This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/og4k5qVFbhVmLtxHVp2XKWNx-Vw.roa
File:                     og4k5qVFbhVmLtxHVp2XKWNx-Vw.roa (raw, json)
Hash identifier:          t6ZkyRFXAOHZOC93uE5FiUdcUyb51CT48WJCdjiZU/E=
Subject key identifier:   A2:0E:24:E6:A5:45:6E:15:66:2E:DC:47:56:9D:97:29:63:71:F9:5C
Certificate issuer:       /CN=d6aa89f7b722279c032942dcf24865f6d72d6501
Certificate serial:       019B797E07398A08BB3F5299F60C38AB5D34
Authority key identifier: D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/og4k5qVFbhVmLtxHVp2XKWNx-Vw.roa
Signing time:             Thu 01 Jan 2026 12:17:41 +0000
ROA not before:           Thu 01 Jan 2026 12:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.225.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:07:39:8a:08:bb:3f:52:99:f6:0c:38:ab:5d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa89f7b722279c032942dcf24865f6d72d6501
        Validity
            Not Before: Jan  1 12:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a20e24e6a5456e15662edc47569d97296371f95c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:54:d7:1c:0d:44:e0:45:fc:5f:49:45:18:8f:
                    6a:56:d0:aa:37:8b:2a:c6:81:a1:61:28:c4:ea:7a:
                    65:04:c5:a7:72:84:5e:5c:bf:c4:a7:71:9f:5b:0c:
                    4d:60:bf:5c:9f:28:8a:51:dc:78:ed:13:61:40:4e:
                    f4:55:e1:e5:a8:19:b9:28:57:0c:46:e6:50:e8:df:
                    a3:02:82:8a:72:28:cb:4e:63:37:6f:75:ec:fe:4c:
                    49:67:ff:68:4d:78:4d:e7:4c:49:72:d6:ad:79:8e:
                    c1:c3:79:d6:49:ce:6f:e8:ff:25:f9:e0:db:45:c0:
                    2c:69:9d:19:f0:a0:e0:f2:f7:d1:d6:85:c4:36:bf:
                    c8:8a:54:68:ad:1f:9a:63:6d:66:dc:76:82:26:1c:
                    8d:42:de:80:06:00:36:68:e6:fc:50:38:de:f3:18:
                    6c:b8:1a:1c:16:4a:31:5f:78:b7:e9:d7:be:70:f3:
                    1f:b7:86:7e:9b:60:40:03:96:13:1d:01:96:b0:17:
                    00:f5:55:29:99:3f:23:18:1d:e6:94:2c:4f:03:af:
                    6d:9a:e4:fb:b5:bb:20:80:83:47:82:fc:26:79:8a:
                    5b:7f:68:e8:c8:78:4d:27:51:44:76:96:a0:78:14:
                    e0:31:68:df:84:e4:8f:09:dd:a1:3c:8a:87:05:ce:
                    00:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0E:24:E6:A5:45:6E:15:66:2E:DC:47:56:9D:97:29:63:71:F9:5C
            X509v3 Authority Key Identifier:
                keyid:D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/og4k5qVFbhVmLtxHVp2XKWNx-Vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:d5:11:f9:64:cb:7c:08:47:f5:d0:18:48:6e:1d:1a:ec:07:
         e4:d9:43:7f:b7:ba:32:25:ca:d2:3c:b8:80:3a:a1:67:e0:cb:
         73:c8:31:60:d3:7f:3c:16:12:f2:75:53:62:65:d2:8c:04:94:
         45:db:cf:4a:5f:45:dd:72:25:b2:44:76:44:a3:da:5d:19:ac:
         92:76:1f:55:0f:14:45:9c:0c:b3:40:5a:a5:a2:d7:72:89:cf:
         2d:cc:44:83:f5:2e:84:30:85:4c:35:0a:fd:cc:ae:2b:df:4b:
         b9:a6:13:dd:4f:55:0f:cf:b8:f1:d1:fa:b7:3a:b4:e2:0d:48:
         3d:42:c7:f7:51:53:b0:d4:00:c3:cc:03:32:1b:fd:ca:18:b7:
         0c:93:d4:3b:56:01:76:6c:bc:15:f6:9d:70:0d:fd:14:5d:45:
         ca:97:00:40:d8:e0:9b:81:90:ce:68:23:68:a3:a3:b5:6a:85:
         2e:52:42:86:db:f6:ab:9d:4e:f8:ab:a2:6c:f3:74:a1:be:f0:
         c0:6e:4c:42:f1:1a:44:3d:84:5e:27:64:86:4f:24:a9:67:75:
         1b:e7:77:85:e6:25:83:09:fb:0b:bc:b4:31:37:3d:e6:84:17:
         67:cf:16:d0:11:07:c9:0c:97:3d:f9:37:6b:00:cc:96:61:6b:
         21:22:3d:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgc5igi7P1KZ9gw4q100MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWE4OWY3YjcyMjI3OWMwMzI5NDJkY2YyNDg2NWY2ZDcy
ZDY1MDEwHhcNMjYwMTAxMTIxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBlMjRlNmE1NDU2ZTE1NjYyZWRjNDc1NjlkOTcyOTYzNzFmOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VTXHA1E4EX8X0lFGI9qVtCqN4sq
xoGhYSjE6nplBMWncoReXL/Ep3GfWwxNYL9cnyiKUdx47RNhQE70VeHlqBm5KFcM
RuZQ6N+jAoKKcijLTmM3b3Xs/kxJZ/9oTXhN50xJctateY7Bw3nWSc5v6P8l+eDb
RcAsaZ0Z8KDg8vfR1oXENr/IilRorR+aY21m3HaCJhyNQt6ABgA2aOb8UDje8xhs
uBocFkoxX3i36de+cPMft4Z+m2BAA5YTHQGWsBcA9VUpmT8jGB3mlCxPA69tmuT7
tbsggINHgvwmeYpbf2joyHhNJ1FEdpageBTgMWjfhOSPCd2hPIqHBc4A8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIOJOalRW4VZi7cR1adlyljcflcMB8GA1UdIwQY
MBaAFNaqife3IiecAylC3PJIZfbXLWUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYt
OGJhNjg4ODY2OWNmLzEvb2c0azVxVkZiaFZtTHR4SFZwMlhLV054LVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYtOGJhNjg4ODY2OWNm
LzEvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueH8MA0G
CSqGSIb3DQEBCwUAA4IBAQCU1RH5ZMt8CEf10BhIbh0a7Afk2UN/t7oyJcrSPLiA
OqFn4MtzyDFg0388FhLydVNiZdKMBJRF289KX0XdciWyRHZEo9pdGaySdh9VDxRF
nAyzQFqlotdyic8tzESD9S6EMIVMNQr9zK4r30u5phPdT1UPz7jx0fq3OrTiDUg9
Qsf3UVOw1ADDzAMyG/3KGLcMk9Q7VgF2bLwV9p1wDf0UXUXKlwBA2OCbgZDOaCNo
o6O1aoUuUkKG2/arnU74q6Js83ShvvDAbkxC8RpEPYReJ2SGTySpZ3Ub53eF5iWD
CfsLvLQxNz3mhBdnzxbQEQfJDJc9+TdrAMyWYWshIj1y
-----END CERTIFICATE-----