This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/SkKZfC38ghmrpySCpGvRpFixxKU.roa
File:                     SkKZfC38ghmrpySCpGvRpFixxKU.roa (raw, json)
Hash identifier:          o3RJWOBJfQjmbxei+seF+/aOYTLshRFp1ICoacA0zAA=
Subject key identifier:   4A:42:99:7C:2D:FC:82:19:AB:A7:24:82:A4:6B:D1:A4:58:B1:C4:A5
Certificate issuer:       /CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
Certificate serial:       019B7834D2ED1448001237BFF30D70E5E506
Authority key identifier: 1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/SkKZfC38ghmrpySCpGvRpFixxKU.roa
Signing time:             Thu 01 Jan 2026 06:18:06 +0000
ROA not before:           Thu 01 Jan 2026 06:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212341
IP address blocks:        85.202.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:d2:ed:14:48:00:12:37:bf:f3:0d:70:e5:e5:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a2474ce5b5e220b9f431afc86af4ec140f5f16c
        Validity
            Not Before: Jan  1 06:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a42997c2dfc8219aba72482a46bd1a458b1c4a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:78:10:b4:7d:35:be:0f:0c:74:83:a1:09:98:
                    cf:d8:a6:9f:c9:41:0a:71:fa:9b:59:31:82:20:e1:
                    3c:55:58:cd:17:51:f8:ad:ba:36:42:9e:c0:ff:c3:
                    21:9f:b8:24:72:90:1e:dd:aa:20:f2:06:d6:6e:3f:
                    1a:4a:1c:b2:f1:be:c8:97:12:05:e0:42:c9:a5:c4:
                    b8:af:e5:fc:5d:aa:eb:db:8d:20:2a:a9:65:60:98:
                    45:90:46:bc:23:71:58:8d:85:3c:d2:d6:c1:0f:ad:
                    15:c4:65:8b:0c:52:d1:fa:b4:37:ed:ff:a8:bc:29:
                    7f:68:e1:b8:48:8e:95:0f:5d:df:f3:a8:70:6d:7b:
                    da:93:a8:b4:15:b3:f3:5a:68:72:8e:29:18:f6:79:
                    93:19:31:71:a6:8d:3f:85:93:ac:d5:c8:cd:c6:26:
                    95:3f:d6:fb:58:f8:1b:5b:6c:c8:bd:89:b2:89:14:
                    e8:37:c5:1b:4d:50:6d:7e:69:53:a4:62:03:84:f1:
                    98:d2:8d:23:35:d1:ba:47:3e:5b:f8:8e:20:62:23:
                    99:79:36:04:86:f7:c9:94:8c:69:b5:42:50:dd:0d:
                    ef:43:d7:bc:1f:82:61:05:6c:dd:3d:0e:7b:a5:71:
                    ac:13:bc:6d:26:b0:00:73:2b:cb:8b:74:83:83:71:
                    6d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:42:99:7C:2D:FC:82:19:AB:A7:24:82:A4:6B:D1:A4:58:B1:C4:A5
            X509v3 Authority Key Identifier:
                keyid:1A:24:74:CE:5B:5E:22:0B:9F:43:1A:FC:86:AF:4E:C1:40:F5:F1:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GiR0zlteIgufQxr8hq9OwUD18Ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/SkKZfC38ghmrpySCpGvRpFixxKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c04359-4ae4-4e47-91cb-d7d02e97e25d/1/GiR0zlteIgufQxr8hq9OwUD18Ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:17:bd:0d:19:f8:43:70:e4:67:4b:b5:59:61:47:b8:13:5f:
         fa:49:16:1b:4c:fc:da:da:3f:1c:cc:0b:91:b8:4b:56:cf:aa:
         5a:74:30:c1:18:f3:bc:ee:c6:08:49:1e:ad:bf:70:fd:87:ed:
         9e:8e:09:74:22:87:4b:3a:c4:0f:3d:20:fb:63:84:3a:c2:d5:
         db:2e:ec:57:35:5c:73:47:f2:c6:7a:d6:2d:64:e5:14:0a:28:
         b9:c6:ad:0f:90:83:c7:80:21:6e:4e:05:7b:57:3b:85:29:7c:
         eb:1b:b0:d1:a5:db:ec:79:28:fd:6e:79:f3:59:d4:17:f0:ad:
         f8:c3:b8:0b:79:84:ed:bc:3a:97:fb:7b:fd:08:a1:fb:99:cd:
         c2:72:6e:e1:75:44:21:f7:38:c8:48:39:87:4c:bf:11:27:67:
         34:0e:95:2a:42:f8:72:ab:c2:cc:dc:2e:db:18:b5:35:39:f8:
         a2:2b:f1:94:2c:c3:38:5b:70:27:70:6f:8d:ec:18:c1:5f:4f:
         2e:c6:7b:fe:90:49:ec:08:87:4f:9d:39:91:5f:3a:2f:b5:9e:
         81:0c:6c:a6:6d:db:5b:e3:26:90:6b:9f:e9:9a:3f:76:30:a4:
         96:6d:d9:f2:55:fe:3e:0b:27:4a:25:1f:43:90:74:f1:e1:2d:
         4c:e5:ab:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NNLtFEgAEje/8w1w5eUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMjQ3NGNlNWI1ZTIyMGI5ZjQzMWFmYzg2YWY0ZWMxNDBm
NWYxNmMwHhcNMjYwMTAxMDYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQyOTk3YzJkZmM4MjE5YWJhNzI0ODJhNDZiZDFhNDU4YjFjNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXgQtH01vg8MdIOhCZjP2KafyUEK
cfqbWTGCIOE8VVjNF1H4rbo2Qp7A/8Mhn7gkcpAe3aog8gbWbj8aShyy8b7IlxIF
4ELJpcS4r+X8Xarr240gKqllYJhFkEa8I3FYjYU80tbBD60VxGWLDFLR+rQ37f+o
vCl/aOG4SI6VD13f86hwbXvak6i0FbPzWmhyjikY9nmTGTFxpo0/hZOs1cjNxiaV
P9b7WPgbW2zIvYmyiRToN8UbTVBtfmlTpGIDhPGY0o0jNdG6Rz5b+I4gYiOZeTYE
hvfJlIxptUJQ3Q3vQ9e8H4JhBWzdPQ57pXGsE7xtJrAAcyvLi3SDg3FtxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpCmXwt/IIZq6ckgqRr0aRYscSlMB8GA1UdIwQY
MBaAFBokdM5bXiILn0Ma/IavTsFA9fFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2It
ZDdkMDJlOTdlMjVkLzEvU2tLWmZDMzhnaG1ycHlTQ3BHdlJwRml4eEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMDQzNTktNGFlNC00ZTQ3LTkxY2ItZDdkMDJlOTdlMjVk
LzEvR2lSMHpsdGVJZ3VmUXhyOGhxOU93VUQxOFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQBdF70NGfhDcORnS7VZYUe4E1/6SRYbTPza2j8czAuR
uEtWz6padDDBGPO87sYISR6tv3D9h+2ejgl0IodLOsQPPSD7Y4Q6wtXbLuxXNVxz
R/LGetYtZOUUCii5xq0PkIPHgCFuTgV7VzuFKXzrG7DRpdvseSj9bnnzWdQX8K34
w7gLeYTtvDqX+3v9CKH7mc3Ccm7hdUQh9zjISDmHTL8RJ2c0DpUqQvhyq8LM3C7b
GLU1OfiiK/GULMM4W3AncG+N7BjBX08uxnv+kEnsCIdPnTmRXzovtZ6BDGymbdtb
4yaQa5/pmj92MKSWbdnyVf4+CydKJR9DkHTx4S1M5aua
-----END CERTIFICATE-----