This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/21nHooBv9-ktSOOtF_rf9bEr-vE.roa
File:                     21nHooBv9-ktSOOtF_rf9bEr-vE.roa (raw, json)
Hash identifier:          he2BZP3IQjID9ExBYsw3YnUeSyPctJDJvetlHZilXvY=
Subject key identifier:   DB:59:C7:A2:80:6F:F7:E9:2D:48:E3:AD:17:FA:DF:F5:B1:2B:FA:F1
Certificate issuer:       /CN=6accdb6c98d722b32dc900ee1dd66e51c4f428db
Certificate serial:       019B7F15E89270C65C2A8A2268FE1338F4E7
Authority key identifier: 6A:CC:DB:6C:98:D7:22:B3:2D:C9:00:EE:1D:D6:6E:51:C4:F4:28:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aszbbJjXIrMtyQDuHdZuUcT0KNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/21nHooBv9-ktSOOtF_rf9bEr-vE.roa
Signing time:             Fri 02 Jan 2026 14:21:40 +0000
ROA not before:           Fri 02 Jan 2026 14:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204252
IP address blocks:        185.109.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/aszbbJjXIrMtyQDuHdZuUcT0KNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/aszbbJjXIrMtyQDuHdZuUcT0KNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aszbbJjXIrMtyQDuHdZuUcT0KNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e8:92:70:c6:5c:2a:8a:22:68:fe:13:38:f4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6accdb6c98d722b32dc900ee1dd66e51c4f428db
        Validity
            Not Before: Jan  2 14:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db59c7a2806ff7e92d48e3ad17fadff5b12bfaf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ec:46:a9:31:5c:89:68:5e:5b:9f:37:5a:1c:
                    0e:83:57:04:ba:08:3f:3a:b1:9e:51:15:89:3d:1e:
                    69:6b:38:c5:04:62:fb:6e:91:1a:63:78:ef:e6:0f:
                    87:49:e9:2e:39:ab:ef:07:7c:2f:6f:c0:71:6e:dd:
                    89:b3:83:f1:39:e6:78:28:89:65:cc:cc:10:99:2f:
                    9a:43:22:f5:7a:54:1b:b7:f0:5b:9a:30:0b:8d:bc:
                    fe:eb:d7:69:fa:82:a9:4b:ca:eb:ca:59:d4:19:a2:
                    06:68:b1:e4:2f:8e:46:70:97:d0:63:00:da:b3:b3:
                    77:22:38:73:1d:e3:20:69:cd:62:cc:81:6b:82:3f:
                    2f:9b:98:da:89:14:77:e5:09:9e:fb:e0:c2:67:71:
                    10:31:ee:74:96:4d:80:62:a2:c7:3f:7b:73:19:d0:
                    e9:2b:d2:28:9d:bc:c9:31:5d:98:51:af:f3:48:28:
                    40:b0:ff:2b:86:4e:66:5a:e6:6d:9e:0d:8e:b1:15:
                    34:0c:53:27:9f:6f:ef:a4:61:36:9e:a7:90:7c:68:
                    c9:99:d4:09:d1:df:fc:30:fa:6d:f5:db:ad:53:29:
                    ae:b1:5e:10:18:02:51:60:30:16:19:54:23:66:97:
                    49:fa:be:70:55:44:1f:f7:63:f2:e0:a5:52:af:43:
                    f9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:59:C7:A2:80:6F:F7:E9:2D:48:E3:AD:17:FA:DF:F5:B1:2B:FA:F1
            X509v3 Authority Key Identifier:
                keyid:6A:CC:DB:6C:98:D7:22:B3:2D:C9:00:EE:1D:D6:6E:51:C4:F4:28:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aszbbJjXIrMtyQDuHdZuUcT0KNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/21nHooBv9-ktSOOtF_rf9bEr-vE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/db2307-6059-415f-b8b8-2fe932e7ab44/1/aszbbJjXIrMtyQDuHdZuUcT0KNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:14:02:44:7e:80:41:ed:ac:6e:54:3b:a5:57:3b:6f:a3:01:
         a5:f3:58:79:c5:86:e6:b2:be:1f:08:5b:ed:d2:b1:68:2d:24:
         98:bd:9d:8e:05:41:b4:07:3d:5e:aa:5e:1d:93:46:0b:f6:6a:
         5e:ca:f3:cc:d7:41:14:9b:82:c3:f0:85:3a:68:a5:28:42:55:
         6d:9b:4d:b3:9d:ea:09:b4:df:5e:09:15:ee:74:47:87:e9:1a:
         29:69:b3:7f:25:68:84:4b:3d:33:1b:ad:6e:f8:f8:c6:e5:2b:
         19:89:f4:5a:87:ac:87:f5:de:74:6a:3a:8c:39:fe:f5:42:3b:
         e2:53:07:0e:99:f2:c0:94:ba:8b:59:0c:f8:de:77:cd:c1:e3:
         56:8f:db:68:a5:39:9e:31:35:c0:ef:82:9e:2e:46:d9:01:93:
         c0:3d:c7:60:7f:24:08:e3:50:bb:58:3e:f1:2f:76:c1:23:ae:
         6c:e9:8c:64:96:a7:f9:fb:e6:1b:cf:48:38:6c:bf:57:f4:64:
         e4:8e:e2:30:14:47:c0:a2:86:90:06:60:2a:e1:1f:e5:26:ca:
         6c:bc:60:40:c1:38:cc:15:46:17:c4:7c:f0:9d:a0:c0:7d:69:
         6e:74:cf:2d:d1:90:7b:ac:5d:cb:95:ec:3f:2c:9b:9d:33:ad:
         9f:7d:ac:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FeiScMZcKooiaP4TOPTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhY2NkYjZjOThkNzIyYjMyZGM5MDBlZTFkZDY2ZTUxYzRm
NDI4ZGIwHhcNMjYwMTAyMTQyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU5YzdhMjgwNmZmN2U5MmQ0OGUzYWQxN2ZhZGZmNWIxMmJmYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOxGqTFciWheW583WhwOg1cEugg/
OrGeURWJPR5pazjFBGL7bpEaY3jv5g+HSekuOavvB3wvb8Bxbt2Js4PxOeZ4KIll
zMwQmS+aQyL1elQbt/BbmjALjbz+69dp+oKpS8rrylnUGaIGaLHkL45GcJfQYwDa
s7N3IjhzHeMgac1izIFrgj8vm5jaiRR35Qme++DCZ3EQMe50lk2AYqLHP3tzGdDp
K9IonbzJMV2YUa/zSChAsP8rhk5mWuZtng2OsRU0DFMnn2/vpGE2nqeQfGjJmdQJ
0d/8MPpt9dutUymusV4QGAJRYDAWGVQjZpdJ+r5wVUQf92Py4KVSr0P5TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtZx6KAb/fpLUjjrRf63/WxK/rxMB8GA1UdIwQY
MBaAFGrM22yY1yKzLckA7h3WblHE9CjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXN6YmJKalhJck10eVFEdUhkWnVVY1QwS05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kYjIzMDctNjA1OS00MTVmLWI4Yjgt
MmZlOTMyZTdhYjQ0LzEvMjFuSG9vQnY5LWt0U09PdEZfcmY5YkVyLXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kYjIzMDctNjA1OS00MTVmLWI4YjgtMmZlOTMyZTdhYjQ0
LzEvYXN6YmJKalhJck10eVFEdUhkWnVVY1QwS05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW20MA0G
CSqGSIb3DQEBCwUAA4IBAQBrFAJEfoBB7axuVDulVztvowGl81h5xYbmsr4fCFvt
0rFoLSSYvZ2OBUG0Bz1eql4dk0YL9mpeyvPM10EUm4LD8IU6aKUoQlVtm02zneoJ
tN9eCRXudEeH6RopabN/JWiESz0zG61u+PjG5SsZifRah6yH9d50ajqMOf71Qjvi
UwcOmfLAlLqLWQz43nfNweNWj9topTmeMTXA74KeLkbZAZPAPcdgfyQI41C7WD7x
L3bBI65s6Yxklqf5++Ybz0g4bL9X9GTkjuIwFEfAooaQBmAq4R/lJspsvGBAwTjM
FUYXxHzwnaDAfWludM8t0ZB7rF3Llew/LJudM62ffayj
-----END CERTIFICATE-----