This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/gJ8nPMUk8uqyvHQ2yxhP8LCANg8.roa
File:                     gJ8nPMUk8uqyvHQ2yxhP8LCANg8.roa (raw, json)
Hash identifier:          tw3KTzXZuTpEyGkQRNx7vE9ajBD/fn1qkQVFYAfTOZo=
Subject key identifier:   80:9F:27:3C:C5:24:F2:EA:B2:BC:74:36:CB:18:4F:F0:B0:80:36:0F
Certificate issuer:       /CN=40b9cac935311e78034b4073830a81a3cf7b45d9
Certificate serial:       019B7F150F20C9E665AF5F373A241324E52E
Authority key identifier: 40:B9:CA:C9:35:31:1E:78:03:4B:40:73:83:0A:81:A3:CF:7B:45:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/gJ8nPMUk8uqyvHQ2yxhP8LCANg8.roa
Signing time:             Fri 02 Jan 2026 14:20:45 +0000
ROA not before:           Fri 02 Jan 2026 14:20:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60723
IP address blocks:        185.23.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:0f:20:c9:e6:65:af:5f:37:3a:24:13:24:e5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40b9cac935311e78034b4073830a81a3cf7b45d9
        Validity
            Not Before: Jan  2 14:20:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=809f273cc524f2eab2bc7436cb184ff0b080360f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:29:1a:86:f7:21:49:79:8d:7c:3f:7f:80:96:
                    f9:f3:82:8b:03:d4:34:9d:20:08:e0:d3:d9:12:21:
                    85:46:5f:c6:49:31:72:b5:8c:99:61:81:d7:4a:91:
                    5a:e3:4d:a9:1b:2a:12:40:57:46:87:da:ec:69:31:
                    64:51:8e:6a:38:2e:41:8a:1b:dd:50:ca:e3:36:b6:
                    ff:38:be:ed:f4:22:f9:4a:55:92:6f:6f:3a:4c:5d:
                    1a:27:a8:2f:16:5e:29:0d:f2:b6:b7:15:de:4d:47:
                    bc:9c:d6:0c:54:bd:a5:bd:d4:aa:de:78:97:a1:ae:
                    ab:3c:53:38:2f:bd:52:9a:3a:0e:9e:2b:91:4e:ac:
                    b2:48:e9:cc:fa:16:4c:03:50:ad:b5:1e:b5:1c:b9:
                    6c:75:45:a5:71:ab:41:3a:1d:a0:fa:27:6b:8b:3c:
                    66:50:4f:23:53:0d:76:65:1e:18:43:2b:b6:ea:53:
                    d2:2e:1c:62:b0:c8:e7:80:12:44:5d:d9:1f:66:ec:
                    da:e9:90:1b:5d:6f:e4:a8:16:6c:73:12:10:9a:57:
                    96:53:3b:d2:d9:53:47:6d:11:5c:5a:03:8c:fb:c1:
                    5b:c1:16:67:d6:8b:3a:cb:73:e2:dd:c1:72:54:5c:
                    b6:97:90:80:5b:fd:12:90:91:b7:3c:56:cf:fe:13:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9F:27:3C:C5:24:F2:EA:B2:BC:74:36:CB:18:4F:F0:B0:80:36:0F
            X509v3 Authority Key Identifier:
                keyid:40:B9:CA:C9:35:31:1E:78:03:4B:40:73:83:0A:81:A3:CF:7B:45:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QLnKyTUxHngDS0BzgwqBo897Rdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/gJ8nPMUk8uqyvHQ2yxhP8LCANg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/285ab6-0109-44e1-bb2b-7534fe0f1b83/1/QLnKyTUxHngDS0BzgwqBo897Rdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:0f:a3:69:27:78:49:35:00:d4:83:25:8c:ac:53:f9:05:b0:
         7b:a4:dd:c3:50:3f:91:ce:cd:d3:ac:10:56:9e:ce:86:3a:8b:
         cf:fb:8a:14:f5:24:f6:3f:dd:5b:5e:b9:4a:1a:c8:9b:9c:3b:
         42:fe:d1:54:31:e8:1f:bb:0e:40:d1:f0:e4:6c:d6:b4:33:23:
         f1:c6:44:e2:60:97:ab:ba:51:00:75:a5:e0:2b:7e:50:a9:1f:
         fb:9b:27:12:49:6c:a3:3e:50:e4:60:6b:59:42:5c:23:37:48:
         04:12:9f:a0:ca:dd:3b:28:19:2b:76:1e:17:b4:1e:90:f1:d0:
         15:12:e5:83:a5:a8:a7:a8:80:cb:5c:39:d0:44:ac:67:56:54:
         d9:78:95:54:ea:77:72:1a:2f:62:7a:d5:90:2f:99:4b:42:30:
         ba:50:24:5d:90:2e:b2:f8:2b:e5:12:ce:f5:cf:c7:03:6b:e5:
         b7:b2:65:cf:56:e1:d2:1c:77:a5:10:eb:75:31:38:ed:61:7b:
         89:44:ef:77:94:fe:6c:dc:49:7f:dc:61:11:f5:53:1b:83:65:
         23:ff:db:a8:c8:f1:b1:d2:e3:4b:41:6b:a7:63:54:17:01:de:
         ac:0b:05:4a:85:d7:82:5a:c1:44:1c:07:d7:92:e7:e9:af:23:
         b2:94:ff:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FQ8gyeZlr183OiQTJOUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYjljYWM5MzUzMTFlNzgwMzRiNDA3MzgzMGE4MWEzY2Y3
YjQ1ZDkwHhcNMjYwMTAyMTQyMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDlmMjczY2M1MjRmMmVhYjJiYzc0MzZjYjE4NGZmMGIwODAzNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApykahvchSXmNfD9/gJb584KLA9Q0
nSAI4NPZEiGFRl/GSTFytYyZYYHXSpFa402pGyoSQFdGh9rsaTFkUY5qOC5Bihvd
UMrjNrb/OL7t9CL5SlWSb286TF0aJ6gvFl4pDfK2txXeTUe8nNYMVL2lvdSq3niX
oa6rPFM4L71SmjoOniuRTqyySOnM+hZMA1CttR61HLlsdUWlcatBOh2g+idrizxm
UE8jUw12ZR4YQyu26lPSLhxisMjngBJEXdkfZuza6ZAbXW/kqBZscxIQmleWUzvS
2VNHbRFcWgOM+8FbwRZn1os6y3Pi3cFyVFy2l5CAW/0SkJG3PFbP/hPukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICfJzzFJPLqsrx0NssYT/CwgDYPMB8GA1UdIwQY
MBaAFEC5ysk1MR54A0tAc4MKgaPPe0XZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxuS3lUVXhIbmdEUzBCemd3cUJvODk3UmRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yODVhYjYtMDEwOS00NGUxLWJiMmIt
NzUzNGZlMGYxYjgzLzEvZ0o4blBNVWs4dXF5dkhRMnl4aFA4TENBTmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yODVhYjYtMDEwOS00NGUxLWJiMmItNzUzNGZlMGYxYjgz
LzEvUUxuS3lUVXhIbmdEUzBCemd3cUJvODk3UmRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuReoMA0G
CSqGSIb3DQEBCwUAA4IBAQAFD6NpJ3hJNQDUgyWMrFP5BbB7pN3DUD+Rzs3TrBBW
ns6GOovP+4oU9ST2P91bXrlKGsibnDtC/tFUMegfuw5A0fDkbNa0MyPxxkTiYJer
ulEAdaXgK35QqR/7mycSSWyjPlDkYGtZQlwjN0gEEp+gyt07KBkrdh4XtB6Q8dAV
EuWDpainqIDLXDnQRKxnVlTZeJVU6ndyGi9ietWQL5lLQjC6UCRdkC6y+CvlEs71
z8cDa+W3smXPVuHSHHelEOt1MTjtYXuJRO93lP5s3El/3GER9VMbg2Uj/9uoyPGx
0uNLQWunY1QXAd6sCwVKhdeCWsFEHAfXkufpryOylP/n
-----END CERTIFICATE-----