This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/SsXP67G5VXfNXRkOT8g60pbIt_E.roa
File:                     SsXP67G5VXfNXRkOT8g60pbIt_E.roa (raw, json)
Hash identifier:          AcS0tD1MMlzOq3CnSuSLecyLwb7WNgT+D5qJ5MY2JsE=
Subject key identifier:   4A:C5:CF:EB:B1:B9:55:77:CD:5D:19:0E:4F:C8:3A:D2:96:C8:B7:F1
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019AFEB2FC51DA292C57DAA67F73E7F9C286
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/SsXP67G5VXfNXRkOT8g60pbIt_E.roa
Signing time:             Mon 08 Dec 2025 16:02:14 +0000
ROA not before:           Mon 08 Dec 2025 16:02:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215336
IP address blocks:        185.35.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:fe:b2:fc:51:da:29:2c:57:da:a6:7f:73:e7:f9:c2:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Dec  8 16:02:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ac5cfebb1b95577cd5d190e4fc83ad296c8b7f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5d:dc:60:df:67:be:a2:ac:31:85:40:dc:32:
                    6c:c9:f4:f7:cc:b3:96:40:ce:be:a1:be:cd:0a:74:
                    3f:f7:20:2f:b6:e8:5a:46:ad:8c:21:43:e1:61:95:
                    79:ed:3d:69:cd:16:fd:d8:e7:c1:b9:6f:a5:1e:29:
                    a1:23:51:20:e7:4b:c7:16:24:66:ef:8d:f7:d4:8a:
                    41:f1:2a:73:da:68:95:be:92:18:e2:2f:ec:b4:83:
                    c8:5d:6a:cb:5b:8d:a3:f9:f8:4b:3a:fa:7c:06:5c:
                    35:3b:04:c8:3d:37:f1:a9:f5:ca:b1:8b:a4:ce:b4:
                    df:4b:7a:5d:49:67:67:92:2e:fd:86:81:f0:ff:e5:
                    db:a3:73:9f:2a:61:07:18:69:e0:85:be:c7:fd:fe:
                    92:e8:34:59:dd:01:67:47:a6:ba:73:51:90:d0:42:
                    95:45:d1:e5:e9:6a:7f:4f:c3:a8:1e:30:38:a1:cd:
                    bc:bd:e4:70:5c:18:07:da:26:94:c4:b7:7a:c2:27:
                    9a:32:da:5a:7b:47:c6:04:a1:f6:aa:35:b1:14:3a:
                    92:b9:15:e7:c4:87:92:c0:a2:5a:6d:cc:67:2b:96:
                    d0:8d:ae:8f:8a:67:70:2e:80:94:d9:ee:d6:c7:52:
                    6e:b5:dc:d2:ef:68:4a:9c:8d:b3:00:c2:98:f4:c8:
                    0b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C5:CF:EB:B1:B9:55:77:CD:5D:19:0E:4F:C8:3A:D2:96:C8:B7:F1
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/SsXP67G5VXfNXRkOT8g60pbIt_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:db:1e:de:38:85:92:ea:87:d2:92:fd:6d:38:7a:d1:44:a3:
         c2:8b:38:6e:9f:4a:a0:b5:01:9c:39:84:cf:a4:ed:ab:f0:49:
         ae:72:04:ea:3a:7c:b2:7a:4a:8a:8a:5b:78:7d:78:ca:7c:42:
         b3:4e:bf:64:1c:6f:87:0e:65:06:89:ee:2b:52:f1:8f:1d:6e:
         fc:8f:5e:6e:5b:f8:92:23:e6:c9:1d:77:72:28:e7:4e:4b:b4:
         4c:89:0c:86:75:0a:19:f0:5c:11:1b:5f:47:a0:c0:a2:eb:16:
         3f:fb:08:5b:16:40:9e:4c:23:a4:2a:74:19:a1:8b:21:57:4c:
         5f:b4:a3:fb:ea:ee:8a:1d:c2:2f:43:3b:04:1e:53:67:90:91:
         e8:b6:6f:1e:8a:fa:64:37:5f:8c:8b:51:80:1d:3c:c6:57:06:
         9e:ba:17:9a:ea:96:32:00:58:14:09:73:79:27:f4:e6:4d:79:
         ab:19:b4:77:5c:42:40:f4:c0:bf:65:31:68:a9:e6:45:06:1d:
         03:fe:11:8e:13:ea:a1:a0:8e:61:b0:4e:fd:7a:97:e3:82:cb:
         e3:7e:e3:69:fd:e9:5c:50:ed:3a:df:5e:84:0d:17:ad:db:0c:
         a6:37:c6:54:80:a7:31:c3:ea:9c:1c:ba:51:4a:c0:dd:64:4c:
         04:42:60:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZr+svxR2iksV9qmf3Pn+cKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjUxMjA4MTYwMjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM1Y2ZlYmIxYjk1NTc3Y2Q1ZDE5MGU0ZmM4M2FkMjk2YzhiN2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl3cYN9nvqKsMYVA3DJsyfT3zLOW
QM6+ob7NCnQ/9yAvtuhaRq2MIUPhYZV57T1pzRb92OfBuW+lHimhI1Eg50vHFiRm
74331IpB8Spz2miVvpIY4i/stIPIXWrLW42j+fhLOvp8Blw1OwTIPTfxqfXKsYuk
zrTfS3pdSWdnki79hoHw/+Xbo3OfKmEHGGnghb7H/f6S6DRZ3QFnR6a6c1GQ0EKV
RdHl6Wp/T8OoHjA4oc28veRwXBgH2iaUxLd6wieaMtpae0fGBKH2qjWxFDqSuRXn
xIeSwKJabcxnK5bQja6PimdwLoCU2e7Wx1JutdzS72hKnI2zAMKY9MgLPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErFz+uxuVV3zV0ZDk/IOtKWyLfxMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvU3NYUDY3RzVWWGZOWFJrT1Q4ZzYwcGJJdF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSPLMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ2x7eOIWS6ofSkv1tOHrRRKPCizhun0qgtQGcOYTP
pO2r8EmucgTqOnyyekqKilt4fXjKfEKzTr9kHG+HDmUGie4rUvGPHW78j15uW/iS
I+bJHXdyKOdOS7RMiQyGdQoZ8FwRG19HoMCi6xY/+whbFkCeTCOkKnQZoYshV0xf
tKP76u6KHcIvQzsEHlNnkJHotm8eivpkN1+Mi1GAHTzGVwaeuhea6pYyAFgUCXN5
J/TmTXmrGbR3XEJA9MC/ZTFoqeZFBh0D/hGOE+qhoI5hsE79epfjgsvjfuNp/elc
UO06316EDRet2wymN8ZUgKcxw+qcHLpRSsDdZEwEQmAu
-----END CERTIFICATE-----