This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/IfCIGV6zS3eX3vrkVoCyaiuLLK0.roa
File:                     IfCIGV6zS3eX3vrkVoCyaiuLLK0.roa (raw, json)
Hash identifier:          MoGcDGwcD77DZEydBhOscggWfX3MXzUebWjWnn1BBas=
Subject key identifier:   21:F0:88:19:5E:B3:4B:77:97:DE:FA:E4:56:80:B2:6A:2B:8B:2C:AD
Certificate issuer:       /CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
Certificate serial:       019B7CEE58696C6B0D39A57D888A92978D9B
Authority key identifier: 43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/IfCIGV6zS3eX3vrkVoCyaiuLLK0.roa
Signing time:             Fri 02 Jan 2026 04:19:13 +0000
ROA not before:           Fri 02 Jan 2026 04:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        185.172.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:58:69:6c:6b:0d:39:a5:7d:88:8a:92:97:8d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4364fe73419bc86d5f2e72b414b6b4d4379d5bf5
        Validity
            Not Before: Jan  2 04:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21f088195eb34b7797defae45680b26a2b8b2cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:fd:80:ea:ac:9c:cf:02:0d:aa:26:cc:87:
                    0d:88:ca:24:0b:b7:45:53:84:8d:82:09:57:71:80:
                    80:e9:77:3b:ff:7d:33:a4:17:62:ef:14:ee:45:eb:
                    d0:89:8e:71:fe:ab:3f:d0:a0:22:71:a8:21:80:73:
                    2a:6e:5f:80:c2:5f:ba:28:84:77:45:fc:47:c9:40:
                    a9:a3:50:0c:2d:a9:e3:25:76:65:a3:22:ab:b9:c2:
                    c9:d3:a1:5e:01:ca:dc:5a:cd:cc:97:73:e9:40:7d:
                    ce:74:00:1c:ea:41:34:49:bb:ff:92:6f:6e:b0:02:
                    8c:ad:8b:11:53:f7:7a:21:29:7a:6a:14:14:66:c7:
                    8a:da:ee:3e:c8:78:f9:f4:ce:83:1c:2d:88:13:9b:
                    c4:c7:cf:89:2f:c6:a5:35:06:00:be:6b:c0:2a:37:
                    b7:3f:4a:64:fe:b4:70:e3:ea:f5:90:df:ff:d5:51:
                    2c:57:f0:5d:a9:3b:b1:96:40:8f:3b:d1:45:7e:ee:
                    9f:26:e4:d1:9e:23:d5:d2:73:e2:f1:0e:a3:90:45:
                    6f:fa:a1:fd:6f:fd:69:b4:9e:19:06:1a:52:6c:a3:
                    f2:22:92:a2:16:d2:46:6c:d9:7d:fc:74:d1:ae:6c:
                    17:ed:66:c0:42:f4:97:16:ea:eb:8d:ca:96:51:c8:
                    ce:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F0:88:19:5E:B3:4B:77:97:DE:FA:E4:56:80:B2:6A:2B:8B:2C:AD
            X509v3 Authority Key Identifier:
                keyid:43:64:FE:73:41:9B:C8:6D:5F:2E:72:B4:14:B6:B4:D4:37:9D:5B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2T-c0GbyG1fLnK0FLa01DedW_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/IfCIGV6zS3eX3vrkVoCyaiuLLK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0b1815-53d7-456d-9fb4-670308d1ec9d/1/Q2T-c0GbyG1fLnK0FLa01DedW_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:1c:e1:73:84:ea:c5:8c:2c:b7:a4:2a:3e:e6:28:bc:35:b2:
         7d:de:fc:33:9e:19:81:e7:7f:60:a2:46:13:72:dc:9f:3a:a9:
         84:54:94:1d:77:78:7f:61:77:8c:6b:0c:64:61:bb:39:6e:2e:
         4e:3d:ea:c6:6c:52:ae:9a:a4:b8:49:c3:89:bb:98:b4:74:41:
         aa:99:12:ce:6c:9c:26:10:0f:7f:91:21:06:d3:36:b3:0c:5d:
         c7:87:fe:20:2c:ea:37:7a:24:23:db:1a:cf:5e:99:aa:a2:0e:
         45:70:cb:ba:0e:ae:3a:4e:00:ed:17:b9:38:24:d0:28:2e:27:
         7d:c1:a4:02:ac:7c:17:c1:ba:0a:c4:19:23:c9:90:60:e8:78:
         c9:86:6b:13:7a:59:25:60:ac:55:5c:de:72:fd:84:c9:33:a1:
         ae:52:54:d8:e7:f4:2e:1a:81:e9:38:9a:fa:74:fe:87:dc:36:
         ba:9d:5b:35:78:2e:b5:ea:09:7c:33:fe:17:63:22:4f:92:fb:
         d3:c3:c7:a1:fb:4d:43:ae:07:e7:94:79:73:2a:b9:29:52:86:
         2a:64:b2:ab:00:20:61:d0:3c:9a:1c:4f:0a:cd:bf:7b:d2:5d:
         23:67:28:2b:85:e1:2f:35:da:b2:d5:19:c0:76:06:78:4f:07:
         b1:07:dd:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87lhpbGsNOaV9iIqSl42bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjRmZTczNDE5YmM4NmQ1ZjJlNzJiNDE0YjZiNGQ0Mzc5
ZDViZjUwHhcNMjYwMTAyMDQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWYwODgxOTVlYjM0Yjc3OTdkZWZhZTQ1NjgwYjI2YTJiOGIyY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl339gOqsnM8CDaomzIcNiMokC7dF
U4SNgglXcYCA6Xc7/30zpBdi7xTuRevQiY5x/qs/0KAicaghgHMqbl+Awl+6KIR3
RfxHyUCpo1AMLanjJXZloyKrucLJ06FeAcrcWs3Ml3PpQH3OdAAc6kE0Sbv/km9u
sAKMrYsRU/d6ISl6ahQUZseK2u4+yHj59M6DHC2IE5vEx8+JL8alNQYAvmvAKje3
P0pk/rRw4+r1kN//1VEsV/BdqTuxlkCPO9FFfu6fJuTRniPV0nPi8Q6jkEVv+qH9
b/1ptJ4ZBhpSbKPyIpKiFtJGbNl9/HTRrmwX7WbAQvSXFurrjcqWUcjOfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHwiBles0t3l9765FaAsmoriyytMB8GA1UdIwQY
MBaAFENk/nNBm8htXy5ytBS2tNQ3nVv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQt
NjcwMzA4ZDFlYzlkLzEvSWZDSUdWNnpTM2VYM3Zya1ZvQ3lhaXVMTEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wYjE4MTUtNTNkNy00NTZkLTlmYjQtNjcwMzA4ZDFlYzlk
LzEvUTJULWMwR2J5RzFmTG5LMEZMYTAxRGVkV19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaxsMA0G
CSqGSIb3DQEBCwUAA4IBAQCZHOFzhOrFjCy3pCo+5ii8NbJ93vwznhmB539gokYT
ctyfOqmEVJQdd3h/YXeMawxkYbs5bi5OPerGbFKumqS4ScOJu5i0dEGqmRLObJwm
EA9/kSEG0zazDF3Hh/4gLOo3eiQj2xrPXpmqog5FcMu6Dq46TgDtF7k4JNAoLid9
waQCrHwXwboKxBkjyZBg6HjJhmsTelklYKxVXN5y/YTJM6GuUlTY5/QuGoHpOJr6
dP6H3Da6nVs1eC616gl8M/4XYyJPkvvTw8eh+01DrgfnlHlzKrkpUoYqZLKrACBh
0DyaHE8Kzb970l0jZygrheEvNdqy1RnAdgZ4TwexB905
-----END CERTIFICATE-----