This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/DMom3rPUm8HweXvQ4-Q9jSK3W5A.roa
File:                     DMom3rPUm8HweXvQ4-Q9jSK3W5A.roa (raw, json)
Hash identifier:          LnHplGcwbJiDTN78KXR+EeXnQF5rJq6ndATkaGyGt6Y=
Subject key identifier:   0C:CA:26:DE:B3:D4:9B:C1:F0:79:7B:D0:E3:E4:3D:8D:22:B7:5B:90
Certificate issuer:       /CN=266e0c40e4e9370db99ad27a97298d7d05598f73
Certificate serial:       019B7BA370C62675E2057882D512F55ACB7D
Authority key identifier: 26:6E:0C:40:E4:E9:37:0D:B9:9A:D2:7A:97:29:8D:7D:05:59:8F:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/DMom3rPUm8HweXvQ4-Q9jSK3W5A.roa
Signing time:             Thu 01 Jan 2026 22:17:47 +0000
ROA not before:           Thu 01 Jan 2026 22:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        185.252.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:70:c6:26:75:e2:05:78:82:d5:12:f5:5a:cb:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=266e0c40e4e9370db99ad27a97298d7d05598f73
        Validity
            Not Before: Jan  1 22:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cca26deb3d49bc1f0797bd0e3e43d8d22b75b90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:65:b1:84:41:8b:a2:ca:71:c7:ba:df:c1:03:
                    a6:83:ab:df:e4:60:86:d0:b5:81:05:05:0f:5b:a8:
                    05:3d:1f:38:28:6a:87:91:ab:5b:46:17:10:f0:7c:
                    2a:49:1a:21:b0:76:9e:c8:bc:c6:04:19:94:9f:3b:
                    d2:9f:1a:cf:9b:0b:f5:49:b2:42:0d:e0:a4:54:42:
                    b9:d5:32:c2:02:21:57:00:9e:18:55:e5:8b:ab:34:
                    1f:c6:d1:8e:d9:3a:45:00:e0:fd:ae:b5:93:29:95:
                    b6:9c:09:ec:ca:c9:be:d0:54:23:8e:d1:c3:02:5b:
                    2b:0b:88:bd:2d:c5:ac:17:da:44:46:1e:94:cb:f4:
                    76:1f:84:1d:10:1c:99:76:bc:1f:d6:73:db:36:0a:
                    cd:16:cd:ce:b5:71:f2:df:44:6d:12:0a:29:01:46:
                    e4:65:e9:08:2d:aa:46:2f:04:12:91:61:bd:ea:8c:
                    1e:13:d1:db:74:33:dc:33:43:09:e1:eb:a8:70:fb:
                    1b:d9:7e:e3:fa:78:8e:7f:38:94:d9:f5:73:3d:a6:
                    f0:be:5d:1c:3e:d7:df:24:67:bc:6d:9a:53:9f:84:
                    2d:28:11:0b:01:e1:fc:54:0e:ea:2e:8c:cd:70:94:
                    8b:ba:24:9b:ca:c0:cb:7e:de:cc:1a:e0:4c:29:15:
                    3e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:CA:26:DE:B3:D4:9B:C1:F0:79:7B:D0:E3:E4:3D:8D:22:B7:5B:90
            X509v3 Authority Key Identifier:
                keyid:26:6E:0C:40:E4:E9:37:0D:B9:9A:D2:7A:97:29:8D:7D:05:59:8F:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/DMom3rPUm8HweXvQ4-Q9jSK3W5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:d0:0b:e5:e2:96:a0:64:1c:98:5b:13:08:21:7d:5a:21:e0:
         54:4f:e0:6e:d1:8c:65:ea:05:d1:99:8e:8c:4f:14:39:98:ee:
         8c:f0:44:c6:30:54:60:52:b7:87:ea:29:55:11:d8:18:fd:ae:
         77:4e:14:06:76:2a:cd:a8:18:c5:71:7d:07:53:ed:e7:47:0f:
         81:b3:fd:78:ac:e0:d8:2f:51:94:19:82:cc:69:45:d1:96:15:
         2d:a8:6d:e5:37:c7:df:d8:27:c1:12:08:a8:ec:1f:5a:2f:c9:
         58:94:ea:05:73:80:50:07:dd:cb:e0:c6:1d:ba:b0:13:67:ad:
         7d:f0:48:97:ab:ec:f5:67:56:34:60:d6:2c:74:ef:a0:d4:a7:
         5b:05:92:fa:17:f7:a9:54:f4:aa:d9:cb:72:96:be:ea:f7:9f:
         87:0a:b8:44:60:44:bd:01:7f:4a:c9:d9:7c:81:76:40:12:ee:
         1b:a1:ec:f5:81:d8:3e:cf:76:7b:c3:67:66:eb:56:3b:a2:8f:
         57:da:f5:47:6a:c4:45:ca:10:e2:08:52:c2:65:81:65:ee:33:
         69:3d:a8:64:7c:18:fa:e1:e5:e7:ea:63:5d:1a:7a:de:06:5a:
         21:59:a8:c9:d6:68:61:8e:87:6b:d8:40:ee:f3:00:b8:f9:80:
         59:d7:95:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o3DGJnXiBXiC1RL1Wst9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NmUwYzQwZTRlOTM3MGRiOTlhZDI3YTk3Mjk4ZDdkMDU1
OThmNzMwHhcNMjYwMTAxMjIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2NhMjZkZWIzZDQ5YmMxZjA3OTdiZDBlM2U0M2Q4ZDIyYjc1YjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WWxhEGLospxx7rfwQOmg6vf5GCG
0LWBBQUPW6gFPR84KGqHkatbRhcQ8HwqSRohsHaeyLzGBBmUnzvSnxrPmwv1SbJC
DeCkVEK51TLCAiFXAJ4YVeWLqzQfxtGO2TpFAOD9rrWTKZW2nAnsysm+0FQjjtHD
AlsrC4i9LcWsF9pERh6Uy/R2H4QdEByZdrwf1nPbNgrNFs3OtXHy30RtEgopAUbk
ZekILapGLwQSkWG96oweE9HbdDPcM0MJ4euocPsb2X7j+niOfziU2fVzPabwvl0c
PtffJGe8bZpTn4QtKBELAeH8VA7qLozNcJSLuiSbysDLft7MGuBMKRU+vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzKJt6z1JvB8Hl70OPkPY0it1uQMB8GA1UdIwQY
MBaAFCZuDEDk6TcNuZrSepcpjX0FWY9zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm00TVFPVHBOdzI1bXRKNmx5bU5mUVZaajNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85ZTU3YWEtODkwMS00YmQ4LTgyOTUt
OWMxYTUzNTgwZTM5LzEvRE1vbTNyUFVtOEh3ZVh2UTQtUTlqU0szVzVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85ZTU3YWEtODkwMS00YmQ4LTgyOTUtOWMxYTUzNTgwZTM5
LzEvSm00TVFPVHBOdzI1bXRKNmx5bU5mUVZaajNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufwrMA0G
CSqGSIb3DQEBCwUAA4IBAQBf0Avl4pagZByYWxMIIX1aIeBUT+Bu0Yxl6gXRmY6M
TxQ5mO6M8ETGMFRgUreH6ilVEdgY/a53ThQGdirNqBjFcX0HU+3nRw+Bs/14rODY
L1GUGYLMaUXRlhUtqG3lN8ff2CfBEgio7B9aL8lYlOoFc4BQB93L4MYdurATZ619
8EiXq+z1Z1Y0YNYsdO+g1KdbBZL6F/epVPSq2ctylr7q95+HCrhEYES9AX9Kydl8
gXZAEu4boez1gdg+z3Z7w2dm61Y7oo9X2vVHasRFyhDiCFLCZYFl7jNpPahkfBj6
4eXn6mNdGnreBlohWajJ1mhhjodr2EDu8wC4+YBZ15W2
-----END CERTIFICATE-----