This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/sU4SdgLEKJLdmmd7O0WH0cIHbDc.roa
File:                     sU4SdgLEKJLdmmd7O0WH0cIHbDc.roa (raw, json)
Hash identifier:          56F6iMelALI7bLbAqUWShoXQBZvQSM/mzwf3Aamh/qA=
Subject key identifier:   B1:4E:12:76:02:C4:28:92:DD:9A:67:7B:3B:45:87:D1:C2:07:6C:37
Certificate issuer:       /CN=39ca5065043d28a2adc36383a1df7d3bec81ce8d
Certificate serial:       019B7EA6B55CC0F1B8F393908596009B1EFC
Authority key identifier: 39:CA:50:65:04:3D:28:A2:AD:C3:63:83:A1:DF:7D:3B:EC:81:CE:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/sU4SdgLEKJLdmmd7O0WH0cIHbDc.roa
Signing time:             Fri 02 Jan 2026 12:20:13 +0000
ROA not before:           Fri 02 Jan 2026 12:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206860
IP address blocks:        85.202.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:b5:5c:c0:f1:b8:f3:93:90:85:96:00:9b:1e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39ca5065043d28a2adc36383a1df7d3bec81ce8d
        Validity
            Not Before: Jan  2 12:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b14e127602c42892dd9a677b3b4587d1c2076c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b1:c9:1b:fd:87:69:37:6f:ac:f8:07:c0:49:
                    64:e6:fe:38:d4:53:7f:5c:9a:16:ab:ec:93:b9:08:
                    6c:77:da:49:46:0a:36:8e:52:ed:a3:f5:70:0b:ab:
                    97:56:54:01:c1:c3:04:aa:ef:90:46:79:2b:8a:2c:
                    4c:96:50:6b:a0:05:ca:22:0a:c4:b7:ec:5c:ce:04:
                    9b:92:af:c2:28:e8:4a:0c:b8:27:d9:f2:68:e7:59:
                    88:07:d9:5c:d6:90:fb:da:3a:3e:cd:b2:f1:ad:61:
                    c4:bf:2c:1d:c0:e0:d9:94:a6:a9:30:ed:3a:84:70:
                    22:8d:4b:1a:82:e4:7d:52:b5:77:69:c1:55:90:9b:
                    57:e2:c0:a0:66:22:fd:64:e7:ba:1f:bd:ac:16:19:
                    dd:15:37:22:bd:f8:93:d9:3d:96:f3:49:c8:61:08:
                    59:e4:6e:e4:b9:ea:10:02:c9:90:ec:68:6e:f2:d2:
                    b5:d9:1b:61:a8:89:70:0a:6d:00:de:54:c9:99:43:
                    9b:47:1d:79:d7:0b:e3:ef:36:ee:ef:5e:74:05:81:
                    df:a9:2e:f5:9b:af:10:c0:ad:f6:41:52:f7:21:94:
                    60:70:ec:4b:8e:38:79:ad:66:9b:c8:95:4b:44:64:
                    e8:02:bc:74:a4:2a:9e:56:94:5d:ea:52:95:23:a3:
                    ef:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4E:12:76:02:C4:28:92:DD:9A:67:7B:3B:45:87:D1:C2:07:6C:37
            X509v3 Authority Key Identifier:
                keyid:39:CA:50:65:04:3D:28:A2:AD:C3:63:83:A1:DF:7D:3B:EC:81:CE:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OcpQZQQ9KKKtw2ODod99O-yBzo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/sU4SdgLEKJLdmmd7O0WH0cIHbDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/347c34-96d8-4184-a668-870acfecbcdf/1/OcpQZQQ9KKKtw2ODod99O-yBzo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b1:8a:dd:44:93:53:68:ca:f4:5d:2d:ea:94:66:9f:98:2a:
         d6:97:d2:a9:bc:f8:62:c3:db:46:20:b3:6f:6d:c9:ab:8a:bc:
         d8:b9:46:f1:f9:48:dc:50:f5:20:57:33:8a:25:77:e0:59:34:
         e4:f8:49:9f:e8:6d:15:da:18:d8:3c:35:93:c8:ac:2d:21:82:
         df:fd:1d:37:5c:dc:c6:c8:2e:90:3f:8c:54:fe:a7:86:2f:80:
         64:79:dc:f6:c4:2f:42:44:b3:73:99:05:c5:52:c0:d6:50:c1:
         31:ba:2f:75:a2:77:c8:a6:f7:f3:b1:da:67:8e:50:67:b0:b5:
         7c:5b:a4:20:08:82:54:b6:b0:99:e7:49:23:0d:18:8c:16:53:
         37:31:cd:ed:31:31:be:8d:66:f8:e4:d2:52:66:f9:3e:d4:8f:
         33:2a:85:0c:4e:90:17:f7:1d:92:cc:a5:6f:c2:00:6b:55:a1:
         09:85:be:8d:64:1a:00:27:c5:4a:5e:32:1d:11:d6:c2:3e:b4:
         2c:72:e3:f4:7a:c0:fc:c1:44:79:c7:73:9f:de:a3:59:dd:94:
         29:27:82:f5:6d:53:50:3c:2e:1f:78:4d:a2:0d:4f:c8:dd:24:
         dc:a5:f0:b7:44:34:12:5d:e2:a0:cc:6b:2a:5c:a2:68:e5:77:
         bd:bf:56:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+prVcwPG485OQhZYAmx78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2E1MDY1MDQzZDI4YTJhZGMzNjM4M2ExZGY3ZDNiZWM4
MWNlOGQwHhcNMjYwMTAyMTIyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRlMTI3NjAyYzQyODkyZGQ5YTY3N2IzYjQ1ODdkMWMyMDc2YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLHJG/2HaTdvrPgHwElk5v441FN/
XJoWq+yTuQhsd9pJRgo2jlLto/VwC6uXVlQBwcMEqu+QRnkriixMllBroAXKIgrE
t+xczgSbkq/CKOhKDLgn2fJo51mIB9lc1pD72jo+zbLxrWHEvywdwODZlKapMO06
hHAijUsaguR9UrV3acFVkJtX4sCgZiL9ZOe6H72sFhndFTcivfiT2T2W80nIYQhZ
5G7kueoQAsmQ7Ghu8tK12RthqIlwCm0A3lTJmUObRx151wvj7zbu7150BYHfqS71
m68QwK32QVL3IZRgcOxLjjh5rWabyJVLRGToArx0pCqeVpRd6lKVI6PvNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFOEnYCxCiS3ZpneztFh9HCB2w3MB8GA1UdIwQY
MBaAFDnKUGUEPSiircNjg6HffTvsgc6NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2NwUVpRUTlLS0t0dzJPRG9kOTlPLXlCem8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zNDdjMzQtOTZkOC00MTg0LWE2Njgt
ODcwYWNmZWNiY2RmLzEvc1U0U2RnTEVLSkxkbW1kN08wV0gwY0lIYkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zNDdjMzQtOTZkOC00MTg0LWE2NjgtODcwYWNmZWNiY2Rm
LzEvT2NwUVpRUTlLS0t0dzJPRG9kOTlPLXlCem8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcrJMA0G
CSqGSIb3DQEBCwUAA4IBAQAgsYrdRJNTaMr0XS3qlGafmCrWl9KpvPhiw9tGILNv
bcmrirzYuUbx+UjcUPUgVzOKJXfgWTTk+Emf6G0V2hjYPDWTyKwtIYLf/R03XNzG
yC6QP4xU/qeGL4Bkedz2xC9CRLNzmQXFUsDWUMExui91onfIpvfzsdpnjlBnsLV8
W6QgCIJUtrCZ50kjDRiMFlM3Mc3tMTG+jWb45NJSZvk+1I8zKoUMTpAX9x2SzKVv
wgBrVaEJhb6NZBoAJ8VKXjIdEdbCPrQscuP0esD8wUR5x3Of3qNZ3ZQpJ4L1bVNQ
PC4feE2iDU/I3STcpfC3RDQSXeKgzGsqXKJo5Xe9v1aV
-----END CERTIFICATE-----