This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/dOKAlcT195hvrnl94GECXypnUw4.roa
File:                     dOKAlcT195hvrnl94GECXypnUw4.roa (raw, json)
Hash identifier:          uCgRu9pSvcyUSoOdBM4Z/JT81zNcZoR+ge8afkxI5PA=
Subject key identifier:   74:E2:80:95:C4:F5:F7:98:6F:AE:79:7D:E0:61:02:5F:2A:67:53:0E
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       019B7AC792039A7200C0CE1878D4EBC1A389
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/dOKAlcT195hvrnl94GECXypnUw4.roa
Signing time:             Thu 01 Jan 2026 18:17:37 +0000
ROA not before:           Thu 01 Jan 2026 18:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        185.51.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:92:03:9a:72:00:c0:ce:18:78:d4:eb:c1:a3:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Jan  1 18:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74e28095c4f5f7986fae797de061025f2a67530e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:bb:a0:e5:a5:cb:24:3c:49:fd:dc:2f:cd:52:
                    e7:8d:15:b7:12:ce:b0:5a:24:12:82:8c:d4:dc:ee:
                    b7:21:70:32:c1:9c:aa:ef:21:55:78:ed:58:cd:a4:
                    96:d2:1c:df:c4:05:12:be:a9:ac:9c:cc:64:46:25:
                    cb:2c:02:81:66:a3:b1:22:6b:de:d3:3f:ac:33:67:
                    87:1e:c6:95:49:81:91:22:aa:b2:8d:d4:8e:9e:9f:
                    fe:c0:8f:5d:c1:66:18:bd:44:15:2b:9f:20:d3:16:
                    5f:ff:a3:4f:e6:57:74:5b:b9:a9:88:e5:4d:b1:b8:
                    0e:93:0e:09:30:ba:20:54:1d:e6:0a:77:a7:f1:9d:
                    1f:4e:11:0f:8b:61:58:a6:63:84:6c:b5:5b:ea:d0:
                    f1:a9:0f:3a:ff:22:2d:67:2c:51:a8:f6:6a:68:90:
                    84:e4:24:2f:d8:f4:11:a3:fe:4d:15:5c:2d:71:f1:
                    c6:9f:ff:55:99:1a:d4:00:87:80:cb:76:78:40:ef:
                    d8:01:22:fe:cf:6d:fb:fc:97:42:59:64:af:c4:f9:
                    e1:63:6c:89:40:36:18:85:be:e9:49:6e:2a:0c:c2:
                    56:26:a4:69:67:ce:bf:84:4c:e1:8d:9a:c1:5e:88:
                    9e:7e:94:bd:26:0c:68:33:93:70:c2:1a:da:39:ff:
                    12:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E2:80:95:C4:F5:F7:98:6F:AE:79:7D:E0:61:02:5F:2A:67:53:0E
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/dOKAlcT195hvrnl94GECXypnUw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:8b:da:3e:fd:1e:e2:bf:e9:a9:a2:5c:16:aa:8a:d7:c3:e9:
         c6:b2:e4:bc:e7:fe:72:f6:39:38:fd:67:bc:9c:99:a2:e9:ca:
         f0:cf:a8:4f:ff:a2:ea:45:2a:38:7f:60:c5:3f:ba:a7:ac:1a:
         64:be:ee:e7:24:c6:d3:bf:99:8b:0f:fb:15:86:9c:81:4e:06:
         ca:bb:ee:c9:0e:36:20:ae:75:7b:28:ab:77:ad:e3:c0:a5:2c:
         f6:ae:7d:31:1a:13:66:47:da:97:17:6c:58:3d:ba:6f:f9:55:
         a8:10:0b:f5:b3:30:81:d9:18:58:25:9e:f9:23:f4:72:53:98:
         d8:69:04:17:ca:b2:4a:b3:b7:94:f5:ea:73:5e:9b:ba:a5:39:
         89:aa:21:f4:e2:bc:ae:ff:96:25:71:0e:47:48:3d:ce:eb:ab:
         da:ad:50:94:b9:e5:d1:b6:ef:72:ef:e3:a6:9f:6e:c9:97:ce:
         30:90:b5:fb:38:00:0e:7d:14:f3:35:e1:31:a8:b8:8d:11:b0:
         b9:f7:a8:1a:68:67:c6:d9:99:b4:e3:4e:a2:18:61:03:89:b8:
         35:65:a2:39:44:f7:e5:5c:42:fb:3c:9f:17:3d:78:8f:6f:54:
         2a:d2:4d:02:a6:53:52:4d:51:51:19:9f:d3:d1:e5:0b:e0:07:
         ea:b1:ab:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5IDmnIAwM4YeNTrwaOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjYwMTAxMTgxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGUyODA5NWM0ZjVmNzk4NmZhZTc5N2RlMDYxMDI1ZjJhNjc1MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Lug5aXLJDxJ/dwvzVLnjRW3Es6w
WiQSgozU3O63IXAywZyq7yFVeO1YzaSW0hzfxAUSvqmsnMxkRiXLLAKBZqOxImve
0z+sM2eHHsaVSYGRIqqyjdSOnp/+wI9dwWYYvUQVK58g0xZf/6NP5ld0W7mpiOVN
sbgOkw4JMLogVB3mCnen8Z0fThEPi2FYpmOEbLVb6tDxqQ86/yItZyxRqPZqaJCE
5CQv2PQRo/5NFVwtcfHGn/9VmRrUAIeAy3Z4QO/YASL+z237/JdCWWSvxPnhY2yJ
QDYYhb7pSW4qDMJWJqRpZ86/hEzhjZrBXoiefpS9JgxoM5NwwhraOf8SDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTigJXE9feYb655feBhAl8qZ1MOMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvZE9LQWxjVDE5NWh2cm5sOTRHRUNYeXBuVXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTMXMA0G
CSqGSIb3DQEBCwUAA4IBAQBIi9o+/R7iv+mpolwWqorXw+nGsuS85/5y9jk4/We8
nJmi6crwz6hP/6LqRSo4f2DFP7qnrBpkvu7nJMbTv5mLD/sVhpyBTgbKu+7JDjYg
rnV7KKt3rePApSz2rn0xGhNmR9qXF2xYPbpv+VWoEAv1szCB2RhYJZ75I/RyU5jY
aQQXyrJKs7eU9epzXpu6pTmJqiH04ryu/5YlcQ5HSD3O66varVCUueXRtu9y7+Om
n27Jl84wkLX7OAAOfRTzNeExqLiNEbC596gaaGfG2Zm0406iGGEDibg1ZaI5RPfl
XEL7PJ8XPXiPb1Qq0k0CplNSTVFRGZ/T0eUL4Afqsaur
-----END CERTIFICATE-----