This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/cgJUrA7zUIWAeZrM-A-gevZWhKE.roa
File:                     cgJUrA7zUIWAeZrM-A-gevZWhKE.roa (raw, json)
Hash identifier:          E3FKka6J+aK+1x7zSPpnK2SU6NFTg+dv8eZSvTw7VeI=
Subject key identifier:   72:02:54:AC:0E:F3:50:85:80:79:9A:CC:F8:0F:A0:7A:F6:56:84:A1
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB835469340BE03C8B00354A40CA39
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/cgJUrA7zUIWAeZrM-A-gevZWhKE.roa
Signing time:             Thu 01 Jan 2026 00:18:24 +0000
ROA not before:           Thu 01 Jan 2026 00:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203814
IP address blocks:        185.123.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:83:54:69:34:0b:e0:3c:8b:00:35:4a:40:ca:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=720254ac0ef3508580799accf80fa07af65684a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:18:24:89:1b:31:b9:2c:63:ec:09:c0:d8:c6:
                    2e:3c:63:cf:2d:8e:3b:26:56:2c:2b:84:32:a5:f5:
                    d5:7c:db:57:de:fb:b1:5b:07:12:28:cc:7e:d9:e7:
                    24:3b:64:84:c3:a3:af:05:1c:ad:93:f2:3c:14:74:
                    28:82:85:84:31:cd:2c:d9:a5:0d:37:33:38:47:c1:
                    86:a5:88:db:cc:16:80:27:22:5d:d3:1d:f2:41:df:
                    ff:ca:e4:a6:79:70:f2:1f:58:8e:80:93:2c:b5:5e:
                    cc:48:ea:be:6d:86:df:46:00:95:c9:13:24:49:2d:
                    16:ac:f2:50:27:fa:1e:b2:d7:51:13:7d:f3:5e:b5:
                    7e:e2:fd:21:09:69:7b:7f:bf:a1:48:c3:91:51:12:
                    53:24:e9:a1:6a:8d:0d:35:16:9f:64:ce:fc:39:2e:
                    a7:67:98:1d:f2:5d:b6:66:27:ff:1c:66:b5:97:ff:
                    32:b0:ee:e3:ea:3f:2e:a7:d3:f4:c9:7f:f5:eb:c0:
                    24:19:40:07:85:f3:e5:7a:50:b3:e2:cf:5b:46:2c:
                    9b:d4:e7:4d:54:ab:47:7d:97:68:67:7c:25:2a:37:
                    61:86:01:69:02:1d:82:41:2c:71:fa:f5:37:49:30:
                    f6:19:50:fe:91:f4:1d:45:96:ca:b9:1b:2a:aa:9c:
                    9d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:02:54:AC:0E:F3:50:85:80:79:9A:CC:F8:0F:A0:7A:F6:56:84:A1
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/cgJUrA7zUIWAeZrM-A-gevZWhKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:f3:d3:85:e0:86:e4:e9:63:20:31:bb:5f:6a:a5:8b:a8:2d:
         a3:3e:31:10:87:e3:08:af:18:e6:8b:91:dd:6e:27:dc:3a:d5:
         6b:7b:52:4b:95:33:2b:e1:5b:4f:8f:22:59:4b:b0:71:9a:ef:
         67:65:85:33:d7:f4:9f:e9:3f:fb:00:08:36:9d:ab:d5:da:fe:
         21:d3:4b:61:da:76:cf:d1:0c:38:d1:37:a2:d3:d1:33:d0:c2:
         5a:b1:4f:d4:2b:c5:aa:e7:fa:e3:65:87:22:4b:39:79:65:cc:
         6c:74:f1:fc:ff:ca:f6:2a:b2:9e:41:ec:6a:7a:e2:ca:65:00:
         32:bd:d9:65:3b:78:53:8c:e1:30:59:0b:92:60:24:18:e3:17:
         46:a4:fd:52:91:a3:26:45:b3:a9:7a:f1:54:bc:d5:db:53:6f:
         7f:b1:f9:8d:62:94:09:2b:3b:18:20:17:f0:a7:30:1b:9b:85:
         7c:7f:0c:9e:8a:f4:a3:75:41:c8:f6:ba:d0:b0:b4:a3:2d:7e:
         44:5e:7b:f8:3d:af:5a:35:9a:46:f4:e7:e1:b7:c6:a2:88:a8:
         86:ac:62:6c:e1:5e:85:12:aa:a8:3b:0c:2e:c0:51:14:0d:db:
         08:c4:05:f3:76:3e:43:97:fd:d0:91:3f:fc:49:9c:aa:29:28:
         4c:1e:98:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264NUaTQL4DyLADVKQMo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjAyNTRhYzBlZjM1MDg1ODA3OTlhY2NmODBmYTA3YWY2NTY4NGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhgkiRsxuSxj7AnA2MYuPGPPLY47
JlYsK4QypfXVfNtX3vuxWwcSKMx+2eckO2SEw6OvBRytk/I8FHQogoWEMc0s2aUN
NzM4R8GGpYjbzBaAJyJd0x3yQd//yuSmeXDyH1iOgJMstV7MSOq+bYbfRgCVyRMk
SS0WrPJQJ/oestdRE33zXrV+4v0hCWl7f7+hSMORURJTJOmhao0NNRafZM78OS6n
Z5gd8l22Zif/HGa1l/8ysO7j6j8up9P0yX/168AkGUAHhfPlelCz4s9bRiyb1OdN
VKtHfZdoZ3wlKjdhhgFpAh2CQSxx+vU3STD2GVD+kfQdRZbKuRsqqpydkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHICVKwO81CFgHmazPgPoHr2VoShMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvY2dKVXJBN3pVSVdBZVpyTS1BLWdldlpXaEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXsgMA0G
CSqGSIb3DQEBCwUAA4IBAQB289OF4Ibk6WMgMbtfaqWLqC2jPjEQh+MIrxjmi5Hd
bifcOtVre1JLlTMr4VtPjyJZS7Bxmu9nZYUz1/Sf6T/7AAg2navV2v4h00th2nbP
0Qw40Tei09Ez0MJasU/UK8Wq5/rjZYciSzl5ZcxsdPH8/8r2KrKeQexqeuLKZQAy
vdllO3hTjOEwWQuSYCQY4xdGpP1SkaMmRbOpevFUvNXbU29/sfmNYpQJKzsYIBfw
pzAbm4V8fwyeivSjdUHI9rrQsLSjLX5EXnv4Pa9aNZpG9Ofht8aiiKiGrGJs4V6F
EqqoOwwuwFEUDdsIxAXzdj5Dl/3QkT/8SZyqKShMHpj4
-----END CERTIFICATE-----