This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/z1vIHaPgOEf1CFFXxVhQ7UIS68w.roa
File:                     z1vIHaPgOEf1CFFXxVhQ7UIS68w.roa (raw, json)
Hash identifier:          rFdz4/+higPiFTrvJsOTs2dDOqXP1ja44+BB/HAKISI=
Subject key identifier:   CF:5B:C8:1D:A3:E0:38:47:F5:08:51:57:C5:58:50:ED:42:12:EB:CC
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       019B7C129D213C661F64D66F0DC5752582EA
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/z1vIHaPgOEf1CFFXxVhQ7UIS68w.roa
Signing time:             Fri 02 Jan 2026 00:19:13 +0000
ROA not before:           Fri 02 Jan 2026 00:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15995
IP address blocks:        194.176.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:9d:21:3c:66:1f:64:d6:6f:0d:c5:75:25:82:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf5bc81da3e03847f5085157c55850ed4212ebcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:39:c3:5e:e3:ad:cd:2f:ae:82:71:b9:cd:79:
                    b0:aa:9d:f4:8b:5e:eb:0f:e5:29:06:d4:9c:81:3d:
                    d1:3d:b1:a2:d3:a3:1d:09:f5:26:79:e6:da:73:f1:
                    b7:f3:b5:eb:c7:6d:5f:f6:25:5c:85:e1:79:6d:1a:
                    fa:e6:39:c2:ce:a4:db:55:a5:3d:3c:2f:f3:80:95:
                    af:e8:3a:4f:32:27:ac:1f:33:cc:5e:39:a3:1e:43:
                    f4:15:cf:d3:a2:74:6f:e4:a9:f7:7e:fd:ce:7c:35:
                    c6:bc:b9:33:79:2a:e0:81:3f:f1:9a:a8:e7:20:82:
                    8b:6a:7c:f4:fe:51:74:7e:1b:71:c7:ad:f0:50:28:
                    b3:68:d3:35:93:45:78:a4:91:55:f7:4a:83:52:a0:
                    b6:d2:1f:9f:55:02:e6:03:d3:95:3a:3f:d2:60:03:
                    ab:43:64:04:eb:9c:b9:94:15:aa:ef:3c:f2:bc:4e:
                    a7:bc:31:b2:d7:b6:c9:2c:e9:ff:1e:03:a8:c6:78:
                    07:6b:83:94:b9:73:82:42:1a:36:de:86:84:cc:77:
                    7c:97:4a:bf:e8:1d:be:82:f1:8a:21:00:eb:a2:1a:
                    17:90:3f:bf:e8:ac:f0:0f:6f:40:52:c6:62:65:da:
                    02:77:ee:72:fb:56:ca:79:5a:98:7f:26:a0:c9:e8:
                    d7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5B:C8:1D:A3:E0:38:47:F5:08:51:57:C5:58:50:ED:42:12:EB:CC
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/z1vIHaPgOEf1CFFXxVhQ7UIS68w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ce:03:95:3a:4a:8c:20:d2:97:0b:11:27:88:41:49:07:62:
         d0:c0:06:22:3c:a1:be:81:ff:ce:6e:18:39:7f:c1:e5:31:a8:
         5b:1b:78:ea:c8:fa:73:fb:74:0b:a1:70:0a:12:07:c4:1e:8b:
         1d:e3:61:af:42:b6:d4:1b:cd:dd:b7:4e:4b:04:d6:43:3c:db:
         a9:59:70:7d:b2:9f:a7:55:d7:58:4a:09:eb:2c:34:be:9e:fe:
         73:5b:73:58:50:08:7f:7d:ae:2e:a5:bb:f0:a2:e6:63:00:06:
         64:cc:a3:70:39:7c:4b:9a:d9:52:1d:7c:55:b0:3e:d6:e4:10:
         d4:84:6d:0e:a0:86:df:a4:9d:55:27:32:c9:95:b3:eb:01:93:
         ee:b5:49:50:4e:c0:51:7f:8f:58:8d:a4:84:cd:e9:d7:09:a9:
         c5:a2:b4:cf:c0:1d:00:4e:de:43:fa:13:f4:79:71:c9:2e:5c:
         4f:a6:cd:0c:f2:db:89:f3:d2:4c:fb:28:90:01:45:c1:39:d5:
         a5:18:8d:0f:51:14:58:5a:74:75:53:ac:94:23:3e:ff:3a:fe:
         83:c9:ab:49:ea:ca:b4:1c:21:e6:41:87:95:b1:26:0c:dd:b2:
         2a:04:11:6e:4d:65:23:d7:3e:4b:e3:c6:be:79:d8:dd:6d:08:
         1f:ed:e5:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8Ep0hPGYfZNZvDcV1JYLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjYwMTAyMDAxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjViYzgxZGEzZTAzODQ3ZjUwODUxNTdjNTU4NTBlZDQyMTJlYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqznDXuOtzS+ugnG5zXmwqp30i17r
D+UpBtScgT3RPbGi06MdCfUmeebac/G387Xrx21f9iVcheF5bRr65jnCzqTbVaU9
PC/zgJWv6DpPMiesHzPMXjmjHkP0Fc/TonRv5Kn3fv3OfDXGvLkzeSrggT/xmqjn
IIKLanz0/lF0fhtxx63wUCizaNM1k0V4pJFV90qDUqC20h+fVQLmA9OVOj/SYAOr
Q2QE65y5lBWq7zzyvE6nvDGy17bJLOn/HgOoxngHa4OUuXOCQho23oaEzHd8l0q/
6B2+gvGKIQDrohoXkD+/6KzwD29AUsZiZdoCd+5y+1bKeVqYfyagyejXYwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM9byB2j4DhH9QhRV8VYUO1CEuvMMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL3oxdklIYVBnT0VmMUNGRlh4VmhRN1VJUzY4dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCsDow
DQYJKoZIhvcNAQELBQADggEBAB7OA5U6Sowg0pcLESeIQUkHYtDABiI8ob6B/85u
GDl/weUxqFsbeOrI+nP7dAuhcAoSB8Qeix3jYa9CttQbzd23TksE1kM826lZcH2y
n6dV11hKCessNL6e/nNbc1hQCH99ri6lu/Ci5mMABmTMo3A5fEua2VIdfFWwPtbk
ENSEbQ6ght+knVUnMsmVs+sBk+61SVBOwFF/j1iNpITN6dcJqcWitM/AHQBO3kP6
E/R5cckuXE+mzQzy24nz0kz7KJABRcE51aUYjQ9RFFhadHVTrJQjPv86/oPJq0nq
yrQcIeZBh5WxJgzdsioEEW5NZSPXPkvjxr552N1tCB/t5ek=
-----END CERTIFICATE-----