXFoaDQtZHdVSk5MOXJlUURuaElOV3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hYzlhNGYtNTc3NC00ZWNjLTljMWQt
Yzk5OGYwMjkyMTM1LzEvalJhSWoyTFQ4V0lYVTNpQTRjSjhfZGIzZWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hYzlhNGYtNTc3NC00ZWNjLTljMWQtYzk5OGYwMjkyMTM1
LzEvSW1UWXFoaDQtZHdVSk5MOXJlUURuaElOV3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcoWMA0G
CSqGSIb3DQEBCwUAA4IBAQAn4GtnZh3Mqi0MAps7MqXA5c3HRJPgmLbbJvx63o+5
ZkmiRuOBa/p4bmMdATgLgHglDYF8J62j3TO0rgOEKiw5/lubZsqy3HM44afxK09i
LXqjWWFfME3HPyiEkhYs1xXROtQabEA3sPXja9RV3n5ouB4kfQEn1rxHMQzelRoa
JhF2/vo9V1yvJMFDbkrgfec+mm7u8y7aDxcYxdP0SY2ITmsP+vPD6NPPv7f091da
VM6l09H1XRD3Y6uG6xhd13FDU7ryN2WcVAxnG/YffsYAY5ih1zTCUzvxKwe7sgjL
37c9AZNYBRUw9jCP+ui8rBn4WVg2nn41AemDTRLW2I2o
-----END CERTIFICATE-----