This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o0E983ld3z0dSNZKTUgwEEFHE3E.roa
File:                     o0E983ld3z0dSNZKTUgwEEFHE3E.roa (raw, json)
Hash identifier:          Qsw1/tu11iTY0bmXHCHQq3GOUb1EaGHTFsO6vFfTvO8=
Subject key identifier:   A3:41:3D:F3:79:5D:DF:3D:1D:48:D6:4A:4D:48:30:10:41:47:13:71
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C139BEDC67F19C7863F96E63928D410
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o0E983ld3z0dSNZKTUgwEEFHE3E.roa
Signing time:             Fri 02 Jan 2026 00:20:18 +0000
ROA not before:           Fri 02 Jan 2026 00:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213920
IP address blocks:        185.225.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:9b:ed:c6:7f:19:c7:86:3f:96:e6:39:28:d4:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3413df3795ddf3d1d48d64a4d48301041471371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:19:73:93:c5:89:2b:7d:f3:a6:42:cf:64:63:
                    c9:92:6a:da:71:f6:92:d2:f1:cd:f9:e1:dc:13:5f:
                    6c:7d:86:87:cc:a2:83:77:bb:78:67:09:17:42:5a:
                    e5:69:81:73:9c:b6:d1:74:53:da:65:eb:36:c0:30:
                    60:48:63:a6:c6:5a:cd:0a:9c:58:e9:33:ae:d1:00:
                    56:01:32:26:ba:15:5a:46:e9:22:61:08:b5:48:e1:
                    da:2a:14:a6:2f:10:64:ee:0e:ec:20:ff:e1:95:73:
                    30:f9:29:5b:02:30:66:f8:8e:40:4c:27:59:c3:3f:
                    3a:62:e5:99:f4:6d:9f:6b:cb:31:2d:73:76:3f:74:
                    c0:c5:58:bd:de:31:f9:b7:32:97:8e:d1:a8:d9:11:
                    3a:06:64:4b:75:fc:c8:9d:c7:99:b8:ae:96:e4:63:
                    14:68:8e:8f:bd:93:67:fd:f3:6f:c0:da:f9:a7:1b:
                    37:34:3e:3b:39:5f:ca:e2:a8:ed:21:81:4f:ee:a7:
                    c8:f6:7f:f2:4f:a4:df:21:d3:dc:82:74:69:6c:10:
                    c5:24:fc:1c:0b:da:3a:2b:17:16:ed:ca:3e:bb:95:
                    4e:d4:a7:52:cf:e3:3d:1e:c9:63:97:5d:96:cc:57:
                    73:ff:83:ab:fd:b6:93:8b:ee:bd:c3:a5:1f:43:33:
                    af:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:41:3D:F3:79:5D:DF:3D:1D:48:D6:4A:4D:48:30:10:41:47:13:71
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o0E983ld3z0dSNZKTUgwEEFHE3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b0:c6:cc:c5:ae:0d:7f:ad:a5:a4:0f:9d:62:3d:c6:a4:b7:
         71:2b:77:19:c7:3f:0f:03:fa:03:92:5d:e6:8e:9d:7f:92:23:
         a6:49:cb:53:f0:1a:2e:85:4e:9d:b8:5d:58:e4:7e:3d:38:84:
         ee:98:8f:82:b6:09:12:98:33:58:13:fe:bd:81:80:43:77:87:
         e9:54:67:55:8e:72:ce:11:01:fc:84:a2:44:de:27:3a:d6:af:
         a4:c6:15:8d:f3:6d:1e:2a:f5:2d:14:3a:1e:76:fd:7a:c8:21:
         c9:06:83:fa:c1:f5:73:55:47:b6:5e:29:d1:af:5b:f2:d3:fa:
         00:9e:20:b6:8e:7d:45:74:5b:00:ae:10:4b:9f:03:90:5c:3b:
         f3:ad:42:e3:ed:1e:d7:4b:16:d1:ad:51:ca:98:71:ef:57:3b:
         cd:72:27:79:0e:47:83:ae:e3:08:1d:4b:ca:b1:dd:56:a5:c2:
         d7:e2:a3:89:34:8f:ad:b5:09:87:02:54:ff:96:9a:7d:cb:4f:
         91:e0:7f:43:e2:1f:77:31:47:3b:d8:6e:7f:a4:92:9b:30:b4:
         b8:b5:93:a0:ad:33:36:43:16:c0:79:02:3a:0e:42:4c:a2:e9:
         df:2c:74:70:70:37:91:97:07:35:ae:71:be:c5:61:d4:4b:0b:
         c6:2e:43:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E5vtxn8Zx4Y/luY5KNQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQxM2RmMzc5NWRkZjNkMWQ0OGQ2NGE0ZDQ4MzAxMDQxNDcxMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Blzk8WJK33zpkLPZGPJkmracfaS
0vHN+eHcE19sfYaHzKKDd7t4ZwkXQlrlaYFznLbRdFPaZes2wDBgSGOmxlrNCpxY
6TOu0QBWATImuhVaRukiYQi1SOHaKhSmLxBk7g7sIP/hlXMw+SlbAjBm+I5ATCdZ
wz86YuWZ9G2fa8sxLXN2P3TAxVi93jH5tzKXjtGo2RE6BmRLdfzInceZuK6W5GMU
aI6PvZNn/fNvwNr5pxs3ND47OV/K4qjtIYFP7qfI9n/yT6TfIdPcgnRpbBDFJPwc
C9o6KxcW7co+u5VO1KdSz+M9Hsljl12WzFdz/4Or/baTi+69w6UfQzOvHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNBPfN5Xd89HUjWSk1IMBBBRxNxMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbzBFOTgzbGQzejBkU05aS1RVZ3dFRUZIRTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueEWMA0G
CSqGSIb3DQEBCwUAA4IBAQCRsMbMxa4Nf62lpA+dYj3GpLdxK3cZxz8PA/oDkl3m
jp1/kiOmSctT8BouhU6duF1Y5H49OITumI+CtgkSmDNYE/69gYBDd4fpVGdVjnLO
EQH8hKJE3ic61q+kxhWN820eKvUtFDoedv16yCHJBoP6wfVzVUe2XinRr1vy0/oA
niC2jn1FdFsArhBLnwOQXDvzrULj7R7XSxbRrVHKmHHvVzvNcid5DkeDruMIHUvK
sd1WpcLX4qOJNI+ttQmHAlT/lpp9y0+R4H9D4h93MUc72G5/pJKbMLS4tZOgrTM2
QxbAeQI6DkJMounfLHRwcDeRlwc1rnG+xWHUSwvGLkPV
-----END CERTIFICATE-----