This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FjJlBk4vljCVJZoKSfMPflAcx1I.roa
File:                     FjJlBk4vljCVJZoKSfMPflAcx1I.roa (raw, json)
Hash identifier:          1SIsNHfnj1y+m+lEm8o9zgu9QiQbTkBbHwe1/ESIdkw=
Subject key identifier:   16:32:65:06:4E:2F:96:30:95:25:9A:0A:49:F3:0F:7E:50:1C:C7:52
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B7910721DFE8352FC92A78AD1E76A09FF
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FjJlBk4vljCVJZoKSfMPflAcx1I.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        185.5.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:72:1d:fe:83:52:fc:92:a7:8a:d1:e7:6a:09:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=163265064e2f963095259a0a49f30f7e501cc752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f2:86:6d:2b:80:8e:98:7d:6f:d9:dc:c2:a1:
                    80:22:07:f9:b4:2c:a0:ff:d7:f5:a8:25:5e:97:b2:
                    6a:93:8c:78:8c:0c:d6:3b:08:73:9e:89:7f:87:b8:
                    8e:10:39:dd:86:39:af:09:f7:b3:11:cc:de:91:e3:
                    cc:e4:95:6c:46:a6:b5:8c:4a:49:a5:12:85:b5:af:
                    f4:01:75:9c:82:9e:03:03:88:e8:c2:2e:ec:d1:46:
                    f3:b7:31:ab:ce:ac:36:69:ff:3c:df:2a:25:36:b6:
                    54:c2:bf:9d:af:dd:15:3a:fb:08:d1:b2:7c:58:35:
                    b6:64:e4:b0:74:72:c5:04:17:17:69:db:4c:5b:34:
                    48:28:9a:2a:e1:c2:6e:b8:5d:f1:94:c6:17:5d:ad:
                    bc:36:09:16:0a:3c:78:8b:bd:ea:72:aa:f3:40:38:
                    3b:95:6b:0a:9e:0d:45:e5:5a:db:d1:fb:86:a5:d1:
                    f6:b7:b5:24:96:5a:53:59:54:14:3b:1d:76:ee:40:
                    fd:06:f4:e9:1f:4c:5c:02:70:1e:d5:dc:ed:ce:e6:
                    b0:03:5e:51:67:21:a4:0d:ba:9f:4f:14:c7:1e:5e:
                    54:41:3d:94:1d:95:b3:d8:7b:76:88:e5:2e:dd:78:
                    d5:dd:04:f7:04:bc:99:37:8c:2f:60:51:cc:45:10:
                    f1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:32:65:06:4E:2F:96:30:95:25:9A:0A:49:F3:0F:7E:50:1C:C7:52
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FjJlBk4vljCVJZoKSfMPflAcx1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:85:23:4e:21:c2:57:89:f8:c4:61:f6:a7:11:f1:78:69:4b:
         31:9b:e4:a8:a8:17:8b:31:96:f6:57:6f:17:24:45:48:2d:6d:
         d9:67:c5:3f:1f:7f:6a:02:9f:2a:04:af:5f:fe:08:af:ce:61:
         4f:4f:93:5d:68:8c:2e:30:dc:1c:9b:24:dd:51:bb:1a:cf:89:
         68:ee:18:91:e5:07:1f:92:63:cc:6c:f5:ae:87:0c:72:7d:13:
         34:58:cf:77:41:dc:99:1c:9b:f9:b9:0e:45:1e:29:d7:0f:df:
         fc:0d:bb:47:f9:40:6a:0c:da:c9:ad:24:5b:7d:70:86:08:29:
         9a:dc:35:d3:f7:cd:56:6b:0a:01:97:23:d5:db:06:49:c2:4a:
         b4:fb:81:5f:bd:b3:3d:27:1f:ea:80:3c:8b:96:de:4a:02:77:
         42:fd:e5:c5:91:1e:d3:3e:26:9f:1c:55:3b:ba:c0:91:95:66:
         72:99:77:ea:b2:a7:f3:2d:83:2c:5e:a9:21:dc:ad:d4:44:08:
         1d:03:ad:24:fe:19:ef:81:7f:78:18:e9:70:b4:22:28:e5:1b:
         38:f6:1e:15:cb:d3:9b:8f:79:b2:c5:a8:a0:50:d6:5d:e0:39:
         58:48:2f:ae:9e:3f:04:84:23:2c:44:65:d4:11:6d:0d:cb:0d:
         fd:20:67:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHId/oNS/JKnitHnagn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjMyNjUwNjRlMmY5NjMwOTUyNTlhMGE0OWYzMGY3ZTUwMWNjNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfKGbSuAjph9b9ncwqGAIgf5tCyg
/9f1qCVel7Jqk4x4jAzWOwhznol/h7iOEDndhjmvCfezEczekePM5JVsRqa1jEpJ
pRKFta/0AXWcgp4DA4jowi7s0UbztzGrzqw2af883yolNrZUwr+dr90VOvsI0bJ8
WDW2ZOSwdHLFBBcXadtMWzRIKJoq4cJuuF3xlMYXXa28NgkWCjx4i73qcqrzQDg7
lWsKng1F5Vrb0fuGpdH2t7UkllpTWVQUOx127kD9BvTpH0xcAnAe1dztzuawA15R
ZyGkDbqfTxTHHl5UQT2UHZWz2Ht2iOUu3XjV3QT3BLyZN4wvYFHMRRDxcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYyZQZOL5YwlSWaCknzD35QHMdSMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvRmpKbEJrNHZsakNWSlpvS1NmTVBmbEFjeDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUmMA0G
CSqGSIb3DQEBCwUAA4IBAQBNhSNOIcJXifjEYfanEfF4aUsxm+SoqBeLMZb2V28X
JEVILW3ZZ8U/H39qAp8qBK9f/givzmFPT5NdaIwuMNwcmyTdUbsaz4lo7hiR5Qcf
kmPMbPWuhwxyfRM0WM93QdyZHJv5uQ5FHinXD9/8DbtH+UBqDNrJrSRbfXCGCCma
3DXT981WawoBlyPV2wZJwkq0+4FfvbM9Jx/qgDyLlt5KAndC/eXFkR7TPiafHFU7
usCRlWZymXfqsqfzLYMsXqkh3K3URAgdA60k/hnvgX94GOlwtCIo5Rs49h4Vy9Ob
j3myxaigUNZd4DlYSC+unj8EhCMsRGXUEW0Nyw39IGeR
-----END CERTIFICATE-----