This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/CGlwaarm8XPHSfd_sN3ULyqaKUg.roa
File:                     CGlwaarm8XPHSfd_sN3ULyqaKUg.roa (raw, json)
Hash identifier:          WkoSqWTtOvdRK1F0sTVTQcYIqle5HqEUONAxF4fdu+0=
Subject key identifier:   08:69:70:69:AA:E6:F1:73:C7:49:F7:7F:B0:DD:D4:2F:2A:9A:29:48
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019B7D5C464D0D80796A30BB90EF86FDB46D
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/CGlwaarm8XPHSfd_sN3ULyqaKUg.roa
Signing time:             Fri 02 Jan 2026 06:19:17 +0000
ROA not before:           Fri 02 Jan 2026 06:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198636
IP address blocks:        94.131.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:46:4d:0d:80:79:6a:30:bb:90:ef:86:fd:b4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 06:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08697069aae6f173c749f77fb0ddd42f2a9a2948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:98:af:03:17:fd:7f:78:6a:dc:a0:0a:72:ec:
                    53:b8:dc:bb:20:a2:52:82:4e:71:1b:74:a1:df:84:
                    e7:b9:b9:fe:c0:c4:d8:13:c5:4e:b6:9b:ba:c5:7d:
                    fc:0d:16:f0:03:36:89:51:4b:14:d9:98:13:64:ba:
                    59:73:ac:bf:d9:77:32:70:37:01:88:13:d8:ef:68:
                    25:01:58:a9:e3:90:70:fd:b9:f5:82:2c:e9:5d:49:
                    d5:5d:1c:f7:fb:4e:88:24:c0:b0:63:c6:b8:13:a1:
                    93:ad:3b:9b:53:69:5b:95:3e:e6:ca:10:84:a4:e6:
                    24:2d:f1:03:c2:e3:c3:08:89:73:9c:ab:29:5c:42:
                    8b:f5:f1:a1:b0:f1:c6:a0:7d:e2:8e:40:31:43:cd:
                    15:7f:40:13:4c:13:2f:7e:d3:6b:dc:7c:73:74:5c:
                    85:ee:cd:8e:43:5e:c5:5a:09:10:f1:71:e5:5c:cd:
                    95:f2:bb:75:7d:df:14:ae:cd:8f:9f:ff:25:6f:14:
                    22:e2:45:cd:16:5f:b2:c2:9e:89:d9:01:cb:aa:1f:
                    61:e7:c0:6f:13:93:ff:fd:62:32:f5:da:10:1d:98:
                    9b:8a:57:58:aa:1a:3c:0a:e8:63:67:45:9f:11:b5:
                    2e:16:60:d5:54:ae:5c:92:f4:65:72:c5:0b:b6:0c:
                    82:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:69:70:69:AA:E6:F1:73:C7:49:F7:7F:B0:DD:D4:2F:2A:9A:29:48
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/CGlwaarm8XPHSfd_sN3ULyqaKUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:9c:4f:28:ec:bf:78:cb:d2:7b:ab:e0:08:40:f2:ed:9e:3e:
         08:d4:e4:28:b5:ff:f4:bb:15:e3:89:d9:f8:91:65:33:07:22:
         31:e3:65:86:a5:b4:07:0f:a9:e3:4a:8f:f2:9c:36:38:cf:6d:
         a5:23:70:87:44:12:96:f0:de:fd:00:02:a5:22:2d:5e:77:e1:
         21:5e:49:8b:b0:e7:a6:28:71:a5:f7:2b:91:9a:1b:58:b3:e1:
         46:88:1b:0e:49:e7:ce:b7:8f:ce:0c:a3:64:d0:08:45:21:b2:
         1a:e0:91:03:b0:62:6f:98:e0:66:b0:7d:f7:45:5f:26:61:55:
         c3:9d:29:7d:4b:0d:92:f8:7a:67:c5:65:d6:85:72:ee:93:d9:
         55:11:10:d4:e8:99:c2:a5:16:32:b8:6a:95:8c:ef:00:09:bf:
         6d:58:22:8e:a8:46:01:58:e0:28:e1:c7:fe:58:ca:c8:1b:2a:
         3f:40:26:da:69:f8:ca:a3:7f:ac:6f:e6:ed:ff:26:3e:db:bf:
         57:88:f2:f1:f2:b8:9c:f8:fd:2a:9b:25:0a:91:52:76:8c:e7:
         45:8e:07:4d:46:62:30:ac:e7:08:0f:49:48:71:a9:32:ad:4e:
         cc:36:6f:0a:0b:8f:93:63:af:96:97:c8:c2:e8:22:dd:23:76:
         a8:45:a4:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XEZNDYB5ajC7kO+G/bRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjYwMTAyMDYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY5NzA2OWFhZTZmMTczYzc0OWY3N2ZiMGRkZDQyZjJhOWEyOTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZivAxf9f3hq3KAKcuxTuNy7IKJS
gk5xG3Sh34Tnubn+wMTYE8VOtpu6xX38DRbwAzaJUUsU2ZgTZLpZc6y/2XcycDcB
iBPY72glAVip45Bw/bn1gizpXUnVXRz3+06IJMCwY8a4E6GTrTubU2lblT7myhCE
pOYkLfEDwuPDCIlznKspXEKL9fGhsPHGoH3ijkAxQ80Vf0ATTBMvftNr3HxzdFyF
7s2OQ17FWgkQ8XHlXM2V8rt1fd8Urs2Pn/8lbxQi4kXNFl+ywp6J2QHLqh9h58Bv
E5P//WIy9doQHZibildYqho8CuhjZ0WfEbUuFmDVVK5ckvRlcsULtgyCewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhpcGmq5vFzx0n3f7Dd1C8qmilIMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvQ0dsd2Fhcm04WFBIU2ZkX3NOM1VMeXFhS1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBlnE8o7L94y9J7q+AIQPLtnj4I1OQotf/0uxXjidn4
kWUzByIx42WGpbQHD6njSo/ynDY4z22lI3CHRBKW8N79AAKlIi1ed+EhXkmLsOem
KHGl9yuRmhtYs+FGiBsOSefOt4/ODKNk0AhFIbIa4JEDsGJvmOBmsH33RV8mYVXD
nSl9Sw2S+HpnxWXWhXLuk9lVERDU6JnCpRYyuGqVjO8ACb9tWCKOqEYBWOAo4cf+
WMrIGyo/QCbaafjKo3+sb+bt/yY+279XiPLx8ric+P0qmyUKkVJ2jOdFjgdNRmIw
rOcID0lIcakyrU7MNm8KC4+TY6+Wl8jC6CLdI3aoRaTU
-----END CERTIFICATE-----