This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/D6pbu6PuaXGUO72aluwouFmWjyE.roa
File:                     D6pbu6PuaXGUO72aluwouFmWjyE.roa (raw, json)
Hash identifier:          8nTR6hgWB05NUmie1kc3rGQpyUGmaI7APNhiLwhFbGA=
Subject key identifier:   0F:AA:5B:BB:A3:EE:69:71:94:3B:BD:9A:96:EC:28:B8:59:96:8F:21
Certificate issuer:       /CN=f5346d3edbec6da72780722c0a41abeea63661d8
Certificate serial:       019B7C80386C1EEED3F95017DD0CBAEA2C89
Authority key identifier: F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/D6pbu6PuaXGUO72aluwouFmWjyE.roa
Signing time:             Fri 02 Jan 2026 02:18:56 +0000
ROA not before:           Fri 02 Jan 2026 02:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.57.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:38:6c:1e:ee:d3:f9:50:17:dd:0c:ba:ea:2c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5346d3edbec6da72780722c0a41abeea63661d8
        Validity
            Not Before: Jan  2 02:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0faa5bbba3ee6971943bbd9a96ec28b859968f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cd:db:f0:50:15:98:a9:a4:16:a6:78:f9:9d:
                    41:c7:e6:ce:85:d2:47:05:5a:d3:af:81:4e:b8:63:
                    fa:98:08:49:51:f4:53:3b:68:cc:0d:d0:c9:e0:27:
                    2e:51:6d:39:de:51:09:60:a0:c4:f9:d4:da:96:af:
                    d4:d1:66:7b:dd:ed:5e:28:73:c3:92:43:a8:3e:36:
                    53:30:d2:21:15:86:e8:e8:51:c1:da:c7:2e:04:8a:
                    21:3b:85:cf:15:d5:43:14:ca:75:ba:9f:e6:1c:e5:
                    05:fd:0d:db:43:d8:a1:a7:a5:5b:ce:0d:ed:d3:db:
                    24:8a:4a:6a:99:17:5e:49:77:c6:54:79:08:ec:1a:
                    26:25:99:96:22:9f:f5:44:0c:c2:90:b2:ec:5f:54:
                    a8:6d:70:2a:61:ab:a8:1c:13:ab:66:8f:73:4d:d4:
                    58:51:ea:4f:c4:37:f8:2d:22:ab:88:43:7d:be:29:
                    41:1c:e4:c6:67:9f:3d:7d:e8:d2:54:1d:bb:b7:ce:
                    ac:b5:b3:0a:69:30:d3:58:cc:86:ed:8d:5b:cb:6a:
                    a3:4c:91:95:88:a3:a4:b8:d1:de:f3:95:95:aa:ba:
                    29:f9:c6:60:bc:9c:34:01:68:94:35:97:e2:7b:df:
                    b5:40:29:f1:52:d1:e1:4c:ac:f6:60:b6:d6:5c:68:
                    80:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:AA:5B:BB:A3:EE:69:71:94:3B:BD:9A:96:EC:28:B8:59:96:8F:21
            X509v3 Authority Key Identifier:
                keyid:F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/D6pbu6PuaXGUO72aluwouFmWjyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:3d:ef:f9:d6:09:1c:1d:62:97:a7:fd:ba:b7:60:e8:33:55:
         1d:f2:db:c8:e0:ac:08:05:fe:ed:f9:6e:04:09:0b:3d:f9:ed:
         98:c7:f8:eb:76:5c:82:65:be:92:1e:3f:cd:a6:26:23:d7:af:
         5e:68:91:e5:d9:c9:bc:2a:f6:70:f5:b8:6d:0d:f4:92:15:30:
         0c:10:63:ed:16:7c:96:bc:77:ac:03:4a:a6:7c:52:51:16:89:
         cd:9d:b4:3a:2e:35:3d:63:46:25:6f:47:f7:04:28:51:eb:9b:
         d9:7e:a6:02:80:59:94:44:65:1a:59:34:f8:ab:7c:af:7f:ee:
         d7:97:f8:31:c9:10:26:03:57:f4:6f:84:d1:b4:10:f5:d1:72:
         9f:04:b5:1d:53:f8:0f:83:59:04:46:64:9f:73:be:5f:39:36:
         49:5e:78:31:af:09:41:d4:46:e8:5b:47:bf:bd:1c:c1:ea:8f:
         91:b8:6a:bb:b1:69:35:68:db:cb:a3:43:e7:8e:ec:f8:f9:75:
         2f:e3:fb:6f:d9:85:b9:e8:7c:f6:d8:f6:db:da:7f:bb:50:96:
         1f:ac:82:e2:47:0b:ad:8c:70:57:52:ac:7b:0c:06:65:1a:38:
         ab:90:ec:7e:32:2e:aa:38:e8:d6:22:3d:8c:0d:b7:e9:9e:5e:
         14:aa:da:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gDhsHu7T+VAX3Qy66iyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzQ2ZDNlZGJlYzZkYTcyNzgwNzIyYzBhNDFhYmVlYTYz
NjYxZDgwHhcNMjYwMTAyMDIxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmFhNWJiYmEzZWU2OTcxOTQzYmJkOWE5NmVjMjhiODU5OTY4ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM3b8FAVmKmkFqZ4+Z1Bx+bOhdJH
BVrTr4FOuGP6mAhJUfRTO2jMDdDJ4CcuUW053lEJYKDE+dTalq/U0WZ73e1eKHPD
kkOoPjZTMNIhFYbo6FHB2scuBIohO4XPFdVDFMp1up/mHOUF/Q3bQ9ihp6Vbzg3t
09skikpqmRdeSXfGVHkI7BomJZmWIp/1RAzCkLLsX1SobXAqYauoHBOrZo9zTdRY
UepPxDf4LSKriEN9vilBHOTGZ589fejSVB27t86stbMKaTDTWMyG7Y1by2qjTJGV
iKOkuNHe85WVqrop+cZgvJw0AWiUNZfie9+1QCnxUtHhTKz2YLbWXGiALwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+qW7uj7mlxlDu9mpbsKLhZlo8hMB8GA1UdIwQY
MBaAFPU0bT7b7G2nJ4ByLApBq+6mNmHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQt
ZmE3MGJkOTBlODk0LzEvRDZwYnU2UHVhWEdVTzcyYWx1d291Rm1XanlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQtZmE3MGJkOTBlODk0
LzEvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTnYMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Pe/51gkcHWKXp/26t2DoM1Ud8tvI4KwIBf7t+W4E
CQs9+e2Yx/jrdlyCZb6SHj/NpiYj169eaJHl2cm8KvZw9bhtDfSSFTAMEGPtFnyW
vHesA0qmfFJRFonNnbQ6LjU9Y0Ylb0f3BChR65vZfqYCgFmURGUaWTT4q3yvf+7X
l/gxyRAmA1f0b4TRtBD10XKfBLUdU/gPg1kERmSfc75fOTZJXngxrwlB1EboW0e/
vRzB6o+RuGq7sWk1aNvLo0Pnjuz4+XUv4/tv2YW56Hz22Pbb2n+7UJYfrILiRwut
jHBXUqx7DAZlGjirkOx+Mi6qOOjWIj2MDbfpnl4Uqtr1
-----END CERTIFICATE-----