This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/r-1SzrZjoEXcWaVFk74aF23TjJ0.roa
File:                     r-1SzrZjoEXcWaVFk74aF23TjJ0.roa (raw, json)
Hash identifier:          sRjFv0mWTbb1HZj7c7GM888be2VPScRA9imdmTy3Guc=
Subject key identifier:   AF:ED:52:CE:B6:63:A0:45:DC:59:A5:45:93:BE:1A:17:6D:D3:8C:9D
Certificate issuer:       /CN=1c766b058c096753a34ad625d53275cd2dba5b33
Certificate serial:       019B7FF1EA81E689CE671D3E6234A6DAC59E
Authority key identifier: 1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/r-1SzrZjoEXcWaVFk74aF23TjJ0.roa
Signing time:             Fri 02 Jan 2026 18:21:59 +0000
ROA not before:           Fri 02 Jan 2026 18:21:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51431
IP address blocks:        185.171.52.0/24 maxlen: 24
                          185.171.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:ea:81:e6:89:ce:67:1d:3e:62:34:a6:da:c5:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c766b058c096753a34ad625d53275cd2dba5b33
        Validity
            Not Before: Jan  2 18:21:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afed52ceb663a045dc59a54593be1a176dd38c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c8:30:ce:a1:2a:dc:a5:62:22:b1:2e:30:93:
                    55:eb:e5:db:79:ad:20:73:02:38:1b:bc:70:51:6c:
                    d6:7e:01:98:c1:8f:74:d2:1a:53:78:b4:e3:52:86:
                    4d:02:90:cf:a7:07:d3:b0:30:44:6d:43:a1:64:2d:
                    05:7f:93:95:20:2d:9c:ac:03:31:c4:1e:3b:ae:8e:
                    17:e8:a2:c6:e7:cb:a5:be:56:d5:d9:fa:52:af:17:
                    97:ef:a5:6e:39:a0:3d:b9:01:e1:cd:75:70:03:11:
                    8d:16:7d:a6:0b:f4:cd:33:c9:a9:4c:7f:12:4e:1d:
                    d3:9e:c5:5f:5b:d3:59:ba:5d:cc:8a:5e:80:a2:87:
                    87:49:27:d6:b3:1a:5f:74:dd:fc:e2:72:bb:fa:7e:
                    78:63:cd:d3:10:32:cb:22:52:b2:e0:ff:2e:89:45:
                    03:a3:51:05:f4:0a:ed:0a:83:54:27:7f:91:0a:a1:
                    39:c8:12:f9:fe:23:98:98:6f:4d:05:6d:a8:ca:90:
                    18:ba:c9:48:59:c5:db:29:7d:b8:8f:a8:03:fe:26:
                    4a:91:f8:6f:12:f7:4a:19:c6:f4:f0:d6:55:55:b1:
                    54:48:78:ec:b3:85:1f:d8:6c:ef:ac:44:8a:17:13:
                    cf:fc:d6:f6:e2:1a:c3:d1:51:d5:09:15:ce:f4:c5:
                    69:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:ED:52:CE:B6:63:A0:45:DC:59:A5:45:93:BE:1A:17:6D:D3:8C:9D
            X509v3 Authority Key Identifier:
                keyid:1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/r-1SzrZjoEXcWaVFk74aF23TjJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:57:61:a2:da:61:dc:b3:a8:86:c2:93:c6:61:6e:ee:23:42:
         48:2b:0f:49:8a:6e:58:b2:48:a0:b7:bc:c3:f1:de:1b:3f:a7:
         94:54:24:30:d2:ca:c5:56:30:92:e5:5c:d0:23:13:d5:50:9d:
         38:f6:d4:89:f6:11:54:0d:16:09:30:44:c4:50:6e:08:0d:6c:
         5a:8e:61:a7:1e:94:73:96:d4:42:f5:54:e0:2b:c7:c3:38:b2:
         c6:75:a1:f0:c2:ea:44:30:62:80:e8:af:79:cc:3d:2b:19:68:
         09:e9:75:fb:40:dc:00:84:6b:23:4c:15:5d:47:39:0f:e4:a4:
         54:61:ac:d2:95:86:d4:af:2c:77:2e:aa:74:87:39:aa:b1:e8:
         0f:cf:99:eb:b6:94:9d:14:fe:c2:c9:37:34:63:0a:7d:99:ec:
         21:7c:17:b4:4d:c3:7c:41:a6:52:87:50:3d:46:4e:d0:4a:7f:
         85:97:34:46:2c:39:31:be:71:95:99:b3:5f:06:4c:7e:0e:51:
         dc:1a:02:ec:79:30:04:83:d1:e6:a3:c2:d9:17:ec:bf:c6:26:
         73:bb:a1:2c:de:fc:13:09:39:bc:32:ec:12:e6:47:c9:46:21:
         00:0b:a9:62:aa:18:71:f0:58:a3:7f:64:58:4f:77:13:9b:97:
         76:e7:52:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8eqB5onOZx0+YjSm2sWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzY2YjA1OGMwOTY3NTNhMzRhZDYyNWQ1MzI3NWNkMmRi
YTViMzMwHhcNMjYwMTAyMTgyMTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmVkNTJjZWI2NjNhMDQ1ZGM1OWE1NDU5M2JlMWExNzZkZDM4YzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMgwzqEq3KViIrEuMJNV6+Xbea0g
cwI4G7xwUWzWfgGYwY900hpTeLTjUoZNApDPpwfTsDBEbUOhZC0Ff5OVIC2crAMx
xB47ro4X6KLG58ulvlbV2fpSrxeX76VuOaA9uQHhzXVwAxGNFn2mC/TNM8mpTH8S
Th3TnsVfW9NZul3Mil6AooeHSSfWsxpfdN384nK7+n54Y83TEDLLIlKy4P8uiUUD
o1EF9ArtCoNUJ3+RCqE5yBL5/iOYmG9NBW2oypAYuslIWcXbKX24j6gD/iZKkfhv
EvdKGcb08NZVVbFUSHjss4Uf2GzvrESKFxPP/Nb24hrD0VHVCRXO9MVpFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/tUs62Y6BF3FmlRZO+Ghdt04ydMB8GA1UdIwQY
MBaAFBx2awWMCWdTo0rWJdUydc0tulszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzIt
ODE5MTdkZmZkY2Q3LzEvci0xU3pyWmpvRVhjV2FWRms3NGFGMjNUakowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzItODE5MTdkZmZkY2Q3
LzEvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuas0MA0G
CSqGSIb3DQEBCwUAA4IBAQArV2Gi2mHcs6iGwpPGYW7uI0JIKw9Jim5Yskigt7zD
8d4bP6eUVCQw0srFVjCS5VzQIxPVUJ049tSJ9hFUDRYJMETEUG4IDWxajmGnHpRz
ltRC9VTgK8fDOLLGdaHwwupEMGKA6K95zD0rGWgJ6XX7QNwAhGsjTBVdRzkP5KRU
YazSlYbUryx3Lqp0hzmqsegPz5nrtpSdFP7CyTc0Ywp9mewhfBe0TcN8QaZSh1A9
Rk7QSn+FlzRGLDkxvnGVmbNfBkx+DlHcGgLseTAEg9Hmo8LZF+y/xiZzu6Es3vwT
CTm8MuwS5kfJRiEAC6liqhhx8Fijf2RYT3cTm5d251K3
-----END CERTIFICATE-----