This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/fHxwGlzfMCLIiDp8Vv2OdxscGso.roa
File:                     fHxwGlzfMCLIiDp8Vv2OdxscGso.roa (raw, json)
Hash identifier:          o4zFULkPLc/gsnlMwCBS25MbPklg6inUIBFIZjjQq/I=
Subject key identifier:   7C:7C:70:1A:5C:DF:30:22:C8:88:3A:7C:56:FD:8E:77:1B:1C:1A:CA
Certificate issuer:       /CN=37ceaa626cbd89052f3545335dfdb31a13383004
Certificate serial:       019B78351DBC0DF0A24E7DF03BBEF7086A98
Authority key identifier: 37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/fHxwGlzfMCLIiDp8Vv2OdxscGso.roa
Signing time:             Thu 01 Jan 2026 06:18:25 +0000
ROA not before:           Thu 01 Jan 2026 06:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213144
IP address blocks:        194.76.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:1d:bc:0d:f0:a2:4e:7d:f0:3b:be:f7:08:6a:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ceaa626cbd89052f3545335dfdb31a13383004
        Validity
            Not Before: Jan  1 06:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c7c701a5cdf3022c8883a7c56fd8e771b1c1aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:81:1f:aa:c9:43:82:d5:08:26:67:7f:32:75:
                    16:6f:8e:21:26:87:2e:c3:54:bc:40:4c:1a:9c:64:
                    5a:64:a0:b6:8a:99:2f:90:fc:10:e0:5a:53:a1:d5:
                    e6:d7:01:39:25:cc:58:17:f2:86:b4:32:9b:ff:df:
                    53:09:55:7e:9d:7a:14:2f:48:49:a8:e4:07:f3:3f:
                    4a:d9:39:db:42:58:41:e1:30:d7:02:e0:11:54:0c:
                    f0:e6:6c:64:92:4b:63:45:cb:18:43:d6:8e:4e:91:
                    1f:42:55:78:c5:5c:ea:5a:9b:df:0b:63:10:e7:8b:
                    54:a8:cb:aa:57:a2:80:7e:00:be:19:3f:c9:b8:b0:
                    be:0d:53:a4:fa:93:61:0a:18:d5:0a:91:48:ee:d6:
                    89:c7:f9:a2:6a:9d:0d:29:7a:85:80:25:bd:fe:1b:
                    89:00:5c:96:69:af:6e:ca:37:14:5c:8d:14:69:b3:
                    d2:60:33:87:b1:a5:2b:8f:b5:f3:06:88:ce:b2:1d:
                    2c:d1:d5:0d:70:11:23:7c:b1:d3:13:db:76:82:08:
                    16:00:9b:8e:d1:c4:b1:96:37:da:51:90:11:73:0c:
                    c4:7b:13:e7:d6:58:f4:d3:b6:27:b0:16:0f:c4:86:
                    e8:d5:e9:23:c0:b8:12:a1:f2:b7:30:98:60:6b:ac:
                    f2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7C:70:1A:5C:DF:30:22:C8:88:3A:7C:56:FD:8E:77:1B:1C:1A:CA
            X509v3 Authority Key Identifier:
                keyid:37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/fHxwGlzfMCLIiDp8Vv2OdxscGso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:5e:08:17:d2:32:7a:0a:75:50:c4:a9:e6:3d:90:13:b2:2e:
         a7:12:dd:27:1d:f1:a8:98:4b:3e:fe:63:05:7c:de:35:e0:cc:
         10:de:2a:aa:60:86:f9:5e:58:fb:17:1a:7e:65:70:19:61:ac:
         74:52:ee:a4:99:e6:6f:f8:db:c0:c6:c6:8c:a9:79:a0:9b:90:
         38:56:65:b7:73:89:4e:bf:04:fa:31:94:56:13:db:7d:3c:94:
         34:7b:32:51:f6:ca:9a:70:68:4e:b0:e8:e6:24:3f:f6:3d:92:
         35:ed:79:40:76:d9:29:a6:5a:fb:c5:87:b0:8b:3b:02:5a:6c:
         45:5b:44:da:9b:cb:d7:f8:c2:56:3d:0f:e1:7f:30:4a:9c:b0:
         61:fa:2d:73:88:c4:b2:46:17:42:d8:81:3b:46:1b:69:cb:12:
         9f:b7:e5:75:b0:3d:5c:65:f9:7b:e1:d0:20:2b:74:c7:bc:e3:
         63:82:ff:1c:e5:ae:8a:1d:06:3c:c3:c8:a1:92:0f:ed:15:e0:
         5e:36:ee:2f:7b:a0:94:7e:e0:f7:04:2d:8e:2c:cf:21:4b:66:
         a3:af:98:d1:19:99:36:9c:50:60:72:9f:cc:94:38:25:16:70:
         be:93:f7:99:63:95:d1:f6:7c:81:75:50:4d:04:a0:d0:5b:52:
         52:84:4a:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NR28DfCiTn3wO773CGqYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3Y2VhYTYyNmNiZDg5MDUyZjM1NDUzMzVkZmRiMzFhMTMz
ODMwMDQwHhcNMjYwMTAxMDYxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdjNzAxYTVjZGYzMDIyYzg4ODNhN2M1NmZkOGU3NzFiMWMxYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA94EfqslDgtUIJmd/MnUWb44hJocu
w1S8QEwanGRaZKC2ipkvkPwQ4FpTodXm1wE5JcxYF/KGtDKb/99TCVV+nXoUL0hJ
qOQH8z9K2TnbQlhB4TDXAuARVAzw5mxkkktjRcsYQ9aOTpEfQlV4xVzqWpvfC2MQ
54tUqMuqV6KAfgC+GT/JuLC+DVOk+pNhChjVCpFI7taJx/miap0NKXqFgCW9/huJ
AFyWaa9uyjcUXI0UabPSYDOHsaUrj7XzBojOsh0s0dUNcBEjfLHTE9t2gggWAJuO
0cSxljfaUZARcwzEexPn1lj007YnsBYPxIbo1ekjwLgSofK3MJhga6zyRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx8cBpc3zAiyIg6fFb9jncbHBrKMB8GA1UdIwQY
MBaAFDfOqmJsvYkFLzVFM139sxoTODAEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjg2cVlteTlpUVV2TlVVelhmMnpHaE00TUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9hZDg5OTQtNTFmMS00YjY1LWFjYTAt
ZTE1YThiNzBlOGQyLzEvZkh4d0dsemZNQ0xJaURwOFZ2Mk9keHNjR3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9hZDg5OTQtNTFmMS00YjY1LWFjYTAtZTE1YThiNzBlOGQy
LzEvTjg2cVlteTlpUVV2TlVVelhmMnpHaE00TUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkyPMA0G
CSqGSIb3DQEBCwUAA4IBAQB9XggX0jJ6CnVQxKnmPZATsi6nEt0nHfGomEs+/mMF
fN414MwQ3iqqYIb5Xlj7Fxp+ZXAZYax0Uu6kmeZv+NvAxsaMqXmgm5A4VmW3c4lO
vwT6MZRWE9t9PJQ0ezJR9sqacGhOsOjmJD/2PZI17XlAdtkpplr7xYewizsCWmxF
W0Tam8vX+MJWPQ/hfzBKnLBh+i1ziMSyRhdC2IE7RhtpyxKft+V1sD1cZfl74dAg
K3THvONjgv8c5a6KHQY8w8ihkg/tFeBeNu4ve6CUfuD3BC2OLM8hS2ajr5jRGZk2
nFBgcp/MlDglFnC+k/eZY5XR9nyBdVBNBKDQW1JShErN
-----END CERTIFICATE-----