This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-FcH5EHiHi0L1n8i0K1elwjcKM.roa
File:                     t-FcH5EHiHi0L1n8i0K1elwjcKM.roa (raw, json)
Hash identifier:          +1uxrA0VtJQ8n/Q8nNqIO/WaH2ihIab/RUQjuo5UnSU=
Subject key identifier:   B7:E1:5C:1F:91:07:88:78:B4:2F:59:FC:8B:42:B5:7A:5C:23:70:A3
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D4A080C4A32CEABA504F0AF97AA8D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-FcH5EHiHi0L1n8i0K1elwjcKM.roa
Signing time:             Fri 02 Jan 2026 06:20:24 +0000
ROA not before:           Fri 02 Jan 2026 06:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138687
IP address blocks:        185.255.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:4a:08:0c:4a:32:ce:ab:a5:04:f0:af:97:aa:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7e15c1f91078878b42f59fc8b42b57a5c2370a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b1:50:36:ff:b9:75:4c:bf:c3:00:b7:26:88:
                    e9:12:d2:e1:b0:85:a2:dd:0b:bd:58:db:23:e3:93:
                    b7:24:3e:17:57:c7:01:0e:d5:91:e6:eb:e4:20:62:
                    a0:8f:15:83:de:84:44:3a:ca:26:a2:09:32:83:b3:
                    a5:14:1e:7a:7c:01:e3:0c:bd:88:de:bb:48:1a:22:
                    68:f4:ea:9a:2a:11:1f:0d:9e:9d:9d:1c:b4:8c:53:
                    6e:af:0e:91:4e:fd:f2:69:9f:64:a9:ec:24:13:fa:
                    01:9f:7c:3f:56:9b:13:d5:88:d2:8e:9d:0b:ec:25:
                    7d:77:0c:ff:3c:f2:30:a0:45:c2:30:d1:7b:b3:de:
                    52:5b:fa:69:17:a5:2d:10:5b:5a:dc:c6:e2:10:21:
                    8f:52:3d:26:60:98:9b:1b:93:5b:08:77:7d:8a:d0:
                    15:e3:cc:0f:62:0b:5e:65:cd:04:e9:3f:b3:0c:f3:
                    9a:7b:b8:23:9d:7b:06:00:47:b2:be:92:a5:24:a7:
                    b5:b8:6c:e3:24:5c:c3:2a:6c:97:2a:b7:74:87:e8:
                    22:c4:a3:cc:e3:38:81:07:22:96:55:88:f8:a9:90:
                    10:05:77:cb:e9:85:0b:d0:0e:53:a7:92:d5:17:91:
                    0c:e7:3f:4e:39:66:89:d1:9d:70:98:dc:cf:24:a9:
                    b9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E1:5C:1F:91:07:88:78:B4:2F:59:FC:8B:42:B5:7A:5C:23:70:A3
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-FcH5EHiHi0L1n8i0K1elwjcKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d3:09:3d:d6:a7:b2:01:a2:61:fd:0f:71:84:da:07:2b:26:
         17:a5:ad:bb:31:22:9e:be:99:cd:51:33:88:61:a3:7b:59:4f:
         36:4f:1b:47:e0:d7:f2:0c:07:a6:83:63:4b:3f:4f:7c:cb:dc:
         d1:14:47:fd:7f:98:39:f3:ad:d3:33:61:a5:84:c3:40:72:24:
         39:87:52:14:c0:d1:eb:44:2d:bd:85:f2:c5:96:ff:ce:96:e2:
         8b:f0:c2:77:60:a7:1c:e3:57:02:b1:f8:a3:45:9c:43:8e:85:
         8e:f5:c0:5c:b4:87:02:5b:21:2f:a1:d6:a1:8a:7b:e3:64:41:
         61:3c:4c:ac:07:b5:22:89:fd:52:50:78:43:5a:f5:a7:be:2c:
         1a:51:5a:2d:c9:1e:a5:bf:80:52:d8:fb:f4:d0:01:f1:18:37:
         ef:af:3d:65:76:fc:7d:2e:63:f3:17:63:9c:66:d8:de:7d:ee:
         df:42:c1:7e:82:4d:7f:f4:e0:a0:72:11:8d:c4:07:2e:e5:ba:
         2b:56:0b:bf:42:fb:54:ab:12:8c:0d:4b:fd:70:21:b6:7b:a2:
         d8:68:e5:12:76:59:fb:21:9f:9f:3d:a6:f9:b6:2c:be:bb:dd:
         50:52:5b:e9:33:a2:92:f1:84:96:45:50:fa:50:45:1d:7f:6e:
         87:32:e6:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XUoIDEoyzqulBPCvl6qNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2UxNWMxZjkxMDc4ODc4YjQyZjU5ZmM4YjQyYjU3YTVjMjM3MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbFQNv+5dUy/wwC3JojpEtLhsIWi
3Qu9WNsj45O3JD4XV8cBDtWR5uvkIGKgjxWD3oREOsomogkyg7OlFB56fAHjDL2I
3rtIGiJo9OqaKhEfDZ6dnRy0jFNurw6RTv3yaZ9kqewkE/oBn3w/VpsT1YjSjp0L
7CV9dwz/PPIwoEXCMNF7s95SW/ppF6UtEFta3MbiECGPUj0mYJibG5NbCHd9itAV
48wPYgteZc0E6T+zDPOae7gjnXsGAEeyvpKlJKe1uGzjJFzDKmyXKrd0h+gixKPM
4ziBByKWVYj4qZAQBXfL6YUL0A5Tp5LVF5EM5z9OOWaJ0Z1wmNzPJKm50wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfhXB+RB4h4tC9Z/ItCtXpcI3CjMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdC1GY0g1RUhpSGkwTDFuOGkwSzFlbHdqY0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf+rMA0G
CSqGSIb3DQEBCwUAA4IBAQBE0wk91qeyAaJh/Q9xhNoHKyYXpa27MSKevpnNUTOI
YaN7WU82TxtH4NfyDAemg2NLP098y9zRFEf9f5g5863TM2GlhMNAciQ5h1IUwNHr
RC29hfLFlv/OluKL8MJ3YKcc41cCsfijRZxDjoWO9cBctIcCWyEvodahinvjZEFh
PEysB7Uiif1SUHhDWvWnviwaUVotyR6lv4BS2Pv00AHxGDfvrz1ldvx9LmPzF2Oc
Ztjefe7fQsF+gk1/9OCgchGNxAcu5borVgu/QvtUqxKMDUv9cCG2e6LYaOUSdln7
IZ+fPab5tiy+u91QUlvpM6KS8YSWRVD6UEUdf26HMubo
-----END CERTIFICATE-----