This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/bB9tiwhbq6hYU3Uiwj1rg_6lHoQ.roa
File:                     bB9tiwhbq6hYU3Uiwj1rg_6lHoQ.roa (raw, json)
Hash identifier:          XwQfxbXuM3OGYVnPS+i0ZnmylsJru3PWg0dqFXCZLBs=
Subject key identifier:   6C:1F:6D:8B:08:5B:AB:A8:58:53:75:22:C2:3D:6B:83:FE:A5:1E:84
Certificate issuer:       /CN=3bce5ec73608e24885283e910eb87bf1ef823a02
Certificate serial:       019B7BA521F3F715CDBAFB362F7A234AA094
Authority key identifier: 3B:CE:5E:C7:36:08:E2:48:85:28:3E:91:0E:B8:7B:F1:EF:82:3A:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/bB9tiwhbq6hYU3Uiwj1rg_6lHoQ.roa
Signing time:             Thu 01 Jan 2026 22:19:38 +0000
ROA not before:           Thu 01 Jan 2026 22:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        185.117.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:21:f3:f7:15:cd:ba:fb:36:2f:7a:23:4a:a0:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bce5ec73608e24885283e910eb87bf1ef823a02
        Validity
            Not Before: Jan  1 22:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c1f6d8b085baba858537522c23d6b83fea51e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:63:7c:c3:f1:f6:67:86:90:34:ce:1f:96:e2:
                    08:dd:7c:64:f8:f5:7e:06:4f:19:09:37:35:03:aa:
                    58:e8:69:92:1d:83:cf:d6:91:0c:27:b0:7e:4d:31:
                    01:ec:fd:8e:99:2e:15:00:70:2c:3b:42:10:83:f3:
                    12:21:1f:bc:d8:ba:d5:7f:84:51:9c:06:da:d3:b0:
                    e7:ae:d8:62:6a:d3:1b:67:f2:00:b3:5d:d3:27:38:
                    a8:ef:6a:90:c7:8a:b7:65:32:33:b6:9f:a2:51:49:
                    56:43:5b:0e:21:95:95:b6:f0:27:ae:af:01:70:d7:
                    4b:86:05:fa:11:2d:71:c7:20:a6:ed:0d:41:6e:40:
                    5b:7a:ba:ba:c0:96:67:8d:94:a8:05:d7:9a:f6:b8:
                    07:d7:fc:c3:17:fe:13:64:82:6e:cd:a7:57:9c:f1:
                    cc:f3:5b:3d:9c:21:c1:5c:ad:14:3e:a2:19:34:46:
                    2f:3e:9f:ba:3c:73:f9:e9:05:50:4a:06:48:3a:82:
                    6f:6f:c9:4c:96:b5:42:ef:d2:f1:84:c8:b8:b9:33:
                    af:93:34:4e:0b:d9:32:9a:3e:31:1c:91:47:7c:46:
                    d7:db:1d:30:53:62:e2:d4:79:42:de:25:28:3d:e7:
                    8a:fc:b5:48:4a:d7:59:d3:ee:68:36:57:e2:4f:56:
                    e9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1F:6D:8B:08:5B:AB:A8:58:53:75:22:C2:3D:6B:83:FE:A5:1E:84
            X509v3 Authority Key Identifier:
                keyid:3B:CE:5E:C7:36:08:E2:48:85:28:3E:91:0E:B8:7B:F1:EF:82:3A:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/bB9tiwhbq6hYU3Uiwj1rg_6lHoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:46:f4:f5:e6:06:c5:56:35:f1:ec:84:b1:d4:d2:d1:a3:3b:
         05:e7:c4:96:42:14:81:80:40:39:6b:03:1e:3a:7d:0c:ee:b1:
         15:53:8d:d5:7f:2f:ea:16:d9:05:be:74:64:df:5b:e1:59:69:
         b2:6c:a9:e0:c7:0f:fe:94:be:c2:68:5f:ad:af:39:04:e3:7b:
         db:c5:5d:33:1a:d7:54:7c:be:7b:f9:bc:b2:22:d4:5f:45:c4:
         34:12:dc:f0:e1:74:54:5c:b6:b3:e3:d7:8c:37:62:e5:06:31:
         60:e5:e1:5c:ee:98:88:6c:e9:23:a7:d7:de:42:6e:11:70:ba:
         43:9d:9a:6d:ef:2e:68:d5:a0:4f:ce:ba:d6:25:1a:9f:3d:3b:
         ca:8e:31:eb:ec:cd:04:af:1c:3d:c8:0c:09:34:24:15:2f:64:
         45:33:cc:8b:26:51:5f:07:ca:21:c8:e0:38:de:b6:49:2b:77:
         59:b8:fa:e2:d3:8b:ee:f7:ae:e0:2d:65:35:c8:cb:95:d9:44:
         42:99:32:0a:3f:1e:d8:92:14:4d:ed:67:bc:93:32:a1:70:ed:
         a5:64:d3:18:92:20:e7:12:ed:ac:8d:ab:5f:0f:a1:71:39:80:
         48:04:98:ee:f2:71:84:34:f3:08:f4:b2:3f:f4:f0:47:5f:ca:
         9d:13:55:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSHz9xXNuvs2L3ojSqCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2U1ZWM3MzYwOGUyNDg4NTI4M2U5MTBlYjg3YmYxZWY4
MjNhMDIwHhcNMjYwMTAxMjIxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzFmNmQ4YjA4NWJhYmE4NTg1Mzc1MjJjMjNkNmI4M2ZlYTUxZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2N8w/H2Z4aQNM4fluII3Xxk+PV+
Bk8ZCTc1A6pY6GmSHYPP1pEMJ7B+TTEB7P2OmS4VAHAsO0IQg/MSIR+82LrVf4RR
nAba07DnrthiatMbZ/IAs13TJzio72qQx4q3ZTIztp+iUUlWQ1sOIZWVtvAnrq8B
cNdLhgX6ES1xxyCm7Q1BbkBberq6wJZnjZSoBdea9rgH1/zDF/4TZIJuzadXnPHM
81s9nCHBXK0UPqIZNEYvPp+6PHP56QVQSgZIOoJvb8lMlrVC79LxhMi4uTOvkzRO
C9kymj4xHJFHfEbX2x0wU2Li1HlC3iUoPeeK/LVIStdZ0+5oNlfiT1bpmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwfbYsIW6uoWFN1IsI9a4P+pR6EMB8GA1UdIwQY
MBaAFDvOXsc2COJIhSg+kQ64e/HvgjoCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzg1ZXh6WUk0a2lGS0Q2UkRyaDc4ZS1DT2dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9mZmY1MTQtMWUwZS00OTNlLTllZTUt
NmU5OWI3OWRhNTIwLzEvYkI5dGl3aGJxNmhZVTNVaXdqMXJnXzZsSG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9mZmY1MTQtMWUwZS00OTNlLTllZTUtNmU5OWI3OWRhNTIw
LzEvTzg1ZXh6WUk0a2lGS0Q2UkRyaDc4ZS1DT2dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXVfMA0G
CSqGSIb3DQEBCwUAA4IBAQApRvT15gbFVjXx7ISx1NLRozsF58SWQhSBgEA5awMe
On0M7rEVU43Vfy/qFtkFvnRk31vhWWmybKngxw/+lL7CaF+trzkE43vbxV0zGtdU
fL57+byyItRfRcQ0Etzw4XRUXLaz49eMN2LlBjFg5eFc7piIbOkjp9feQm4RcLpD
nZpt7y5o1aBPzrrWJRqfPTvKjjHr7M0Erxw9yAwJNCQVL2RFM8yLJlFfB8ohyOA4
3rZJK3dZuPri04vu967gLWU1yMuV2URCmTIKPx7YkhRN7We8kzKhcO2lZNMYkiDn
Eu2sjatfD6FxOYBIBJju8nGENPMI9LI/9PBHX8qdE1Vc
-----END CERTIFICATE-----