This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xMBJZz2bJfsBhc3yuwCZs9RTEcY.roa
File:                     xMBJZz2bJfsBhc3yuwCZs9RTEcY.roa (raw, json)
Hash identifier:          DGX0xijGnoYtsoEZ0DDaOFKnhORhnqmGYF+7IK9yHBk=
Subject key identifier:   C4:C0:49:67:3D:9B:25:FB:01:85:CD:F2:BB:00:99:B3:D4:53:11:C6
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C1398501B39B3D7D2B1AFCA67E82727
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xMBJZz2bJfsBhc3yuwCZs9RTEcY.roa
Signing time:             Fri 02 Jan 2026 00:20:17 +0000
ROA not before:           Fri 02 Jan 2026 00:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212609
IP address blocks:        185.108.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:98:50:1b:39:b3:d7:d2:b1:af:ca:67:e8:27:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4c049673d9b25fb0185cdf2bb0099b3d45311c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:5a:11:fd:f0:81:1e:51:5d:0b:25:9d:67:72:
                    ed:60:0b:19:a2:9f:1b:67:2d:a3:4f:14:a4:82:e6:
                    b7:6c:8e:f3:71:ad:ab:b4:e9:96:2f:a0:56:cb:ed:
                    a4:14:2d:1b:27:91:8b:12:2c:99:5c:a4:58:5c:96:
                    74:6d:09:8e:d1:ef:13:42:fb:2c:30:04:87:0d:86:
                    74:7c:5a:78:1f:51:de:bc:e0:49:ca:7b:7f:57:5c:
                    b5:49:8d:c9:f2:4d:4a:a2:0c:a0:3c:b0:43:68:f7:
                    76:e9:36:b2:03:d1:71:89:49:90:f1:60:cf:3b:7b:
                    42:b2:62:c3:7f:c6:04:88:60:8e:16:a6:6b:78:76:
                    0b:c3:e5:03:71:f5:10:ef:84:9f:c9:36:fb:92:71:
                    54:8d:c2:43:31:ab:7c:31:c9:cb:e5:23:67:6f:89:
                    a5:9d:04:d4:39:e7:4d:18:19:34:a9:0c:a6:76:0c:
                    ee:2d:93:b1:34:2c:59:25:20:7b:8a:d3:67:b9:44:
                    bc:f7:cb:41:53:4f:77:f1:81:b4:4d:bb:a2:1c:d2:
                    bd:3c:94:e5:84:a0:4e:16:6b:95:3a:11:36:b9:a2:
                    cf:6a:38:69:0d:da:97:91:f8:c7:b4:ae:64:df:e1:
                    3f:df:1c:58:03:7b:5f:f7:95:4c:fe:90:ef:7a:17:
                    bf:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C0:49:67:3D:9B:25:FB:01:85:CD:F2:BB:00:99:B3:D4:53:11:C6
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xMBJZz2bJfsBhc3yuwCZs9RTEcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:1f:71:25:a8:b3:f4:81:43:23:2d:ee:31:4e:06:b7:79:48:
         24:5d:d1:41:20:6c:f2:6b:98:6d:b6:31:ff:92:37:db:a4:d2:
         09:50:df:37:fe:e4:13:58:b4:89:ca:96:ae:e1:63:a1:2d:d8:
         27:02:f0:b1:f0:60:4c:57:f7:37:80:5c:7a:71:3f:ce:69:8f:
         e6:9b:c8:a8:57:3d:d3:6c:93:cd:64:89:28:89:ae:13:4a:ce:
         ff:28:a0:89:07:f1:04:73:af:b0:65:01:84:8d:1e:e4:a8:c7:
         7f:b1:a9:cd:b3:9b:05:f2:c6:60:c8:40:ce:98:e2:72:ef:cf:
         20:f0:fb:e0:a5:2e:c2:38:7a:e5:46:39:c8:e1:b7:06:7c:20:
         76:c3:63:19:56:b7:e8:84:84:2b:d2:f3:f5:4d:3a:3e:0a:72:
         45:b9:5a:69:25:5a:2b:0d:b8:1f:4b:26:98:ff:3b:34:a4:bb:
         c5:3d:30:44:90:25:3a:fd:b0:58:52:1b:69:fd:8f:ba:84:f0:
         ce:57:e1:c3:c6:e4:b8:63:be:2f:68:14:6d:2e:ef:6e:59:4f:
         6b:e1:35:eb:37:0e:2a:69:a8:62:e4:50:ee:2c:61:80:78:d1:
         36:78:c0:c0:27:7d:e6:32:ca:15:6c:97:2d:c2:67:6e:f0:58:
         ee:97:28:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E5hQGzmz19Kxr8pn6CcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGMwNDk2NzNkOWIyNWZiMDE4NWNkZjJiYjAwOTliM2Q0NTMxMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+1oR/fCBHlFdCyWdZ3LtYAsZop8b
Zy2jTxSkgua3bI7zca2rtOmWL6BWy+2kFC0bJ5GLEiyZXKRYXJZ0bQmO0e8TQvss
MASHDYZ0fFp4H1HevOBJynt/V1y1SY3J8k1KogygPLBDaPd26TayA9FxiUmQ8WDP
O3tCsmLDf8YEiGCOFqZreHYLw+UDcfUQ74SfyTb7knFUjcJDMat8McnL5SNnb4ml
nQTUOedNGBk0qQymdgzuLZOxNCxZJSB7itNnuUS898tBU0938YG0TbuiHNK9PJTl
hKBOFmuVOhE2uaLPajhpDdqXkfjHtK5k3+E/3xxYA3tf95VM/pDvehe/IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTASWc9myX7AYXN8rsAmbPUUxHGMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveE1CSlp6MmJKZnNCaGMzeXV3Q1pzOVJURWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWzPMA0G
CSqGSIb3DQEBCwUAA4IBAQAXH3ElqLP0gUMjLe4xTga3eUgkXdFBIGzya5httjH/
kjfbpNIJUN83/uQTWLSJypau4WOhLdgnAvCx8GBMV/c3gFx6cT/OaY/mm8ioVz3T
bJPNZIkoia4TSs7/KKCJB/EEc6+wZQGEjR7kqMd/sanNs5sF8sZgyEDOmOJy788g
8PvgpS7COHrlRjnI4bcGfCB2w2MZVrfohIQr0vP1TTo+CnJFuVppJVorDbgfSyaY
/zs0pLvFPTBEkCU6/bBYUhtp/Y+6hPDOV+HDxuS4Y74vaBRtLu9uWU9r4TXrNw4q
aahi5FDuLGGAeNE2eMDAJ33mMsoVbJctwmdu8Fjulygh
-----END CERTIFICATE-----