This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/fSa9ZsWpt6cpzETcA7PiodhwAl0.roa
File:                     fSa9ZsWpt6cpzETcA7PiodhwAl0.roa (raw, json)
Hash identifier:          JZ8+GnG0s73YtbrymyZrp39I9Tjd+XU3bo06GAVoOFw=
Subject key identifier:   7D:26:BD:66:C5:A9:B7:A7:29:CC:44:DC:03:B3:E2:A1:D8:70:02:5D
Certificate issuer:       /CN=759d27ce072ca336d3afaab8879f94ec63455669
Certificate serial:       019B77595D6BDD0DD56A91B6C359FB0C3180
Authority key identifier: 75:9D:27:CE:07:2C:A3:36:D3:AF:AA:B8:87:9F:94:EC:63:45:56:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/fSa9ZsWpt6cpzETcA7PiodhwAl0.roa
Signing time:             Thu 01 Jan 2026 02:18:23 +0000
ROA not before:           Thu 01 Jan 2026 02:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199342
IP address blocks:        185.11.152.0/22 maxlen: 22
                          185.11.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:5d:6b:dd:0d:d5:6a:91:b6:c3:59:fb:0c:31:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=759d27ce072ca336d3afaab8879f94ec63455669
        Validity
            Not Before: Jan  1 02:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d26bd66c5a9b7a729cc44dc03b3e2a1d870025d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6d:31:a6:0d:ce:43:71:3c:db:a7:30:c9:ac:
                    20:4e:ce:e8:89:83:8b:45:74:97:08:01:64:d1:e2:
                    f9:7e:e7:67:12:f0:e0:8f:2e:ba:e0:4d:16:2b:07:
                    18:85:0a:92:d5:4e:f0:1a:d6:fd:d3:d9:ff:7b:ef:
                    d4:fb:87:1c:62:3c:31:98:51:c5:31:7b:31:f0:02:
                    15:11:c6:d2:05:c8:69:97:5a:c0:e7:42:4f:e3:2d:
                    26:69:c9:cf:91:31:46:33:2a:ae:96:07:3d:dc:4b:
                    61:f6:99:39:2d:16:a3:2d:69:59:0f:7d:6d:4e:b8:
                    c3:aa:b1:34:80:d2:00:aa:62:70:d8:68:b5:bd:de:
                    52:bb:48:62:31:a1:a9:1b:ed:42:f3:d1:8c:f2:5a:
                    c9:38:4e:70:2a:8f:ec:b9:44:77:0a:cc:84:24:9a:
                    a3:bb:0b:ce:89:c9:ae:d6:06:d6:d2:f3:de:e3:e3:
                    69:67:58:5e:a7:8c:89:f7:0c:1c:89:f2:2d:e3:a6:
                    ab:bd:42:0b:83:27:d5:30:b0:a6:1f:3a:27:0c:83:
                    fb:de:68:f6:17:eb:17:45:ca:18:59:87:9a:9f:9f:
                    65:81:37:4c:40:98:71:fb:3b:1b:f7:36:9b:7c:e4:
                    ca:fa:67:7d:76:67:15:92:67:2f:a0:17:36:e2:1d:
                    a3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:26:BD:66:C5:A9:B7:A7:29:CC:44:DC:03:B3:E2:A1:D8:70:02:5D
            X509v3 Authority Key Identifier:
                keyid:75:9D:27:CE:07:2C:A3:36:D3:AF:AA:B8:87:9F:94:EC:63:45:56:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZ0nzgcsozbTr6q4h5-U7GNFVmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/fSa9ZsWpt6cpzETcA7PiodhwAl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f17a27-4599-45b5-a66e-70123f495110/1/dZ0nzgcsozbTr6q4h5-U7GNFVmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:42:62:9a:14:b7:5e:28:20:7c:9b:df:89:d9:5f:fe:48:5a:
         e2:d3:fd:ca:4f:df:b6:db:ed:a4:de:45:ea:b8:79:8e:31:2c:
         5c:8e:0b:07:98:ff:f2:4c:fe:ac:78:90:67:b4:e8:02:64:07:
         99:32:f8:42:1b:d4:8b:26:27:35:8c:37:0d:ca:23:22:45:26:
         93:4c:95:22:7b:bf:b2:af:a9:c6:1b:4e:da:01:3f:3f:be:8a:
         db:fe:0f:f4:d4:09:25:43:19:e1:ef:0f:e1:7a:3c:3d:54:be:
         1b:5c:4a:58:dc:ed:5c:1c:90:0a:3d:2c:7f:78:49:f1:f2:0e:
         94:da:c9:f1:1b:e4:47:6d:28:6a:f1:10:63:3a:50:d3:f7:9d:
         b6:30:94:0a:4f:5e:cb:1d:69:35:03:d9:d2:11:f0:24:99:dc:
         48:88:06:1e:e0:09:67:96:de:ed:02:35:38:f4:30:f6:dc:ff:
         9c:39:31:81:94:bf:d8:0b:5c:2c:67:b2:24:80:f2:2a:0d:55:
         28:14:43:9b:61:04:11:59:9a:94:06:ae:27:19:78:e0:79:15:
         7a:b3:4b:71:a4:67:1b:1b:c9:c7:9d:17:5b:ab:cf:8f:29:a1:
         95:22:61:69:7e:46:c8:12:b0:b1:11:64:ce:6e:23:02:d2:97:
         d7:6f:36:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WV1r3Q3VapG2w1n7DDGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OWQyN2NlMDcyY2EzMzZkM2FmYWFiODg3OWY5NGVjNjM0
NTU2NjkwHhcNMjYwMTAxMDIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDI2YmQ2NmM1YTliN2E3MjljYzQ0ZGMwM2IzZTJhMWQ4NzAwMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG0xpg3OQ3E826cwyawgTs7oiYOL
RXSXCAFk0eL5fudnEvDgjy664E0WKwcYhQqS1U7wGtb909n/e+/U+4ccYjwxmFHF
MXsx8AIVEcbSBchpl1rA50JP4y0macnPkTFGMyqulgc93Eth9pk5LRajLWlZD31t
TrjDqrE0gNIAqmJw2Gi1vd5Su0hiMaGpG+1C89GM8lrJOE5wKo/suUR3CsyEJJqj
uwvOicmu1gbW0vPe4+NpZ1hep4yJ9wwcifIt46arvUILgyfVMLCmHzonDIP73mj2
F+sXRcoYWYean59lgTdMQJhx+zsb9zabfOTK+md9dmcVkmcvoBc24h2jYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0mvWbFqbenKcxE3AOz4qHYcAJdMB8GA1UdIwQY
MBaAFHWdJ84HLKM206+quIeflOxjRVZpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFowbnpnY3NvemJUcjZxNGg1LVU3R05GVm1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9mMTdhMjctNDU5OS00NWI1LWE2NmUt
NzAxMjNmNDk1MTEwLzEvZlNhOVpzV3B0NmNwekVUY0E3UGlvZGh3QWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9mMTdhMjctNDU5OS00NWI1LWE2NmUtNzAxMjNmNDk1MTEw
LzEvZFowbnpnY3NvemJUcjZxNGg1LVU3R05GVm1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQuYMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQmKaFLdeKCB8m9+J2V/+SFri0/3KT9+22+2k3kXq
uHmOMSxcjgsHmP/yTP6seJBntOgCZAeZMvhCG9SLJic1jDcNyiMiRSaTTJUie7+y
r6nGG07aAT8/vorb/g/01AklQxnh7w/hejw9VL4bXEpY3O1cHJAKPSx/eEnx8g6U
2snxG+RHbShq8RBjOlDT9522MJQKT17LHWk1A9nSEfAkmdxIiAYe4Alnlt7tAjU4
9DD23P+cOTGBlL/YC1wsZ7IkgPIqDVUoFEObYQQRWZqUBq4nGXjgeRV6s0txpGcb
G8nHnRdbq8+PKaGVImFpfkbIErCxEWTObiMC0pfXbzZu
-----END CERTIFICATE-----