This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/dyj7Xcwg4fvIbgPvLBUgjAO8LDU.roa
File:                     dyj7Xcwg4fvIbgPvLBUgjAO8LDU.roa (raw, json)
Hash identifier:          y2HtW5TPaDlHi0yiYdSPvHi8+3pJRBtpk7Wjb7tENAo=
Subject key identifier:   77:28:FB:5D:CC:20:E1:FB:C8:6E:03:EF:2C:15:20:8C:03:BC:2C:35
Certificate issuer:       /CN=f0cf4963357ddb9855f9bac4c7d995adc89a372a
Certificate serial:       019B797E2EDB1A544D2F8046584B5AEDC721
Authority key identifier: F0:CF:49:63:35:7D:DB:98:55:F9:BA:C4:C7:D9:95:AD:C8:9A:37:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8M9JYzV925hV-brEx9mVrciaNyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/dyj7Xcwg4fvIbgPvLBUgjAO8LDU.roa
Signing time:             Thu 01 Jan 2026 12:17:51 +0000
ROA not before:           Thu 01 Jan 2026 12:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51561
IP address blocks:        185.152.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/8M9JYzV925hV-brEx9mVrciaNyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/8M9JYzV925hV-brEx9mVrciaNyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8M9JYzV925hV-brEx9mVrciaNyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:2e:db:1a:54:4d:2f:80:46:58:4b:5a:ed:c7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0cf4963357ddb9855f9bac4c7d995adc89a372a
        Validity
            Not Before: Jan  1 12:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7728fb5dcc20e1fbc86e03ef2c15208c03bc2c35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:3c:94:3a:c1:df:1f:82:f7:85:02:7b:50:ec:
                    60:e3:ad:4e:d6:82:fc:92:5c:4f:1d:05:bd:04:2a:
                    06:5e:9b:60:fc:d3:6b:b5:40:07:98:7a:9f:f9:cc:
                    9a:fc:41:e4:8c:1d:9f:7d:a6:eb:0e:80:fd:5c:6c:
                    01:82:ee:8e:74:37:b2:b3:d7:7d:bd:80:16:51:4d:
                    2e:90:f3:26:bd:ba:ba:46:f3:a1:0f:80:4f:d6:88:
                    f9:8e:73:e6:46:b8:79:93:95:13:59:14:fe:32:f0:
                    19:6e:11:e2:6b:34:8f:06:c1:14:71:e2:c7:71:a4:
                    61:54:24:d9:94:d6:d1:18:46:79:8d:40:c9:43:dc:
                    73:ca:64:55:f7:51:35:5e:c7:d7:07:a3:62:c5:75:
                    61:7f:2c:38:c6:c4:54:c1:c4:e7:ec:fc:fb:1c:cc:
                    1d:68:bb:b2:d4:cb:49:57:a0:65:75:4f:2a:e0:b1:
                    f0:07:62:0c:fb:d9:95:9c:9c:08:15:fc:86:7d:fe:
                    79:bf:31:96:cf:81:f2:98:f3:69:44:01:8e:a8:9f:
                    51:fd:81:dd:26:18:ad:b1:00:78:93:43:9f:3c:b2:
                    4a:df:e2:c4:ab:d0:c4:bc:13:0f:8f:4d:a5:3d:38:
                    1a:c4:52:49:43:17:7e:80:b2:11:b4:22:96:19:cb:
                    34:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:28:FB:5D:CC:20:E1:FB:C8:6E:03:EF:2C:15:20:8C:03:BC:2C:35
            X509v3 Authority Key Identifier:
                keyid:F0:CF:49:63:35:7D:DB:98:55:F9:BA:C4:C7:D9:95:AD:C8:9A:37:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8M9JYzV925hV-brEx9mVrciaNyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/dyj7Xcwg4fvIbgPvLBUgjAO8LDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/975912-fd0c-4318-b0b0-6e056b617d2a/1/8M9JYzV925hV-brEx9mVrciaNyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:eb:4a:f0:66:d7:53:b0:be:d4:be:2d:8d:ca:e3:8a:9c:80:
         0a:1d:b5:ea:b0:52:d4:87:dc:2e:f8:8e:6d:66:70:61:e2:dc:
         06:a4:a8:c4:41:ae:94:c0:a7:5c:2e:e3:2e:0b:c1:66:f5:51:
         df:30:5e:dc:ed:b8:dd:ed:69:e8:1d:03:35:47:f4:24:3c:53:
         1e:35:78:c0:2f:b8:a0:aa:9c:7b:16:69:57:5b:06:39:aa:a4:
         5e:ab:73:99:98:48:9b:63:2e:bf:3b:c7:79:7c:e9:87:12:ce:
         26:3b:30:41:73:e4:e9:da:cb:1c:a3:fd:06:57:cb:81:30:28:
         d5:21:f7:63:48:c6:08:27:a5:17:42:f5:f4:af:14:d2:8a:d1:
         7d:81:5f:57:40:bf:82:73:80:2a:a8:ee:09:d4:a0:77:6b:c5:
         b7:e9:be:c9:d1:24:22:2f:c4:57:7c:f4:ee:8e:cf:0b:86:7f:
         f3:19:3e:80:85:5e:49:56:0a:fb:b4:84:63:e4:ac:1f:7a:31:
         e0:39:79:d9:72:71:28:4e:7d:e1:2e:78:64:b9:d4:d1:07:2d:
         17:8d:5c:4c:02:ea:f3:ff:30:10:d9:2f:4c:7b:e7:9c:01:b5:
         ef:2b:15:25:4a:2b:a7:93:b4:82:cf:2e:d1:c1:95:d0:57:10:
         5d:4b:d0:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fi7bGlRNL4BGWEta7cchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwY2Y0OTYzMzU3ZGRiOTg1NWY5YmFjNGM3ZDk5NWFkYzg5
YTM3MmEwHhcNMjYwMTAxMTIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzI4ZmI1ZGNjMjBlMWZiYzg2ZTAzZWYyYzE1MjA4YzAzYmMyYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zyUOsHfH4L3hQJ7UOxg461O1oL8
klxPHQW9BCoGXptg/NNrtUAHmHqf+cya/EHkjB2ffabrDoD9XGwBgu6OdDeys9d9
vYAWUU0ukPMmvbq6RvOhD4BP1oj5jnPmRrh5k5UTWRT+MvAZbhHiazSPBsEUceLH
caRhVCTZlNbRGEZ5jUDJQ9xzymRV91E1XsfXB6NixXVhfyw4xsRUwcTn7Pz7HMwd
aLuy1MtJV6BldU8q4LHwB2IM+9mVnJwIFfyGff55vzGWz4HymPNpRAGOqJ9R/YHd
JhitsQB4k0OfPLJK3+LEq9DEvBMPj02lPTgaxFJJQxd+gLIRtCKWGcs0TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHco+13MIOH7yG4D7ywVIIwDvCw1MB8GA1UdIwQY
MBaAFPDPSWM1fduYVfm6xMfZla3ImjcqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE05Sll6VjkyNWhWLWJyRXg5bVZyY2lhTnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS85NzU5MTItZmQwYy00MzE4LWIwYjAt
NmUwNTZiNjE3ZDJhLzEvZHlqN1hjd2c0ZnZJYmdQdkxCVWdqQU84TERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS85NzU5MTItZmQwYy00MzE4LWIwYjAtNmUwNTZiNjE3ZDJh
LzEvOE05Sll6VjkyNWhWLWJyRXg5bVZyY2lhTnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZgCMA0G
CSqGSIb3DQEBCwUAA4IBAQC560rwZtdTsL7Uvi2NyuOKnIAKHbXqsFLUh9wu+I5t
ZnBh4twGpKjEQa6UwKdcLuMuC8Fm9VHfMF7c7bjd7WnoHQM1R/QkPFMeNXjAL7ig
qpx7FmlXWwY5qqReq3OZmEibYy6/O8d5fOmHEs4mOzBBc+Tp2ssco/0GV8uBMCjV
IfdjSMYIJ6UXQvX0rxTSitF9gV9XQL+Cc4AqqO4J1KB3a8W36b7J0SQiL8RXfPTu
js8Lhn/zGT6AhV5JVgr7tIRj5KwfejHgOXnZcnEoTn3hLnhkudTRBy0XjVxMAurz
/zAQ2S9Me+ecAbXvKxUlSiunk7SCzy7RwZXQVxBdS9CE
-----END CERTIFICATE-----