This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/klEBVf4dF7MgJYTATHOUPg0b0AE.roa
File:                     klEBVf4dF7MgJYTATHOUPg0b0AE.roa (raw, json)
Hash identifier:          C4fWrLhaNG8RVCFL00ILgewHaKRJE7BqZzdKxme/1jQ=
Subject key identifier:   92:51:01:55:FE:1D:17:B3:20:25:84:C0:4C:73:94:3E:0D:1B:D0:01
Certificate issuer:       /CN=8293905afa134944f0630c949f3abda40646dac1
Certificate serial:       019B7C7FA4FC381490AA100787EE92F6C787
Authority key identifier: 82:93:90:5A:FA:13:49:44:F0:63:0C:94:9F:3A:BD:A4:06:46:DA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gpOQWvoTSUTwYwyUnzq9pAZG2sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/klEBVf4dF7MgJYTATHOUPg0b0AE.roa
Signing time:             Fri 02 Jan 2026 02:18:18 +0000
ROA not before:           Fri 02 Jan 2026 02:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31087
IP address blocks:        185.97.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/gpOQWvoTSUTwYwyUnzq9pAZG2sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/gpOQWvoTSUTwYwyUnzq9pAZG2sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gpOQWvoTSUTwYwyUnzq9pAZG2sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:a4:fc:38:14:90:aa:10:07:87:ee:92:f6:c7:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8293905afa134944f0630c949f3abda40646dac1
        Validity
            Not Before: Jan  2 02:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92510155fe1d17b3202584c04c73943e0d1bd001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2b:49:65:09:72:62:b3:15:a0:df:69:fa:aa:
                    b8:2b:16:60:57:42:17:a2:c2:35:0b:27:7f:2c:8a:
                    00:f0:d4:be:d1:25:95:d8:52:05:49:84:98:b4:5a:
                    d8:6b:45:89:35:21:60:c7:a1:0b:bd:1d:b6:06:6d:
                    ba:67:c5:ac:a0:de:27:4f:3e:cb:a1:5e:a0:63:ff:
                    03:5c:d9:da:b3:46:ba:3f:cf:4e:19:7c:bc:57:e8:
                    04:52:df:85:f7:89:8d:c4:18:84:c1:f9:ab:b5:7c:
                    b2:28:1d:c8:b8:08:55:07:24:83:80:14:ac:c4:8c:
                    89:e7:14:06:03:26:14:f7:28:b7:b3:14:3d:d6:f2:
                    2d:33:e0:06:31:38:54:2f:76:d4:cd:42:3c:4e:96:
                    9a:b1:06:bd:46:dc:df:57:2f:94:b2:10:29:7a:38:
                    3e:26:25:2e:fe:7d:fa:a9:ff:d2:69:6f:67:4e:2c:
                    4a:4a:8f:41:28:f0:15:e7:55:e6:fb:01:47:41:f4:
                    ed:5b:87:32:bb:2b:d9:3c:59:73:dd:f2:62:28:c5:
                    24:90:83:38:61:ac:dc:2d:75:94:2e:d7:80:ff:0d:
                    61:b6:b6:0d:a9:cb:9c:d9:97:30:4b:c5:5e:ff:cd:
                    c9:7f:f2:54:34:42:ae:54:16:61:9f:02:aa:1d:cd:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:51:01:55:FE:1D:17:B3:20:25:84:C0:4C:73:94:3E:0D:1B:D0:01
            X509v3 Authority Key Identifier:
                keyid:82:93:90:5A:FA:13:49:44:F0:63:0C:94:9F:3A:BD:A4:06:46:DA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gpOQWvoTSUTwYwyUnzq9pAZG2sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/klEBVf4dF7MgJYTATHOUPg0b0AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/e1c373-64f8-4226-9044-81095a13b9de/1/gpOQWvoTSUTwYwyUnzq9pAZG2sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:12:ef:09:03:fe:07:0b:b2:9b:bf:26:e0:ed:61:6b:18:95:
         40:65:c6:b5:ee:38:d5:42:ed:63:7a:d6:b1:33:66:fb:8b:cc:
         dc:96:25:3a:5a:95:0a:9f:02:ff:f9:f5:cc:6b:57:46:22:2f:
         68:db:f2:85:fc:86:6e:a1:e2:a1:d2:c4:1e:05:3d:7c:a0:00:
         eb:7c:c7:2d:24:91:76:70:e2:d6:31:10:11:ff:54:f3:08:87:
         92:e7:f8:19:1f:aa:f8:08:42:86:1d:7e:31:79:8b:d4:a8:f4:
         d6:07:ab:12:72:84:e0:d5:5d:89:2a:cd:67:f1:af:71:40:1c:
         ea:c0:42:7d:22:f8:34:11:92:0d:25:ad:db:da:8e:ca:89:03:
         2c:3e:e9:15:36:6d:4b:39:48:72:10:1e:a2:a1:48:9f:52:55:
         84:05:89:f9:df:02:a7:6f:dd:f8:41:15:83:a6:67:67:bd:bb:
         61:ef:f1:f4:bc:f7:00:12:7d:33:94:b5:4e:89:0b:f0:51:f5:
         38:07:4f:48:bb:09:f1:cb:98:24:f4:40:47:bd:04:81:ee:f6:
         c4:0e:7b:32:03:aa:2f:47:52:e8:d7:a8:35:4b:df:f9:03:4f:
         4e:26:09:66:e3:4b:43:4f:2e:39:b9:25:6f:b6:3e:ea:55:bd:
         ee:37:ad:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f6T8OBSQqhAHh+6S9seHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyOTM5MDVhZmExMzQ5NDRmMDYzMGM5NDlmM2FiZGE0MDY0
NmRhYzEwHhcNMjYwMTAyMDIxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjUxMDE1NWZlMWQxN2IzMjAyNTg0YzA0YzczOTQzZTBkMWJkMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuitJZQlyYrMVoN9p+qq4KxZgV0IX
osI1Cyd/LIoA8NS+0SWV2FIFSYSYtFrYa0WJNSFgx6ELvR22Bm26Z8WsoN4nTz7L
oV6gY/8DXNnas0a6P89OGXy8V+gEUt+F94mNxBiEwfmrtXyyKB3IuAhVBySDgBSs
xIyJ5xQGAyYU9yi3sxQ91vItM+AGMThUL3bUzUI8TpaasQa9RtzfVy+UshApejg+
JiUu/n36qf/SaW9nTixKSo9BKPAV51Xm+wFHQfTtW4cyuyvZPFlz3fJiKMUkkIM4
YazcLXWULteA/w1htrYNqcuc2ZcwS8Ve/83Jf/JUNEKuVBZhnwKqHc08hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJRAVX+HRezICWEwExzlD4NG9ABMB8GA1UdIwQY
MBaAFIKTkFr6E0lE8GMMlJ86vaQGRtrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3BPUVd2b1RTVVR3WXd5VW56cTlwQVpHMnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9lMWMzNzMtNjRmOC00MjI2LTkwNDQt
ODEwOTVhMTNiOWRlLzEva2xFQlZmNGRGN01nSllUQVRIT1VQZzBiMEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9lMWMzNzMtNjRmOC00MjI2LTkwNDQtODEwOTVhMTNiOWRl
LzEvZ3BPUVd2b1RTVVR3WXd5VW56cTlwQVpHMnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWHcMA0G
CSqGSIb3DQEBCwUAA4IBAQASEu8JA/4HC7Kbvybg7WFrGJVAZca17jjVQu1jetax
M2b7i8zcliU6WpUKnwL/+fXMa1dGIi9o2/KF/IZuoeKh0sQeBT18oADrfMctJJF2
cOLWMRAR/1TzCIeS5/gZH6r4CEKGHX4xeYvUqPTWB6sScoTg1V2JKs1n8a9xQBzq
wEJ9Ivg0EZINJa3b2o7KiQMsPukVNm1LOUhyEB6ioUifUlWEBYn53wKnb934QRWD
pmdnvbth7/H0vPcAEn0zlLVOiQvwUfU4B09Iuwnxy5gk9EBHvQSB7vbEDnsyA6ov
R1Lo16g1S9/5A09OJglm40tDTy45uSVvtj7qVb3uN61Q
-----END CERTIFICATE-----