This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/aoOpVJxHaq6lirDB7KBfHBY1mPg.roa
File:                     aoOpVJxHaq6lirDB7KBfHBY1mPg.roa (raw, json)
Hash identifier:          yU+Zr+0ARyapGrg/EO3GqqfA2M5mqsDqcwUrOhZ27aQ=
Subject key identifier:   6A:83:A9:54:9C:47:6A:AE:A5:8A:B0:C1:EC:A0:5F:1C:16:35:98:F8
Certificate issuer:       /CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
Certificate serial:       019B7FF25809FE865C6EBA405ECE09553CFF
Authority key identifier: 70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/aoOpVJxHaq6lirDB7KBfHBY1mPg.roa
Signing time:             Fri 02 Jan 2026 18:22:27 +0000
ROA not before:           Fri 02 Jan 2026 18:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6893
IP address blocks:        185.25.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:58:09:fe:86:5c:6e:ba:40:5e:ce:09:55:3c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
        Validity
            Not Before: Jan  2 18:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a83a9549c476aaea58ab0c1eca05f1c163598f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:06:dc:a6:a9:5d:a8:2d:f9:82:7a:45:cb:af:
                    da:3f:d2:0e:df:96:e0:68:da:e8:5e:18:88:bd:cc:
                    9d:8c:70:ad:f9:ca:14:72:af:2a:5e:65:a0:24:a3:
                    e6:91:3a:23:39:ea:c7:20:d7:c8:80:3b:b3:27:e6:
                    6f:25:09:0f:84:4e:d1:c6:19:d3:e1:26:41:d0:43:
                    d6:ad:b9:13:c8:4f:fd:0f:40:06:1d:1f:e1:d5:aa:
                    7f:c4:ca:3c:7c:c7:7f:9e:b9:f0:c9:69:64:4f:b1:
                    75:e9:9b:ae:c2:0f:48:cb:06:f7:d3:91:03:5e:6d:
                    0d:5d:13:73:26:6b:d5:5e:20:2d:2c:71:58:75:33:
                    12:98:9a:6e:3d:1c:f2:46:a7:8b:09:6b:74:4a:fc:
                    36:09:0d:4f:3c:bf:b6:cc:ba:02:1a:12:82:f6:ea:
                    aa:89:89:19:b4:d8:ac:3c:10:55:de:56:ea:6b:7d:
                    67:1e:e0:df:39:b4:24:0a:98:e6:c2:8b:9c:3e:65:
                    17:77:44:1c:02:1b:c7:ce:a5:99:e5:64:bc:56:c7:
                    f1:1f:79:8a:d2:fa:25:8e:f7:1d:ca:09:a3:74:1f:
                    7b:6c:c7:a7:be:fa:c7:64:84:f2:70:4b:a5:d9:8a:
                    d1:77:d0:c7:b6:7f:74:98:96:13:00:36:2d:e2:4a:
                    c0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:83:A9:54:9C:47:6A:AE:A5:8A:B0:C1:EC:A0:5F:1C:16:35:98:F8
            X509v3 Authority Key Identifier:
                keyid:70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/aoOpVJxHaq6lirDB7KBfHBY1mPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:a6:b9:aa:6b:36:f9:cd:12:46:68:20:ae:48:c9:11:be:52:
         6b:53:c2:15:79:aa:55:8d:e6:21:d6:61:a5:76:a3:1e:cb:f4:
         c8:65:bc:0d:8a:0f:3c:3f:e6:ea:5b:04:bf:f4:bf:fc:dc:77:
         ea:64:7f:1b:65:20:70:30:c7:32:b6:de:28:7e:7f:07:13:93:
         c1:3f:46:b4:1a:19:66:24:a9:f1:53:1e:bc:9c:90:0a:48:8d:
         f1:44:61:4a:ba:e2:74:40:1e:fc:99:56:4e:f5:af:a0:b0:ea:
         c4:39:e8:dc:d1:f3:75:d7:ed:c7:6e:b5:c2:fc:12:71:cc:68:
         3f:4d:d1:37:80:3d:75:ea:08:d6:6b:57:82:90:a4:a3:59:34:
         91:07:2c:fc:ba:94:0a:9c:86:32:94:95:e8:91:66:e7:e8:65:
         77:7a:f2:6b:51:5e:1f:0b:81:85:f3:2a:3b:ce:06:2f:b7:01:
         20:e2:3e:02:58:d2:c6:c1:6f:4f:33:70:72:46:df:1c:f6:7d:
         a5:22:7b:0c:27:4b:a9:06:4c:f8:6b:44:b4:2b:c2:02:3a:ab:
         70:70:b4:7f:bc:a1:0f:8c:88:37:8a:cd:44:5c:62:db:e7:98:
         bf:6d:d8:75:c5:c6:38:f9:ac:46:a5:2c:84:c0:8c:3f:21:a6:
         1b:5e:29:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8lgJ/oZcbrpAXs4JVTz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTc2OTI5Y2JlMjFjZWRkOTRjMDEyYmE1OGJiMGI2ZjEy
OTcyMmUwHhcNMjYwMTAyMTgyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgzYTk1NDljNDc2YWFlYTU4YWIwYzFlY2EwNWYxYzE2MzU5OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwbcpqldqC35gnpFy6/aP9IO35bg
aNroXhiIvcydjHCt+coUcq8qXmWgJKPmkTojOerHINfIgDuzJ+ZvJQkPhE7RxhnT
4SZB0EPWrbkTyE/9D0AGHR/h1ap/xMo8fMd/nrnwyWlkT7F16Zuuwg9Iywb305ED
Xm0NXRNzJmvVXiAtLHFYdTMSmJpuPRzyRqeLCWt0Svw2CQ1PPL+2zLoCGhKC9uqq
iYkZtNisPBBV3lbqa31nHuDfObQkCpjmwoucPmUXd0QcAhvHzqWZ5WS8VsfxH3mK
0voljvcdygmjdB97bMenvvrHZITycEul2YrRd9DHtn90mJYTADYt4krAowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqDqVScR2qupYqwweygXxwWNZj4MB8GA1UdIwQY
MBaAFHCnaSnL4hzt2UwBK6WLsLbxKXIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQt
YTQwOWUyMmEyNDNlLzEvYW9PcFZKeEhhcTZsaXJEQjdLQmZIQlkxbVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQtYTQwOWUyMmEyNDNl
LzEvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRnhMA0G
CSqGSIb3DQEBCwUAA4IBAQDRprmqazb5zRJGaCCuSMkRvlJrU8IVeapVjeYh1mGl
dqMey/TIZbwNig88P+bqWwS/9L/83HfqZH8bZSBwMMcytt4ofn8HE5PBP0a0Ghlm
JKnxUx68nJAKSI3xRGFKuuJ0QB78mVZO9a+gsOrEOejc0fN11+3HbrXC/BJxzGg/
TdE3gD116gjWa1eCkKSjWTSRByz8upQKnIYylJXokWbn6GV3evJrUV4fC4GF8yo7
zgYvtwEg4j4CWNLGwW9PM3ByRt8c9n2lInsMJ0upBkz4a0S0K8ICOqtwcLR/vKEP
jIg3is1EXGLb55i/bdh1xcY4+axGpSyEwIw/IaYbXil4
-----END CERTIFICATE-----