This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/saGe65xuOQseP3c8kU3JX4FXHXE.roa
File:                     saGe65xuOQseP3c8kU3JX4FXHXE.roa (raw, json)
Hash identifier:          /UkorSrGGemFtdnd/VIVCcjbVQGt7/xFaIltioMhlUw=
Subject key identifier:   B1:A1:9E:EB:9C:6E:39:0B:1E:3F:77:3C:91:4D:C9:5F:81:57:1D:71
Certificate issuer:       /CN=6c4e7eafe2ffaa90cae9476803034db6da7c1219
Certificate serial:       019B7CED3C619636C61F35FB232039F51FA8
Authority key identifier: 6C:4E:7E:AF:E2:FF:AA:90:CA:E9:47:68:03:03:4D:B6:DA:7C:12:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/saGe65xuOQseP3c8kU3JX4FXHXE.roa
Signing time:             Fri 02 Jan 2026 04:18:00 +0000
ROA not before:           Fri 02 Jan 2026 04:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21013
IP address blocks:        194.242.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:3c:61:96:36:c6:1f:35:fb:23:20:39:f5:1f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c4e7eafe2ffaa90cae9476803034db6da7c1219
        Validity
            Not Before: Jan  2 04:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1a19eeb9c6e390b1e3f773c914dc95f81571d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:2e:26:30:c8:7f:2f:8a:e0:3c:e6:77:36:27:
                    91:a1:1e:83:80:64:7b:81:5b:22:a5:8a:35:8e:8a:
                    3b:c4:6e:15:42:97:ee:4a:e0:a3:5f:6a:6b:13:25:
                    0d:09:75:e0:48:f7:54:e0:5c:1d:ac:7f:38:20:c2:
                    c9:0f:ec:9b:74:35:ff:95:f8:2a:cb:45:fe:fe:80:
                    85:58:f2:55:8e:3f:94:f2:96:76:fe:e1:b4:62:83:
                    d9:5f:49:eb:65:e5:0c:68:33:53:2f:03:ee:ce:e1:
                    1e:58:af:d0:c4:60:dc:44:23:73:e9:b0:af:6c:fc:
                    8c:1a:fd:17:23:05:01:ca:86:10:f0:8d:89:01:46:
                    9d:26:78:b8:70:3f:ef:db:99:d4:cb:da:b2:4f:32:
                    98:86:0e:f7:f8:69:7c:54:66:53:ae:9b:80:57:22:
                    51:f2:e7:71:d4:66:27:2c:54:f3:02:09:17:7a:55:
                    a7:bd:af:41:97:0a:59:f9:88:ec:c2:80:0d:29:e1:
                    b4:fe:8e:b1:df:5a:4f:37:c6:5d:49:9e:cc:ae:7f:
                    d5:81:ad:45:a7:8a:f2:f3:89:f4:d0:64:5b:1b:a1:
                    94:1d:c2:15:2e:a2:71:64:5c:77:36:d8:b7:94:5c:
                    3b:2d:70:e1:6e:33:c0:f9:af:74:17:67:fb:f3:2c:
                    03:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A1:9E:EB:9C:6E:39:0B:1E:3F:77:3C:91:4D:C9:5F:81:57:1D:71
            X509v3 Authority Key Identifier:
                keyid:6C:4E:7E:AF:E2:FF:AA:90:CA:E9:47:68:03:03:4D:B6:DA:7C:12:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/saGe65xuOQseP3c8kU3JX4FXHXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:64:64:ec:71:3b:69:c8:4a:fb:71:a8:8f:1c:1d:3f:a5:ae:
         62:2c:3b:50:da:d7:14:76:b4:72:35:f9:04:80:87:03:0a:d7:
         fd:7c:30:fd:aa:dc:2c:9a:37:66:5f:8d:f4:db:e8:20:4f:89:
         5f:6a:e5:3e:97:37:da:13:e9:90:e5:26:ae:79:44:b4:57:60:
         86:bd:21:fa:47:91:d3:77:16:91:38:7d:e0:3a:08:6f:7f:c0:
         61:bb:76:5e:1e:58:f1:9d:2d:29:8a:b9:0d:d1:6e:36:d9:33:
         c3:f3:75:15:a0:52:f8:a2:dc:9f:1b:f4:26:ff:03:7c:16:dd:
         15:77:6e:58:0f:90:26:ab:c2:21:40:94:8b:fb:d5:ce:2e:92:
         c8:89:30:8c:e7:e1:b2:aa:ca:15:19:0f:ed:67:99:73:a1:e1:
         99:36:3c:c5:76:74:ca:45:ef:ec:9d:09:1a:67:75:63:28:82:
         33:66:c5:26:73:80:54:a8:ea:2c:f3:b0:77:cf:bf:73:a0:36:
         f4:38:39:84:e5:36:91:09:76:66:58:82:26:6e:20:d4:ff:f0:
         79:c4:cc:cd:47:64:99:88:e8:1d:d9:74:00:e9:f8:10:28:89:
         a5:69:6d:d8:fc:af:ff:18:68:d3:39:32:92:ae:37:ba:c3:4c:
         0a:95:a0:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87TxhljbGHzX7IyA59R+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNGU3ZWFmZTJmZmFhOTBjYWU5NDc2ODAzMDM0ZGI2ZGE3
YzEyMTkwHhcNMjYwMTAyMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWExOWVlYjljNmUzOTBiMWUzZjc3M2M5MTRkYzk1ZjgxNTcxZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8S4mMMh/L4rgPOZ3NieRoR6DgGR7
gVsipYo1joo7xG4VQpfuSuCjX2prEyUNCXXgSPdU4FwdrH84IMLJD+ybdDX/lfgq
y0X+/oCFWPJVjj+U8pZ2/uG0YoPZX0nrZeUMaDNTLwPuzuEeWK/QxGDcRCNz6bCv
bPyMGv0XIwUByoYQ8I2JAUadJni4cD/v25nUy9qyTzKYhg73+Gl8VGZTrpuAVyJR
8udx1GYnLFTzAgkXelWnva9BlwpZ+YjswoANKeG0/o6x31pPN8ZdSZ7Mrn/Vga1F
p4ry84n00GRbG6GUHcIVLqJxZFx3Nti3lFw7LXDhbjPA+a90F2f78ywDowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGhnuucbjkLHj93PJFNyV+BVx1xMB8GA1UdIwQY
MBaAFGxOfq/i/6qQyulHaAMDTbbafBIZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkU1LXItTF9xcERLNlVkb0F3Tk50dHA4RWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zZGVhZTQtNzIwZC00ZWFlLWIzZDkt
YjIxZGQzZjY4YWJhLzEvc2FHZTY1eHVPUXNlUDNjOGtVM0pYNEZYSFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zZGVhZTQtNzIwZC00ZWFlLWIzZDktYjIxZGQzZjY4YWJh
LzEvYkU1LXItTF9xcERLNlVkb0F3Tk50dHA4RWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvIjMA0G
CSqGSIb3DQEBCwUAA4IBAQDaZGTscTtpyEr7caiPHB0/pa5iLDtQ2tcUdrRyNfkE
gIcDCtf9fDD9qtwsmjdmX4302+ggT4lfauU+lzfaE+mQ5SaueUS0V2CGvSH6R5HT
dxaROH3gOghvf8Bhu3ZeHljxnS0pirkN0W422TPD83UVoFL4otyfG/Qm/wN8Ft0V
d25YD5Amq8IhQJSL+9XOLpLIiTCM5+GyqsoVGQ/tZ5lzoeGZNjzFdnTKRe/snQka
Z3VjKIIzZsUmc4BUqOos87B3z79zoDb0ODmE5TaRCXZmWIImbiDU//B5xMzNR2SZ
iOgd2XQA6fgQKImlaW3Y/K//GGjTOTKSrje6w0wKlaDM
-----END CERTIFICATE-----