This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/rDrbyqGHpXISP5iG3Y1GTyKdM24.roa
File:                     rDrbyqGHpXISP5iG3Y1GTyKdM24.roa (raw, json)
Hash identifier:          IEFZML7lOlLhBvi4soPybXTGWqMozr/vczumNvS04HI=
Subject key identifier:   AC:3A:DB:CA:A1:87:A5:72:12:3F:98:86:DD:8D:46:4F:22:9D:33:6E
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       019B797F038271DA3E2B22D8AF1332B14F37
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/rDrbyqGHpXISP5iG3Y1GTyKdM24.roa
Signing time:             Thu 01 Jan 2026 12:18:45 +0000
ROA not before:           Thu 01 Jan 2026 12:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        185.200.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:03:82:71:da:3e:2b:22:d8:af:13:32:b1:4f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Jan  1 12:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac3adbcaa187a572123f9886dd8d464f229d336e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:94:8c:ce:5e:f0:0e:ae:55:70:83:67:05:f8:
                    86:52:6d:98:7e:64:1b:ef:f3:9f:36:ae:19:19:e9:
                    94:99:8f:59:fb:e8:29:03:e0:91:38:00:cb:2f:05:
                    78:e3:83:0e:01:8a:61:1c:ed:3d:f6:60:4e:6a:76:
                    bc:9c:e9:8d:47:58:5c:6b:f6:94:20:b8:39:07:c8:
                    8e:34:a3:d3:4d:55:b2:62:c3:b7:2f:8f:c6:da:35:
                    00:08:d2:3e:0e:5a:d2:60:2a:09:60:04:f1:b7:99:
                    f3:74:df:e2:bd:54:77:97:89:fa:75:ac:63:68:8c:
                    f3:d6:19:e9:f2:7e:b2:b0:1a:31:b2:37:c4:4d:b4:
                    b9:df:16:47:f1:d2:d3:06:1a:57:24:69:e0:d5:62:
                    e7:bf:66:ff:fb:a3:8c:2b:2a:68:49:51:e7:0b:25:
                    a0:d6:ef:ba:b3:88:46:ed:8d:4c:93:a4:b3:1e:fb:
                    49:2c:e2:18:00:45:4d:cb:18:41:8e:d8:2e:28:74:
                    d9:52:30:28:5a:f8:e1:72:5e:59:bc:b8:52:4e:74:
                    1f:93:25:e2:b1:03:be:e3:2c:73:b4:49:2f:5c:65:
                    dd:84:19:22:7a:15:93:d8:27:78:11:b8:04:54:2d:
                    46:6a:0e:63:8a:07:f8:b4:bf:ef:24:53:82:ec:c4:
                    fd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3A:DB:CA:A1:87:A5:72:12:3F:98:86:DD:8D:46:4F:22:9D:33:6E
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/rDrbyqGHpXISP5iG3Y1GTyKdM24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:4b:9b:b8:35:ab:84:2e:72:d1:9e:1e:6f:dc:6e:2f:15:c2:
         93:11:5f:b7:1e:93:b7:9a:4a:e2:f5:00:b5:32:83:64:37:7f:
         40:24:d2:ec:c9:42:10:d9:7e:7f:96:94:ad:e9:8a:d2:bf:ae:
         05:8b:8f:16:5a:e4:ad:0b:a9:6a:24:96:9f:30:8e:02:d4:13:
         bd:e6:49:06:9b:34:2b:f7:08:96:7d:c0:24:bc:8e:ed:7e:e5:
         3d:51:bb:23:11:8a:ef:08:0b:eb:81:93:28:77:de:03:ba:3c:
         82:81:e7:88:f3:01:bd:b6:31:79:b3:ac:fb:12:8a:5b:6c:4c:
         67:df:dd:29:30:bc:69:02:32:91:57:5b:17:c0:e2:66:1f:67:
         cd:d2:84:72:0a:bf:e4:60:22:49:e3:95:2a:a1:21:d0:6e:75:
         ed:61:35:26:bd:a2:02:4f:40:bb:1d:d4:a1:63:c7:ce:76:ef:
         ab:7d:1d:59:ae:61:c8:e6:e5:59:11:92:a3:e1:85:50:c3:6e:
         7d:83:2d:44:16:6b:c1:ff:8c:8e:9b:3b:26:e9:45:f1:00:35:
         78:39:d4:f3:93:7e:9d:b3:0f:5f:b1:ae:65:27:59:97:37:7d:
         4c:8b:75:5f:1a:fc:1b:c9:c5:81:4d:ad:f9:9e:0f:b3:8b:a1:
         02:62:ff:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwOCcdo+KyLYrxMysU83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjYwMTAxMTIxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNhZGJjYWExODdhNTcyMTIzZjk4ODZkZDhkNDY0ZjIyOWQzMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZSMzl7wDq5VcINnBfiGUm2YfmQb
7/OfNq4ZGemUmY9Z++gpA+CROADLLwV444MOAYphHO099mBOana8nOmNR1hca/aU
ILg5B8iONKPTTVWyYsO3L4/G2jUACNI+DlrSYCoJYATxt5nzdN/ivVR3l4n6daxj
aIzz1hnp8n6ysBoxsjfETbS53xZH8dLTBhpXJGng1WLnv2b/+6OMKypoSVHnCyWg
1u+6s4hG7Y1Mk6SzHvtJLOIYAEVNyxhBjtguKHTZUjAoWvjhcl5ZvLhSTnQfkyXi
sQO+4yxztEkvXGXdhBkiehWT2Cd4EbgEVC1Gag5jigf4tL/vJFOC7MT9lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKw628qhh6VyEj+Yht2NRk8inTNuMB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvckRyYnlxR0hwWElTUDVpRzNZMUdUeUtkTTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucgOMA0G
CSqGSIb3DQEBCwUAA4IBAQDAS5u4NauELnLRnh5v3G4vFcKTEV+3HpO3mkri9QC1
MoNkN39AJNLsyUIQ2X5/lpSt6YrSv64Fi48WWuStC6lqJJafMI4C1BO95kkGmzQr
9wiWfcAkvI7tfuU9UbsjEYrvCAvrgZMod94DujyCgeeI8wG9tjF5s6z7EopbbExn
390pMLxpAjKRV1sXwOJmH2fN0oRyCr/kYCJJ45UqoSHQbnXtYTUmvaICT0C7HdSh
Y8fOdu+rfR1ZrmHI5uVZEZKj4YVQw259gy1EFmvB/4yOmzsm6UXxADV4OdTzk36d
sw9fsa5lJ1mXN31Mi3VfGvwbycWBTa35ng+zi6ECYv8T
-----END CERTIFICATE-----