This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/DKrOTeksqqiY_VL3DAQ03ugo0q8.roa
File:                     DKrOTeksqqiY_VL3DAQ03ugo0q8.roa (raw, json)
Hash identifier:          9lbpqEyDUAqI/YZum5uxxVLQ2CM1gS69LdMB7/68kYo=
Subject key identifier:   0C:AA:CE:4D:E9:2C:AA:A8:98:FD:52:F7:0C:04:34:DE:E8:28:D2:AF
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       019B7DCADEF2E7F75D4F54C793C4C8D1C729
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/DKrOTeksqqiY_VL3DAQ03ugo0q8.roa
Signing time:             Fri 02 Jan 2026 08:20:05 +0000
ROA not before:           Fri 02 Jan 2026 08:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:de:f2:e7:f7:5d:4f:54:c7:93:c4:c8:d1:c7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 08:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0caace4de92caaa898fd52f70c0434dee828d2af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:32:05:f3:19:61:0a:a8:60:00:00:61:47:9a:
                    fc:81:af:a7:ff:e2:a5:bd:43:2f:b9:db:76:bc:25:
                    2f:72:80:a0:14:d6:d4:bb:4e:19:e2:6e:0b:35:b6:
                    67:a2:21:63:bd:2f:8c:29:c1:64:ba:8b:8e:e6:e6:
                    ac:31:a3:65:c6:88:66:dc:b5:11:1e:d7:f1:33:7a:
                    86:48:c2:89:1e:41:ec:e2:8e:16:f1:d3:02:a6:c2:
                    11:57:af:84:45:14:ea:38:0c:16:bd:88:22:7f:88:
                    27:19:4d:5f:b1:50:e5:5d:52:17:2a:e2:1d:06:76:
                    de:e3:c1:39:19:8f:6d:08:72:c8:a1:49:09:2a:85:
                    11:9e:05:b9:58:ea:ac:02:a9:9b:5b:37:2d:a0:b7:
                    e6:bb:86:2a:d2:d6:7b:bc:c6:b2:f1:88:99:e4:03:
                    08:b1:f5:f4:d2:3e:b4:c3:3e:79:66:11:ac:5d:12:
                    f5:d4:1a:e0:83:fd:07:5b:4c:9f:ce:21:0c:d1:2c:
                    1f:04:f3:77:01:90:40:98:d5:fd:23:06:9b:6a:d1:
                    49:58:3d:df:75:44:39:47:47:30:9c:01:db:5c:18:
                    d1:ce:e8:6f:08:e4:f7:7a:24:e5:89:4e:ea:01:f9:
                    cb:ea:6e:20:ba:14:44:27:be:2c:38:74:be:1c:51:
                    cf:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AA:CE:4D:E9:2C:AA:A8:98:FD:52:F7:0C:04:34:DE:E8:28:D2:AF
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/DKrOTeksqqiY_VL3DAQ03ugo0q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:68:39:b7:12:00:95:19:a7:32:a8:f8:3b:0f:87:19:66:6d:
         43:6f:15:85:ad:a8:86:ba:94:4b:8f:ea:c2:f6:e6:05:2f:08:
         5d:96:98:00:7e:db:1a:41:69:36:1f:6b:b1:4a:bc:f9:76:d2:
         17:8a:5a:3e:a8:cc:90:b9:a0:45:79:f7:af:08:5a:e4:1f:84:
         03:14:bf:f4:44:55:76:b6:b0:6f:0c:ee:8b:7d:4d:7f:df:5e:
         8e:86:20:73:6f:5e:e7:23:f2:10:70:91:7b:94:6e:93:cc:4e:
         00:8c:c1:68:d4:cd:70:45:e1:a7:cc:57:ff:26:c0:44:40:08:
         75:2f:40:8a:48:4a:93:ae:e6:9b:e5:18:79:74:92:e3:cf:c8:
         e8:e5:1d:16:14:dc:dc:04:95:9e:0c:08:84:c4:95:38:b1:6b:
         c3:99:1e:ca:9b:99:ab:44:cf:d0:d7:b6:d7:e0:14:06:2a:84:
         18:d9:73:60:4d:08:0d:aa:aa:1a:a4:4a:49:fb:bc:11:0d:b7:
         86:22:a5:cd:51:0c:44:a1:c6:e4:73:04:ef:c1:92:a4:7d:f2:
         59:02:58:77:0d:05:a6:2c:86:94:79:68:e1:15:7e:10:4a:6f:
         45:74:4c:a5:25:e8:37:e8:d3:f6:e0:5c:88:d1:85:8b:86:23:
         d5:9e:d2:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yt7y5/ddT1THk8TI0ccpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjYwMTAyMDgyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FhY2U0ZGU5MmNhYWE4OThmZDUyZjcwYzA0MzRkZWU4MjhkMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTIF8xlhCqhgAABhR5r8ga+n/+Kl
vUMvudt2vCUvcoCgFNbUu04Z4m4LNbZnoiFjvS+MKcFkuouO5uasMaNlxohm3LUR
HtfxM3qGSMKJHkHs4o4W8dMCpsIRV6+ERRTqOAwWvYgif4gnGU1fsVDlXVIXKuId
Bnbe48E5GY9tCHLIoUkJKoURngW5WOqsAqmbWzctoLfmu4Yq0tZ7vMay8YiZ5AMI
sfX00j60wz55ZhGsXRL11Brgg/0HW0yfziEM0SwfBPN3AZBAmNX9IwabatFJWD3f
dUQ5R0cwnAHbXBjRzuhvCOT3eiTliU7qAfnL6m4guhREJ74sOHS+HFHPDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyqzk3pLKqomP1S9wwENN7oKNKvMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvREtyT1Rla3NxcWlZX1ZMM0RBUTAzdWdvMHE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKoMA0G
CSqGSIb3DQEBCwUAA4IBAQCaaDm3EgCVGacyqPg7D4cZZm1DbxWFraiGupRLj+rC
9uYFLwhdlpgAftsaQWk2H2uxSrz5dtIXilo+qMyQuaBFefevCFrkH4QDFL/0RFV2
trBvDO6LfU1/316OhiBzb17nI/IQcJF7lG6TzE4AjMFo1M1wReGnzFf/JsBEQAh1
L0CKSEqTruab5Rh5dJLjz8jo5R0WFNzcBJWeDAiExJU4sWvDmR7Km5mrRM/Q17bX
4BQGKoQY2XNgTQgNqqoapEpJ+7wRDbeGIqXNUQxEocbkcwTvwZKkffJZAlh3DQWm
LIaUeWjhFX4QSm9FdEylJeg36NP24FyI0YWLhiPVntKq
-----END CERTIFICATE-----