This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/fwJb8-jhU9FPP5mFjgyO3uAZ7W0.roa
File:                     fwJb8-jhU9FPP5mFjgyO3uAZ7W0.roa (raw, json)
Hash identifier:          HXqX6pFclK626D8/+3kEYMPmqF/qpQmRvVZYEHowAb8=
Subject key identifier:   7F:02:5B:F3:E8:E1:53:D1:4F:3F:99:85:8E:0C:8E:DE:E0:19:ED:6D
Certificate issuer:       /CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
Certificate serial:       019B7CED32A533A1E1372672F67BC2D410F1
Authority key identifier: 4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/fwJb8-jhU9FPP5mFjgyO3uAZ7W0.roa
Signing time:             Fri 02 Jan 2026 04:17:58 +0000
ROA not before:           Fri 02 Jan 2026 04:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        185.42.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:32:a5:33:a1:e1:37:26:72:f6:7b:c2:d4:10:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
        Validity
            Not Before: Jan  2 04:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f025bf3e8e153d14f3f99858e0c8edee019ed6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:28:4f:f7:13:2c:11:b7:a2:7a:31:27:98:
                    cb:2f:7c:33:00:7e:a6:9e:5c:9e:21:ab:2f:93:83:
                    83:5b:84:fe:06:e1:fa:7e:38:45:5c:33:e9:3c:d7:
                    33:63:1f:27:7b:46:ad:1e:eb:3d:4c:0d:b7:2b:cc:
                    47:fb:92:03:50:4e:af:1f:7a:a2:33:68:ed:eb:8e:
                    94:3b:e2:64:64:08:a3:da:7a:87:0a:bb:27:a7:b5:
                    6c:0b:37:92:17:88:3e:34:fc:e2:ec:f8:62:75:f9:
                    d8:4e:59:28:24:1c:95:2e:29:be:24:31:2c:8d:aa:
                    dc:4b:a1:04:f4:e5:e1:7e:4f:23:a6:0d:55:6a:eb:
                    99:48:b8:44:ab:ae:40:b7:d8:df:03:71:35:d2:66:
                    27:89:b5:ee:7c:04:14:99:f7:1c:e5:5c:ed:4c:11:
                    c2:07:40:c0:d6:96:75:5d:04:61:91:9a:bb:ef:7a:
                    13:61:ce:81:e1:7c:8c:74:ec:cc:85:09:4b:23:bc:
                    d5:48:3b:a2:82:26:c3:fb:16:96:da:3a:62:b6:c5:
                    a9:b3:0f:f2:49:5c:c8:87:a2:b7:3f:85:4b:df:28:
                    34:0e:39:94:cf:d3:fc:29:85:85:47:f4:fb:0a:e6:
                    ce:33:a3:a9:d5:0a:f2:f1:3f:a5:93:26:83:18:c5:
                    e1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:02:5B:F3:E8:E1:53:D1:4F:3F:99:85:8E:0C:8E:DE:E0:19:ED:6D
            X509v3 Authority Key Identifier:
                keyid:4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/fwJb8-jhU9FPP5mFjgyO3uAZ7W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:87:e9:dc:bb:c9:74:f4:9f:0a:a3:50:96:13:43:07:65:42:
         30:d4:54:ea:54:07:95:0b:56:c1:72:37:09:6c:5a:b8:8d:f0:
         1b:20:e0:e7:43:09:a5:b4:6b:ac:d0:73:6a:91:91:06:aa:58:
         3e:71:86:8d:54:fa:2d:e9:3a:6f:b4:27:cd:80:69:e2:f2:b3:
         e9:fe:90:9d:c5:c7:49:66:a9:85:7b:61:ef:b5:00:8f:e1:d1:
         68:60:fa:d6:0d:c5:82:b1:97:a0:61:88:f6:48:3c:89:7f:52:
         f9:a7:0b:62:fd:53:56:17:5f:21:87:b3:ec:89:91:22:78:98:
         30:a0:20:56:cc:89:c6:ff:dd:66:40:b1:2c:fb:9a:b0:c2:a6:
         e4:e4:48:16:13:7e:a7:c3:86:57:a8:6c:1c:ca:af:1f:f4:cb:
         5d:0c:e2:0a:ed:9c:2f:18:e0:88:5b:a9:29:c6:ef:19:2f:23:
         fe:55:89:7d:c8:c0:e0:6f:fb:16:48:b2:69:d0:19:47:f3:b4:
         02:65:81:67:21:a9:c1:65:bb:17:ee:66:98:19:c4:b6:da:0c:
         99:1e:f6:8e:ca:4e:fa:a8:38:27:ea:de:91:71:99:eb:12:b1:
         16:52:0a:21:5b:6d:26:0e:ab:0c:24:f2:89:11:5f:30:d8:b0:
         12:cd:46:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87TKlM6HhNyZy9nvC1BDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzk2ZjBiMzA1MWI1YmM4MTRiMmU4OWNiNDcwYTM4MjZi
MmJmMDAwHhcNMjYwMTAyMDQxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjAyNWJmM2U4ZTE1M2QxNGYzZjk5ODU4ZTBjOGVkZWUwMTllZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXQoT/cTLBG3onoxJ5jLL3wzAH6m
nlyeIasvk4ODW4T+BuH6fjhFXDPpPNczYx8ne0atHus9TA23K8xH+5IDUE6vH3qi
M2jt646UO+JkZAij2nqHCrsnp7VsCzeSF4g+NPzi7PhidfnYTlkoJByVLim+JDEs
jarcS6EE9OXhfk8jpg1VauuZSLhEq65At9jfA3E10mYnibXufAQUmfcc5VztTBHC
B0DA1pZ1XQRhkZq773oTYc6B4XyMdOzMhQlLI7zVSDuigibD+xaW2jpitsWpsw/y
SVzIh6K3P4VL3yg0DjmUz9P8KYWFR/T7CubOM6Op1Qry8T+lkyaDGMXhSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8CW/Po4VPRTz+ZhY4Mjt7gGe1tMB8GA1UdIwQY
MBaAFEt5bwswUbW8gUsuictHCjgmsr8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAt
ZmJkY2IxYTQxNDY3LzEvZndKYjgtamhVOUZQUDVtRmpneU8zdUFaN1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAtZmJkY2IxYTQxNDY3
LzEvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSpGMA0G
CSqGSIb3DQEBCwUAA4IBAQCvh+ncu8l09J8Ko1CWE0MHZUIw1FTqVAeVC1bBcjcJ
bFq4jfAbIODnQwmltGus0HNqkZEGqlg+cYaNVPot6TpvtCfNgGni8rPp/pCdxcdJ
ZqmFe2HvtQCP4dFoYPrWDcWCsZegYYj2SDyJf1L5pwti/VNWF18hh7PsiZEieJgw
oCBWzInG/91mQLEs+5qwwqbk5EgWE36nw4ZXqGwcyq8f9MtdDOIK7ZwvGOCIW6kp
xu8ZLyP+VYl9yMDgb/sWSLJp0BlH87QCZYFnIanBZbsX7maYGcS22gyZHvaOyk76
qDgn6t6RcZnrErEWUgohW20mDqsMJPKJEV8w2LASzUag
-----END CERTIFICATE-----