This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/CuyvQkWCH2jGy1znss4XJNZ4kZI.roa
File:                     CuyvQkWCH2jGy1znss4XJNZ4kZI.roa (raw, json)
Hash identifier:          7b/YHSGs2OfIQTdNVVxxsC+vk34rdN3J6zHQ/2L5Cjo=
Subject key identifier:   0A:EC:AF:42:45:82:1F:68:C6:CB:5C:E7:B2:CE:17:24:D6:78:91:92
Certificate issuer:       /CN=bb8378d4442df69f47dc0ea582a12b2ab514be0f
Certificate serial:       019B78A274D30C9F9049A4E9AABCB0F490F8
Authority key identifier: BB:83:78:D4:44:2D:F6:9F:47:DC:0E:A5:82:A1:2B:2A:B5:14:BE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4N41EQt9p9H3A6lgqErKrUUvg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/CuyvQkWCH2jGy1znss4XJNZ4kZI.roa
Signing time:             Thu 01 Jan 2026 08:17:51 +0000
ROA not before:           Thu 01 Jan 2026 08:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39019
IP address blocks:        185.204.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/u4N41EQt9p9H3A6lgqErKrUUvg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/u4N41EQt9p9H3A6lgqErKrUUvg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4N41EQt9p9H3A6lgqErKrUUvg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:74:d3:0c:9f:90:49:a4:e9:aa:bc:b0:f4:90:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8378d4442df69f47dc0ea582a12b2ab514be0f
        Validity
            Not Before: Jan  1 08:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0aecaf4245821f68c6cb5ce7b2ce1724d6789192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9e:11:7c:66:a0:22:5c:0d:3c:c7:df:90:5a:
                    da:97:27:a9:8e:41:a5:5d:16:48:8f:a8:ab:a8:ba:
                    dd:5a:9f:22:3e:03:6e:a6:30:57:4a:38:11:ec:fe:
                    03:4c:43:57:33:7f:c7:1d:8e:6b:69:a9:34:77:54:
                    d9:e4:bc:cf:25:d2:fd:9b:55:82:cc:7b:ba:37:97:
                    f0:15:b3:c0:84:ae:ad:94:1c:81:bc:7c:3b:ed:c7:
                    44:52:c0:07:22:89:c1:b5:07:55:d9:3e:f3:cf:92:
                    3d:ac:9d:c3:1b:a3:35:52:8a:40:59:9d:45:af:a2:
                    2e:94:71:d0:a2:5f:a6:50:b8:39:09:70:08:e6:71:
                    a3:d6:35:9d:9a:9e:10:72:73:a2:8e:fb:da:1e:db:
                    0b:5e:a5:27:c0:5c:70:e6:55:d0:7a:61:35:e1:5f:
                    fb:b8:b1:d2:13:74:0b:a5:78:39:c0:e4:06:e0:b7:
                    05:22:7b:41:c2:a1:15:20:9b:45:c8:46:ab:3e:6b:
                    28:5f:9a:fc:d0:30:4a:c4:c0:49:24:e5:42:06:e7:
                    de:93:73:8a:47:98:51:b2:6c:49:d6:46:b1:69:88:
                    f3:58:65:9d:b7:6e:6e:83:fd:c4:49:c8:77:42:79:
                    79:70:b0:bd:f2:6d:28:3e:72:02:aa:02:d9:58:0e:
                    e0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:EC:AF:42:45:82:1F:68:C6:CB:5C:E7:B2:CE:17:24:D6:78:91:92
            X509v3 Authority Key Identifier:
                keyid:BB:83:78:D4:44:2D:F6:9F:47:DC:0E:A5:82:A1:2B:2A:B5:14:BE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4N41EQt9p9H3A6lgqErKrUUvg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/CuyvQkWCH2jGy1znss4XJNZ4kZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1db0d1-aa93-45c0-9889-d8a555c64214/1/u4N41EQt9p9H3A6lgqErKrUUvg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:a5:6d:47:2f:a8:4e:f4:96:69:d4:17:ba:41:21:c3:8e:45:
         88:76:89:3b:c3:62:ec:c2:38:41:bd:a6:cb:cf:30:75:24:61:
         54:08:46:62:ce:af:0b:f3:90:ae:7e:a1:8b:31:bf:2e:0c:29:
         4d:11:a0:1d:8c:c9:f9:a6:ce:10:22:ca:54:4f:f1:ca:77:15:
         c0:d9:c9:01:aa:6f:7d:09:cb:f0:0d:2b:1e:a7:15:02:2a:30:
         1a:87:59:c1:5a:95:f4:9f:59:9c:e4:0c:68:d3:97:8e:ba:8d:
         1e:1d:da:bf:0f:f0:97:fc:33:61:1c:0d:f7:6a:51:a1:77:04:
         8c:a4:cc:4c:81:12:4f:94:44:1f:60:5e:15:6f:f9:f4:0f:44:
         4f:45:69:3f:24:7b:97:a8:bb:5a:cf:a4:0d:d6:01:fe:d2:5b:
         d1:e8:e7:2d:6b:47:49:18:f3:49:b3:03:58:0e:19:f2:91:79:
         e7:ac:01:5c:5f:54:69:31:a4:42:0d:90:d7:6e:95:17:f9:eb:
         2b:99:50:77:e6:d7:1d:15:ed:e8:ce:6a:55:7a:60:ef:3a:73:
         4b:a2:e4:85:c3:9e:8d:1e:6a:97:00:60:f5:85:00:ad:2b:14:
         b3:b8:19:b0:b3:ba:97:7a:34:1c:80:d5:50:79:50:cb:55:44:
         4b:e8:f3:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4onTTDJ+QSaTpqryw9JD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODM3OGQ0NDQyZGY2OWY0N2RjMGVhNTgyYTEyYjJhYjUx
NGJlMGYwHhcNMjYwMTAxMDgxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWVjYWY0MjQ1ODIxZjY4YzZjYjVjZTdiMmNlMTcyNGQ2Nzg5MTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZ4RfGagIlwNPMffkFralyepjkGl
XRZIj6irqLrdWp8iPgNupjBXSjgR7P4DTENXM3/HHY5raak0d1TZ5LzPJdL9m1WC
zHu6N5fwFbPAhK6tlByBvHw77cdEUsAHIonBtQdV2T7zz5I9rJ3DG6M1UopAWZ1F
r6IulHHQol+mULg5CXAI5nGj1jWdmp4QcnOijvvaHtsLXqUnwFxw5lXQemE14V/7
uLHSE3QLpXg5wOQG4LcFIntBwqEVIJtFyEarPmsoX5r80DBKxMBJJOVCBufek3OK
R5hRsmxJ1kaxaYjzWGWdt25ug/3ESch3Qnl5cLC98m0oPnICqgLZWA7gowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArsr0JFgh9oxstc57LOFyTWeJGSMB8GA1UdIwQY
MBaAFLuDeNRELfafR9wOpYKhKyq1FL4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRONDFFUXQ5cDlIM0E2bGdxRXJLclVVdmc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xZGIwZDEtYWE5My00NWMwLTk4ODkt
ZDhhNTU1YzY0MjE0LzEvQ3V5dlFrV0NIMmpHeTF6bnNzNFhKTlo0a1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xZGIwZDEtYWE5My00NWMwLTk4ODktZDhhNTU1YzY0MjE0
LzEvdTRONDFFUXQ5cDlIM0E2bGdxRXJLclVVdmc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucxkMA0G
CSqGSIb3DQEBCwUAA4IBAQCwpW1HL6hO9JZp1Be6QSHDjkWIdok7w2LswjhBvabL
zzB1JGFUCEZizq8L85CufqGLMb8uDClNEaAdjMn5ps4QIspUT/HKdxXA2ckBqm99
CcvwDSsepxUCKjAah1nBWpX0n1mc5Axo05eOuo0eHdq/D/CX/DNhHA33alGhdwSM
pMxMgRJPlEQfYF4Vb/n0D0RPRWk/JHuXqLtaz6QN1gH+0lvR6Octa0dJGPNJswNY
DhnykXnnrAFcX1RpMaRCDZDXbpUX+esrmVB35tcdFe3ozmpVemDvOnNLouSFw56N
HmqXAGD1hQCtKxSzuBmws7qXejQcgNVQeVDLVURL6POQ
-----END CERTIFICATE-----