This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/AeVrZINs9Mwgw--CeQuhBL48V9o.roa
File:                     AeVrZINs9Mwgw--CeQuhBL48V9o.roa (raw, json)
Hash identifier:          tOULrw1qQEUkRt4Egsmhx0JNl0n1ptX0coLHQFBvARg=
Subject key identifier:   01:E5:6B:64:83:6C:F4:CC:20:C3:EF:82:79:0B:A1:04:BE:3C:57:DA
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019B7F14E68C035ABC76FF8228DDEEC9266D
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/AeVrZINs9Mwgw--CeQuhBL48V9o.roa
Signing time:             Fri 02 Jan 2026 14:20:34 +0000
ROA not before:           Fri 02 Jan 2026 14:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198047
IP address blocks:        185.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:e6:8c:03:5a:bc:76:ff:82:28:dd:ee:c9:26:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 14:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01e56b64836cf4cc20c3ef82790ba104be3c57da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:18:a9:fa:60:79:3e:8e:62:32:71:69:4e:4b:
                    06:85:24:23:25:60:97:a5:d9:10:fb:d2:a4:89:f1:
                    0d:18:4f:3a:c3:46:2e:5b:91:a5:13:72:cf:cb:28:
                    28:48:6f:6b:eb:9d:c2:91:21:ee:36:f7:bd:2a:99:
                    a9:fd:16:04:a8:3b:5f:4b:09:75:e7:3a:8f:32:73:
                    5f:84:84:01:ed:7a:48:e6:4e:53:b3:e2:2a:3b:8a:
                    c2:48:b2:39:82:2f:47:52:81:0b:37:98:67:b3:b8:
                    14:43:a5:8c:53:7e:cd:b3:93:53:10:b4:80:ec:1a:
                    f2:76:8c:d7:40:41:1d:27:91:c7:97:63:db:67:e8:
                    da:bd:99:33:6c:01:6d:39:b2:5d:8f:51:b4:51:1b:
                    03:a1:92:8a:4e:7a:92:63:ab:3f:4c:41:67:2c:fd:
                    c3:da:d5:ac:8c:10:bc:5a:5f:35:41:3b:16:82:3a:
                    bf:3b:9d:cc:e0:6c:ee:4d:73:9e:33:66:6d:5c:b0:
                    c1:11:36:c2:7d:09:73:bc:f3:45:a7:bf:52:83:b0:
                    25:08:59:d9:22:8a:a4:f2:ac:cf:1f:7f:37:e7:e8:
                    90:c5:e9:30:6b:df:bc:e1:8b:ed:94:fd:b5:c1:a8:
                    4f:ae:fa:aa:d8:0f:77:05:42:08:3b:c5:77:47:ee:
                    68:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E5:6B:64:83:6C:F4:CC:20:C3:EF:82:79:0B:A1:04:BE:3C:57:DA
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/AeVrZINs9Mwgw--CeQuhBL48V9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:3d:5e:5a:66:39:da:9f:88:ff:7e:98:42:83:0d:0c:93:d9:
         bd:d3:c2:eb:e6:8a:8b:f6:b5:85:5f:a0:2a:49:0a:b0:1f:d2:
         ee:ee:7b:81:27:8b:9c:f8:a3:d1:c8:52:2a:2f:0b:30:11:c2:
         e8:82:1f:48:b3:32:27:28:79:05:ff:7a:0b:ec:a7:9a:dd:88:
         5c:54:f3:cb:b2:2c:02:5b:15:05:10:90:18:c9:ec:95:cb:85:
         46:a6:cb:cd:8b:8e:2a:49:a4:16:92:51:62:a1:c1:fc:5f:74:
         e9:7b:49:d9:ab:10:6b:5e:4c:ca:7a:0f:c1:4c:22:00:e3:bd:
         5f:ab:28:9f:34:a7:4b:a6:e6:3c:1a:6e:44:f9:f2:53:3f:1e:
         2c:13:3f:69:67:db:ec:0a:40:ad:09:27:9a:43:e9:f3:fd:ca:
         82:7b:a8:49:02:68:15:54:e4:84:60:b0:f0:6b:93:a4:85:45:
         12:ca:8f:f6:d6:74:26:92:03:10:8a:92:67:49:76:77:e2:af:
         83:a6:b9:01:35:ee:44:84:87:cb:6c:bb:c6:ed:9b:c4:55:30:
         31:b3:bd:91:6f:9f:d1:fb:94:c2:06:66:1d:8d:b2:f0:8a:de:
         5e:c3:a2:ed:9c:b4:15:b5:45:97:7c:c6:74:45:6f:47:e0:fd:
         08:2d:50:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FOaMA1q8dv+CKN3uySZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjYwMTAyMTQyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWU1NmI2NDgzNmNmNGNjMjBjM2VmODI3OTBiYTEwNGJlM2M1N2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hip+mB5Po5iMnFpTksGhSQjJWCX
pdkQ+9KkifENGE86w0YuW5GlE3LPyygoSG9r653CkSHuNve9Kpmp/RYEqDtfSwl1
5zqPMnNfhIQB7XpI5k5Ts+IqO4rCSLI5gi9HUoELN5hns7gUQ6WMU37Ns5NTELSA
7BrydozXQEEdJ5HHl2PbZ+javZkzbAFtObJdj1G0URsDoZKKTnqSY6s/TEFnLP3D
2tWsjBC8Wl81QTsWgjq/O53M4GzuTXOeM2ZtXLDBETbCfQlzvPNFp79Sg7AlCFnZ
Ioqk8qzPH3835+iQxekwa9+84YvtlP21wahPrvqq2A93BUIIO8V3R+5oEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHla2SDbPTMIMPvgnkLoQS+PFfaMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvQWVWclpJTnM5TXdndy0tQ2VRdWhCTDQ4VjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQvwMA0G
CSqGSIb3DQEBCwUAA4IBAQBoPV5aZjnan4j/fphCgw0Mk9m908Lr5oqL9rWFX6Aq
SQqwH9Lu7nuBJ4uc+KPRyFIqLwswEcLogh9IszInKHkF/3oL7Kea3YhcVPPLsiwC
WxUFEJAYyeyVy4VGpsvNi44qSaQWklFiocH8X3Tpe0nZqxBrXkzKeg/BTCIA471f
qyifNKdLpuY8Gm5E+fJTPx4sEz9pZ9vsCkCtCSeaQ+nz/cqCe6hJAmgVVOSEYLDw
a5OkhUUSyo/21nQmkgMQipJnSXZ34q+DprkBNe5EhIfLbLvG7ZvEVTAxs72Rb5/R
+5TCBmYdjbLwit5ew6LtnLQVtUWXfMZ0RW9H4P0ILVC9
-----END CERTIFICATE-----