This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_CwOTtU3okI82pLwtmx5rCYmqBw.roa
File:                     _CwOTtU3okI82pLwtmx5rCYmqBw.roa (raw, json)
Hash identifier:          mdVcgR96055cvSGaX98e3jUXv5Q46o7z7n7mSva9LM8=
Subject key identifier:   FC:2C:0E:4E:D5:37:A2:42:3C:DA:92:F0:B6:6C:79:AC:26:26:A8:1C
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       019B7C12DEB4EEA54AD4C9746807F2726754
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_CwOTtU3okI82pLwtmx5rCYmqBw.roa
Signing time:             Fri 02 Jan 2026 00:19:29 +0000
ROA not before:           Fri 02 Jan 2026 00:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        185.255.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:de:b4:ee:a5:4a:d4:c9:74:68:07:f2:72:67:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  2 00:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc2c0e4ed537a2423cda92f0b66c79ac2626a81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:8e:e1:c1:66:12:52:18:63:c1:84:ca:a9:
                    73:56:56:2a:e8:b5:2a:f2:25:02:ca:1b:58:94:86:
                    e9:d0:af:d5:52:52:44:4a:de:11:6c:8d:63:4c:32:
                    3f:11:fd:19:26:a6:b7:3e:40:b1:88:b3:83:68:fc:
                    16:94:69:29:1b:96:59:6f:5c:d6:31:8f:99:8b:20:
                    ff:54:67:06:04:6d:84:1a:f7:d8:55:6c:d4:49:d0:
                    13:42:7f:14:71:63:08:9e:a8:6a:9e:aa:45:b2:35:
                    b2:f6:96:88:b4:2b:05:db:8c:56:60:21:54:a5:1c:
                    4b:07:73:d5:af:64:8d:f4:23:f2:e6:78:00:8e:a2:
                    60:21:36:be:b3:78:23:c5:9a:c1:43:49:69:3f:b5:
                    ae:86:c4:3d:da:3d:bf:b6:0d:3e:43:37:4a:2c:1b:
                    2e:e0:02:95:ba:57:f0:0d:9e:38:7a:a5:71:14:26:
                    aa:59:b0:e8:a4:a6:e2:ad:8d:59:be:a0:4d:87:9f:
                    79:1e:0b:94:60:23:b0:db:c5:d3:0f:81:aa:5d:d1:
                    13:8f:1f:d5:aa:52:d6:1a:34:fc:4e:2d:6c:aa:0c:
                    e2:8b:d0:b1:07:69:ff:5f:96:86:07:87:9b:1a:9c:
                    6a:ca:6a:8e:ef:25:a0:2b:ec:3f:45:2b:85:5a:25:
                    20:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:2C:0E:4E:D5:37:A2:42:3C:DA:92:F0:B6:6C:79:AC:26:26:A8:1C
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/_CwOTtU3okI82pLwtmx5rCYmqBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ba:ab:1d:78:9a:7e:2c:fb:50:0a:df:b0:0f:e7:43:85:53:
         34:28:9a:cc:9f:66:4e:ea:cc:02:20:b4:45:bb:92:49:be:0f:
         a0:5f:06:4d:2c:4c:97:01:6c:b0:59:64:4e:24:fa:67:cf:94:
         0b:5f:4f:e8:2d:19:07:1a:1c:78:55:2f:f7:14:23:da:68:e1:
         96:f5:1d:01:8d:83:48:9f:8e:f0:6f:e2:d0:92:3e:4c:98:94:
         44:cc:f7:37:44:21:fe:f8:e5:80:9b:d3:f9:13:96:94:e9:11:
         6e:94:b1:a1:47:86:fb:4a:57:b0:2d:84:5f:f4:79:ce:36:46:
         65:35:59:90:78:e2:5d:ac:48:1e:0d:a4:62:6a:30:f1:46:76:
         0e:6b:9b:91:7d:a6:73:35:07:cb:b4:20:d8:b7:c5:74:03:05:
         ac:67:eb:a1:a8:70:f4:02:c0:58:a7:4d:02:64:6c:cb:9d:09:
         7a:bf:95:04:88:07:e9:a9:29:6e:43:63:c2:30:08:4e:9d:8a:
         62:5b:2f:3a:4e:ba:b7:3b:32:fe:f2:27:37:a0:3a:1d:13:f8:
         ec:41:fa:32:87:98:eb:78:db:47:82:5c:bb:b5:06:44:a6:ad:
         6a:58:51:4b:db:3f:bf:f9:f6:a2:37:83:17:d8:4c:f4:6e:c1:
         96:25:1d:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Et607qVK1Ml0aAfycmdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjYwMTAyMDAxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzJjMGU0ZWQ1MzdhMjQyM2NkYTkyZjBiNjZjNzlhYzI2MjZhODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4uO4cFmElIYY8GEyqlzVlYq6LUq
8iUCyhtYlIbp0K/VUlJESt4RbI1jTDI/Ef0ZJqa3PkCxiLODaPwWlGkpG5ZZb1zW
MY+ZiyD/VGcGBG2EGvfYVWzUSdATQn8UcWMInqhqnqpFsjWy9paItCsF24xWYCFU
pRxLB3PVr2SN9CPy5ngAjqJgITa+s3gjxZrBQ0lpP7WuhsQ92j2/tg0+QzdKLBsu
4AKVulfwDZ44eqVxFCaqWbDopKbirY1ZvqBNh595HguUYCOw28XTD4GqXdETjx/V
qlLWGjT8Ti1sqgzii9CxB2n/X5aGB4ebGpxqymqO7yWgK+w/RSuFWiUgEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwsDk7VN6JCPNqS8LZseawmJqgcMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvX0N3T1R0VTNva0k4MnBMd3RteDVyQ1ltcUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8HMA0G
CSqGSIb3DQEBCwUAA4IBAQBhuqsdeJp+LPtQCt+wD+dDhVM0KJrMn2ZO6swCILRF
u5JJvg+gXwZNLEyXAWywWWROJPpnz5QLX0/oLRkHGhx4VS/3FCPaaOGW9R0BjYNI
n47wb+LQkj5MmJREzPc3RCH++OWAm9P5E5aU6RFulLGhR4b7SlewLYRf9HnONkZl
NVmQeOJdrEgeDaRiajDxRnYOa5uRfaZzNQfLtCDYt8V0AwWsZ+uhqHD0AsBYp00C
ZGzLnQl6v5UEiAfpqSluQ2PCMAhOnYpiWy86Trq3OzL+8ic3oDodE/jsQfoyh5jr
eNtHgly7tQZEpq1qWFFL2z+/+faiN4MX2Ez0bsGWJR3Z
-----END CERTIFICATE-----