This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/saLkMBpBsWlxL5YAPxjxZxzwLm0.roa
File:                     saLkMBpBsWlxL5YAPxjxZxzwLm0.roa (raw, json)
Hash identifier:          HWMfF/NkSXptcowH52WnAePE/1Sax5XIolYonHNfsPw=
Subject key identifier:   B1:A2:E4:30:1A:41:B1:69:71:2F:96:00:3F:18:F1:67:1C:F0:2E:6D
Certificate issuer:       /CN=ca09149f34784f5b202c56761b01d35dd02569cd
Certificate serial:       019B7BA5469BBBBA8973E8EF0BDC4783533C
Authority key identifier: CA:09:14:9F:34:78:4F:5B:20:2C:56:76:1B:01:D3:5D:D0:25:69:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ygkUnzR4T1sgLFZ2GwHTXdAlac0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/saLkMBpBsWlxL5YAPxjxZxzwLm0.roa
Signing time:             Thu 01 Jan 2026 22:19:47 +0000
ROA not before:           Thu 01 Jan 2026 22:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206855
IP address blocks:        185.136.24.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/ygkUnzR4T1sgLFZ2GwHTXdAlac0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/ygkUnzR4T1sgLFZ2GwHTXdAlac0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ygkUnzR4T1sgLFZ2GwHTXdAlac0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:46:9b:bb:ba:89:73:e8:ef:0b:dc:47:83:53:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca09149f34784f5b202c56761b01d35dd02569cd
        Validity
            Not Before: Jan  1 22:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1a2e4301a41b169712f96003f18f1671cf02e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7a:52:96:11:f1:7e:c0:26:59:fa:cd:3a:b3:
                    41:50:67:2d:ba:ca:30:57:49:b4:f8:1a:79:75:b3:
                    03:86:96:9f:02:be:46:b8:49:b6:7f:9c:91:45:70:
                    46:9f:28:4f:50:c6:0d:94:5a:b3:87:9e:a9:c3:3b:
                    80:67:59:42:a5:3d:c3:83:c0:ff:49:bf:46:87:b0:
                    64:3c:9c:75:bd:9c:8e:c5:3b:62:24:fa:63:95:e1:
                    00:20:8e:86:5c:c7:18:d5:5a:69:15:8b:cc:84:02:
                    77:b4:7b:4c:b4:36:c8:0a:aa:26:9f:89:6d:69:e5:
                    0c:ce:32:0f:68:7b:3d:0a:44:93:02:2d:58:02:87:
                    f6:a5:71:39:83:1b:5f:5b:13:77:bf:92:a4:80:c7:
                    dd:44:00:bc:fd:d0:d2:55:2a:4a:af:6f:cb:b0:15:
                    e6:c8:3d:20:5e:4e:29:a2:55:d8:58:b6:a7:b3:a9:
                    4e:b7:45:5a:cb:96:ab:0a:2c:de:34:3a:83:68:62:
                    c9:9e:1c:57:25:83:98:16:7c:6e:a4:d3:54:e4:eb:
                    a9:2b:77:b8:2f:25:f7:fa:e0:ee:59:9a:ad:86:79:
                    c6:4d:b7:38:9e:78:0f:25:48:99:e3:60:22:3a:d6:
                    69:72:f4:ed:ce:d8:23:0d:88:f7:31:9f:5b:3d:89:
                    f9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A2:E4:30:1A:41:B1:69:71:2F:96:00:3F:18:F1:67:1C:F0:2E:6D
            X509v3 Authority Key Identifier:
                keyid:CA:09:14:9F:34:78:4F:5B:20:2C:56:76:1B:01:D3:5D:D0:25:69:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ygkUnzR4T1sgLFZ2GwHTXdAlac0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/saLkMBpBsWlxL5YAPxjxZxzwLm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b0dcda-a37e-4703-8d5a-9aad903a7276/1/ygkUnzR4T1sgLFZ2GwHTXdAlac0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:f2:ad:0f:50:42:24:22:78:0b:a8:0e:f9:74:57:76:74:e3:
         15:7a:ff:5c:b5:d2:1a:68:99:7e:43:11:a6:0a:6a:46:45:90:
         63:be:d9:ed:5f:35:fe:f9:d7:28:5f:ea:ae:ec:22:12:77:5e:
         b6:72:d9:c5:75:24:bb:f1:26:33:09:4a:68:70:d2:18:28:79:
         e2:c9:e1:2b:6a:0a:8f:de:d0:a4:45:e6:01:7b:12:5c:59:b0:
         63:35:14:e2:6e:69:06:40:dc:7a:eb:9e:48:94:fe:0f:bd:da:
         43:f0:02:72:b5:28:96:5b:bb:97:f2:b7:36:22:82:11:96:1c:
         08:29:2d:34:63:3d:0c:87:9a:7e:4c:45:ce:cd:6c:2a:1c:7a:
         1d:9c:db:e1:a6:11:5c:6b:81:9a:6c:60:51:a7:80:d5:98:9f:
         f7:1e:4a:e0:6c:6f:77:d6:70:7c:43:25:6f:5d:43:33:d2:18:
         3d:c1:e1:fe:f8:e9:98:16:fa:4e:f6:38:fb:07:bd:ae:25:3b:
         80:bc:9e:b2:be:7e:ec:6f:6b:99:6a:e9:4f:d9:be:00:a7:48:
         60:d5:6e:71:db:85:fd:ab:be:b1:d3:97:ca:13:d5:d1:f5:7b:
         48:77:49:71:f4:56:c7:b9:a9:bc:19:5b:50:43:dd:71:88:ca:
         e8:86:2d:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUabu7qJc+jvC9xHg1M8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMDkxNDlmMzQ3ODRmNWIyMDJjNTY3NjFiMDFkMzVkZDAy
NTY5Y2QwHhcNMjYwMTAxMjIxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWEyZTQzMDFhNDFiMTY5NzEyZjk2MDAzZjE4ZjE2NzFjZjAyZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3pSlhHxfsAmWfrNOrNBUGctusow
V0m0+Bp5dbMDhpafAr5GuEm2f5yRRXBGnyhPUMYNlFqzh56pwzuAZ1lCpT3Dg8D/
Sb9Gh7BkPJx1vZyOxTtiJPpjleEAII6GXMcY1VppFYvMhAJ3tHtMtDbICqomn4lt
aeUMzjIPaHs9CkSTAi1YAof2pXE5gxtfWxN3v5KkgMfdRAC8/dDSVSpKr2/LsBXm
yD0gXk4polXYWLans6lOt0Vay5arCizeNDqDaGLJnhxXJYOYFnxupNNU5OupK3e4
LyX3+uDuWZqthnnGTbc4nngPJUiZ42AiOtZpcvTtztgjDYj3MZ9bPYn53QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGi5DAaQbFpcS+WAD8Y8Wcc8C5tMB8GA1UdIwQY
MBaAFMoJFJ80eE9bICxWdhsB013QJWnNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWdrVW56UjRUMXNnTEZaMkd3SFRYZEFsYWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iMGRjZGEtYTM3ZS00NzAzLThkNWEt
OWFhZDkwM2E3Mjc2LzEvc2FMa01CcEJzV2x4TDVZQVB4anhaeHp3TG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iMGRjZGEtYTM3ZS00NzAzLThkNWEtOWFhZDkwM2E3Mjc2
LzEveWdrVW56UjRUMXNnTEZaMkd3SFRYZEFsYWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYgYMA0G
CSqGSIb3DQEBCwUAA4IBAQAf8q0PUEIkIngLqA75dFd2dOMVev9ctdIaaJl+QxGm
CmpGRZBjvtntXzX++dcoX+qu7CISd162ctnFdSS78SYzCUpocNIYKHniyeEragqP
3tCkReYBexJcWbBjNRTibmkGQNx6655IlP4PvdpD8AJytSiWW7uX8rc2IoIRlhwI
KS00Yz0Mh5p+TEXOzWwqHHodnNvhphFca4GabGBRp4DVmJ/3HkrgbG931nB8QyVv
XUMz0hg9weH++OmYFvpO9jj7B72uJTuAvJ6yvn7sb2uZaulP2b4Ap0hg1W5x24X9
q76x05fKE9XR9XtId0lx9FbHuam8GVtQQ91xiMrohi28
-----END CERTIFICATE-----