This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zOCm7E6AGUt37DRw5y-JoiDT9WQ.roa
File:                     zOCm7E6AGUt37DRw5y-JoiDT9WQ.roa (raw, json)
Hash identifier:          n1rkKpRbZlcyd0BbaDzIEN/0iTD5GFsjmB0CS4bdcO0=
Subject key identifier:   CC:E0:A6:EC:4E:80:19:4B:77:EC:34:70:E7:2F:89:A2:20:D3:F5:64
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13A3C2B914228C44DF73EDAF42481F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zOCm7E6AGUt37DRw5y-JoiDT9WQ.roa
Signing time:             Fri 02 Jan 2026 00:20:20 +0000
ROA not before:           Fri 02 Jan 2026 00:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216183
IP address blocks:        185.206.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:a3:c2:b9:14:22:8c:44:df:73:ed:af:42:48:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cce0a6ec4e80194b77ec3470e72f89a220d3f564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:93:c7:fc:78:21:66:40:52:5d:c8:d1:56:ac:
                    1f:b4:b7:50:11:38:88:e2:9c:ab:c8:0c:4a:3a:5c:
                    9d:fd:22:ee:90:14:ee:ae:eb:1c:51:18:00:6c:5c:
                    0f:1a:e7:e0:31:f6:85:e1:58:a6:a0:74:36:67:7d:
                    d7:d3:3e:cb:70:56:60:bb:94:a7:96:0d:aa:6f:18:
                    98:fd:d3:bb:f2:22:b2:35:06:08:e7:ad:97:36:6f:
                    dd:ae:9f:ad:bc:b8:21:93:08:d0:fd:36:f1:e4:c9:
                    fc:6b:02:dc:aa:9e:7c:68:c0:82:02:ac:64:5b:0d:
                    07:4c:0b:bc:5b:55:7e:4c:52:d4:72:29:37:8e:74:
                    22:07:5e:1c:f6:a7:71:34:e9:e2:f5:59:36:75:86:
                    cb:e8:e0:29:07:ae:4d:fd:8e:a5:3d:05:b9:a7:e3:
                    cf:a9:83:5d:2c:c2:6c:f7:13:7f:de:16:eb:ba:d5:
                    ed:26:45:70:5e:fb:5a:c9:24:2c:39:d3:a2:83:47:
                    2e:ac:b3:e9:32:7d:5d:7f:8e:f6:a1:2c:48:6f:7a:
                    ae:69:5c:d6:f2:09:7a:7e:24:fd:a4:3c:45:cb:dc:
                    05:ca:fb:33:ab:88:35:8b:68:cc:3b:69:d8:1c:e1:
                    6c:68:79:f2:c7:5e:53:1d:ad:c0:8f:fd:dd:95:0a:
                    9c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E0:A6:EC:4E:80:19:4B:77:EC:34:70:E7:2F:89:A2:20:D3:F5:64
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zOCm7E6AGUt37DRw5y-JoiDT9WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9a:bd:d8:98:1d:85:c2:b4:6e:0d:7d:bb:45:b1:28:f8:be:
         50:62:eb:c6:b6:33:d6:11:8c:1b:fc:f5:1d:0f:ab:2b:24:d8:
         88:45:32:ca:31:d5:b9:f1:7f:b3:a2:18:1c:aa:80:3b:4b:0c:
         37:5c:db:c2:69:72:50:2a:95:e9:c9:ce:59:9c:d3:06:a8:18:
         63:45:a6:be:b4:25:b2:1f:5d:06:2a:8d:db:36:8a:5b:80:24:
         2e:7c:6d:4a:7d:bd:ec:6f:1e:7b:69:b4:5f:18:47:78:3f:60:
         80:ba:5c:d9:88:1f:2d:88:4f:d7:24:1e:d2:16:fb:8e:d6:5c:
         36:42:1e:c0:fe:f3:2f:7f:a2:71:44:ae:32:b8:70:7c:2e:94:
         5d:53:d8:3d:91:27:a4:6a:2a:2b:1e:6c:e7:c7:e9:5f:08:a0:
         07:e6:8a:ee:63:7b:48:b7:bd:92:b9:0b:68:68:91:05:cd:b9:
         d2:59:4b:fa:b1:5b:5e:34:30:a5:2f:19:c1:ab:45:c6:c7:82:
         f9:fe:44:79:a4:f8:67:fb:e8:3d:98:6e:d8:dd:2a:e6:29:8c:
         a3:b6:8d:94:e3:96:15:59:f6:99:4c:81:1d:41:85:09:69:03:
         30:a3:7f:08:73:3c:40:bf:ca:8b:37:e6:80:64:2b:5f:9a:a3:
         57:7d:4d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E6PCuRQijETfc+2vQkgfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2UwYTZlYzRlODAxOTRiNzdlYzM0NzBlNzJmODlhMjIwZDNmNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpPH/HghZkBSXcjRVqwftLdQETiI
4pyryAxKOlyd/SLukBTuruscURgAbFwPGufgMfaF4VimoHQ2Z33X0z7LcFZgu5Sn
lg2qbxiY/dO78iKyNQYI562XNm/drp+tvLghkwjQ/Tbx5Mn8awLcqp58aMCCAqxk
Ww0HTAu8W1V+TFLUcik3jnQiB14c9qdxNOni9Vk2dYbL6OApB65N/Y6lPQW5p+PP
qYNdLMJs9xN/3hbrutXtJkVwXvtaySQsOdOig0curLPpMn1df472oSxIb3quaVzW
8gl6fiT9pDxFy9wFyvszq4g1i2jMO2nYHOFsaHnyx15THa3Aj/3dlQqc+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzgpuxOgBlLd+w0cOcviaIg0/VkMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvek9DbTdFNkFHVXQzN0RSdzV5LUpvaURUOVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc75MA0G
CSqGSIb3DQEBCwUAA4IBAQBfmr3YmB2FwrRuDX27RbEo+L5QYuvGtjPWEYwb/PUd
D6srJNiIRTLKMdW58X+zohgcqoA7Sww3XNvCaXJQKpXpyc5ZnNMGqBhjRaa+tCWy
H10GKo3bNopbgCQufG1Kfb3sbx57abRfGEd4P2CAulzZiB8tiE/XJB7SFvuO1lw2
Qh7A/vMvf6JxRK4yuHB8LpRdU9g9kSekaiorHmznx+lfCKAH5oruY3tIt72SuQto
aJEFzbnSWUv6sVteNDClLxnBq0XGx4L5/kR5pPhn++g9mG7Y3SrmKYyjto2U45YV
WfaZTIEdQYUJaQMwo38IczxAv8qLN+aAZCtfmqNXfU3O
-----END CERTIFICATE-----