This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/7aBM0h9dPhAyCGUi4UC0KOUaN6k.roa
File:                     7aBM0h9dPhAyCGUi4UC0KOUaN6k.roa (raw, json)
Hash identifier:          A6f4ThaBnwORbpYnfvo9LMhkIymfzCboRFjkjjXbkTQ=
Subject key identifier:   ED:A0:4C:D2:1F:5D:3E:10:32:08:65:22:E1:40:B4:28:E5:1A:37:A9
Certificate issuer:       /CN=0aa2f1205553fa5960f1805c6ed9389e9e0dc92c
Certificate serial:       019B7DCB67463FB0A7563DFB89EBB69ED88D
Authority key identifier: 0A:A2:F1:20:55:53:FA:59:60:F1:80:5C:6E:D9:38:9E:9E:0D:C9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/7aBM0h9dPhAyCGUi4UC0KOUaN6k.roa
Signing time:             Fri 02 Jan 2026 08:20:40 +0000
ROA not before:           Fri 02 Jan 2026 08:20:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203425
IP address blocks:        185.105.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:67:46:3f:b0:a7:56:3d:fb:89:eb:b6:9e:d8:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aa2f1205553fa5960f1805c6ed9389e9e0dc92c
        Validity
            Not Before: Jan  2 08:20:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eda04cd21f5d3e1032086522e140b428e51a37a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5a:01:73:e1:f5:e4:6f:bf:fa:11:9c:1d:e9:
                    67:c0:dc:8b:24:73:a9:1e:7d:26:7d:f1:91:fe:df:
                    79:2d:b4:70:eb:05:e1:15:48:32:52:90:73:09:df:
                    28:4d:37:ea:2a:04:03:b8:c5:b2:16:27:a7:4d:e8:
                    0e:86:a8:22:2a:95:f0:2b:f8:a1:68:de:55:65:90:
                    e7:a0:9f:ac:45:e3:6a:26:b6:ce:1b:66:05:81:b9:
                    4c:30:66:98:f2:cd:c8:42:d4:70:d2:2d:a5:bb:55:
                    a1:03:0f:e8:c2:e0:d6:67:46:93:56:7f:7f:f0:d9:
                    20:bc:18:47:86:05:45:f6:c0:c0:a1:49:9c:a1:cb:
                    57:1b:30:26:2b:c1:ec:18:c5:24:dd:9c:4f:90:09:
                    a3:79:bd:05:30:4c:4f:83:ef:41:dd:67:fc:3b:bc:
                    9b:96:18:86:ad:fe:33:ba:f1:4d:81:4a:36:2e:e4:
                    be:fa:39:6f:3b:03:f7:2d:35:e9:67:64:48:82:81:
                    42:2d:79:68:a3:b9:28:47:70:2a:4d:63:47:ca:00:
                    c3:ac:36:d9:92:3b:3e:60:9c:6d:a1:d1:75:ae:da:
                    a5:10:b6:29:b4:ca:91:83:91:20:ee:ef:43:1a:43:
                    3b:fa:d0:2a:0a:4c:76:a4:28:26:71:17:8c:f7:48:
                    cd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A0:4C:D2:1F:5D:3E:10:32:08:65:22:E1:40:B4:28:E5:1A:37:A9
            X509v3 Authority Key Identifier:
                keyid:0A:A2:F1:20:55:53:FA:59:60:F1:80:5C:6E:D9:38:9E:9E:0D:C9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/7aBM0h9dPhAyCGUi4UC0KOUaN6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:53:73:a6:7d:e8:41:00:ca:1e:8f:55:ab:1c:80:1a:6f:e9:
         9c:cf:da:65:8a:2f:f8:bd:c6:47:04:32:13:ee:f5:21:95:20:
         7a:1b:53:ef:f3:6b:6c:5a:13:14:80:af:c5:61:0e:0a:e5:a4:
         c7:f5:22:71:99:0e:cd:ac:ce:78:b6:04:27:32:8d:9d:73:b5:
         b7:7f:d6:71:64:d1:de:01:bf:58:28:5e:64:c3:4b:65:51:6e:
         e7:90:e1:db:05:74:b5:22:21:bc:bd:b2:cd:16:b3:bb:92:bc:
         60:79:fa:1e:56:22:ce:7b:c2:8e:aa:d6:f1:3e:7e:53:a0:16:
         e0:6f:12:d5:25:66:7f:49:45:b7:14:c6:96:b1:3f:86:ea:58:
         57:a1:49:86:ea:18:af:5a:f0:a0:96:8c:01:0a:39:e4:2e:56:
         e5:e8:f8:42:3a:a8:e3:bc:19:b9:21:21:63:15:f3:a3:95:8d:
         80:03:9b:13:32:7e:96:94:5d:dc:1e:fa:96:d7:8d:83:76:51:
         54:ba:8c:0d:b4:bd:e6:55:e0:7f:e2:bf:4f:25:b0:c0:b4:a5:
         ca:8e:8f:9b:6f:d9:f9:5a:39:d0:47:f1:01:c9:c8:d1:a0:0b:
         3c:c4:e5:af:71:2a:3b:ef:ff:e9:86:3f:9b:d1:29:00:b8:5d:
         47:dc:bc:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y2dGP7CnVj37ieu2ntiNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhYTJmMTIwNTU1M2ZhNTk2MGYxODA1YzZlZDkzODllOWUw
ZGM5MmMwHhcNMjYwMTAyMDgyMDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGEwNGNkMjFmNWQzZTEwMzIwODY1MjJlMTQwYjQyOGU1MWEzN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnloBc+H15G+/+hGcHelnwNyLJHOp
Hn0mffGR/t95LbRw6wXhFUgyUpBzCd8oTTfqKgQDuMWyFienTegOhqgiKpXwK/ih
aN5VZZDnoJ+sReNqJrbOG2YFgblMMGaY8s3IQtRw0i2lu1WhAw/owuDWZ0aTVn9/
8NkgvBhHhgVF9sDAoUmcoctXGzAmK8HsGMUk3ZxPkAmjeb0FMExPg+9B3Wf8O7yb
lhiGrf4zuvFNgUo2LuS++jlvOwP3LTXpZ2RIgoFCLXloo7koR3AqTWNHygDDrDbZ
kjs+YJxtodF1rtqlELYptMqRg5Eg7u9DGkM7+tAqCkx2pCgmcReM90jN4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2gTNIfXT4QMghlIuFAtCjlGjepMB8GA1UdIwQY
MBaAFAqi8SBVU/pZYPGAXG7ZOJ6eDcksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3FMeElGVlQtbGxnOFlCY2J0azRucDROeVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGU0NDItMTM3ZS00MTAxLWJiNmMt
YjA2ODMxNTk2NDQ5LzEvN2FCTTBoOWRQaEF5Q0dVaTRVQzBLT1VhTjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGU0NDItMTM3ZS00MTAxLWJiNmMtYjA2ODMxNTk2NDQ5
LzEvQ3FMeElGVlQtbGxnOFlCY2J0azRucDROeVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWlAMA0G
CSqGSIb3DQEBCwUAA4IBAQAxU3OmfehBAMoej1WrHIAab+mcz9plii/4vcZHBDIT
7vUhlSB6G1Pv82tsWhMUgK/FYQ4K5aTH9SJxmQ7NrM54tgQnMo2dc7W3f9ZxZNHe
Ab9YKF5kw0tlUW7nkOHbBXS1IiG8vbLNFrO7krxgefoeViLOe8KOqtbxPn5ToBbg
bxLVJWZ/SUW3FMaWsT+G6lhXoUmG6hivWvCglowBCjnkLlbl6PhCOqjjvBm5ISFj
FfOjlY2AA5sTMn6WlF3cHvqW142DdlFUuowNtL3mVeB/4r9PJbDAtKXKjo+bb9n5
WjnQR/EBycjRoAs8xOWvcSo77//phj+b0SkAuF1H3LxE
-----END CERTIFICATE-----