This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/IkrlVjIBIVx5J9vbaylHLa_tgfM.roa
File:                     IkrlVjIBIVx5J9vbaylHLa_tgfM.roa (raw, json)
Hash identifier:          V3uMqSa5WshlPBOs9YrJkuRAc1fggP1aMeBrmefuIRI=
Subject key identifier:   22:4A:E5:56:32:01:21:5C:79:27:DB:DB:6B:29:47:2D:AF:ED:81:F3
Certificate issuer:       /CN=12d72718d155ac0e7d327f6384a2e4c95416d760
Certificate serial:       019B797DD6E0561CB2F9A8A57E188293ADE8
Authority key identifier: 12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/IkrlVjIBIVx5J9vbaylHLa_tgfM.roa
Signing time:             Thu 01 Jan 2026 12:17:28 +0000
ROA not before:           Thu 01 Jan 2026 12:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51088
IP address blocks:        192.166.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:d6:e0:56:1c:b2:f9:a8:a5:7e:18:82:93:ad:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12d72718d155ac0e7d327f6384a2e4c95416d760
        Validity
            Not Before: Jan  1 12:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=224ae5563201215c7927dbdb6b29472dafed81f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e5:5e:6f:f0:ee:96:62:63:42:82:97:4a:b8:
                    71:fb:e6:7d:7a:c4:0b:ba:6d:fc:5d:b1:46:8f:21:
                    ea:4e:13:2a:b4:d4:76:80:02:16:9b:b9:45:d3:fa:
                    6a:55:56:ea:d2:aa:93:ad:df:c5:13:38:a3:3f:6a:
                    c8:bb:1e:0d:31:cf:e1:4c:f0:a4:b8:4a:b0:2c:e6:
                    6e:5a:ed:b6:99:90:b7:87:ba:6a:ee:17:43:c8:6b:
                    1d:03:99:7b:01:a0:19:4f:f0:3c:d4:a2:89:34:8e:
                    c3:da:df:88:9f:3c:9e:f4:ff:48:cd:49:80:fd:39:
                    64:86:99:59:b3:1d:8a:04:d7:b0:f3:5f:0b:27:97:
                    89:ec:ef:4c:c0:51:4a:57:9e:35:7d:5c:9e:b4:dd:
                    68:d3:20:5b:fa:bd:6b:b0:37:1c:93:fe:8c:a4:6c:
                    95:65:e0:71:6a:a9:39:b6:ef:03:e7:bc:a2:b5:56:
                    e8:97:dc:fc:90:5e:cd:c2:e7:68:95:de:e4:34:c2:
                    76:a9:6b:a2:b2:06:5f:f1:5a:d8:8a:ae:f1:0b:0a:
                    ef:70:01:f6:7e:a6:7a:f9:06:9f:65:0b:77:cb:a9:
                    53:a1:51:e3:d6:27:ec:0a:72:41:3d:ca:9e:04:f8:
                    1c:b9:95:fc:39:aa:b6:68:04:dd:7e:ab:fb:08:3a:
                    ad:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4A:E5:56:32:01:21:5C:79:27:DB:DB:6B:29:47:2D:AF:ED:81:F3
            X509v3 Authority Key Identifier:
                keyid:12:D7:27:18:D1:55:AC:0E:7D:32:7F:63:84:A2:E4:C9:54:16:D7:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EtcnGNFVrA59Mn9jhKLkyVQW12A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/IkrlVjIBIVx5J9vbaylHLa_tgfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/74f5b2-c7e2-4a7e-b6c4-58765f193fec/1/EtcnGNFVrA59Mn9jhKLkyVQW12A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:78:28:67:3c:23:f4:e2:de:36:49:34:2b:d5:b6:fe:0d:28:
         19:c3:f0:ab:80:22:68:6f:ea:c4:e3:90:de:f6:9f:da:a1:10:
         14:5d:9c:50:41:73:c2:03:20:1d:ee:2c:5f:be:c2:b3:ab:9b:
         7a:df:6c:bf:70:2a:9a:63:55:48:28:03:c4:40:d5:de:92:74:
         01:13:01:17:2a:d3:97:4f:90:62:57:1c:2f:4d:82:a1:4f:88:
         4c:3c:48:ef:11:87:14:9a:d5:9c:4c:dd:19:cd:fc:a9:5c:51:
         15:ae:58:f5:25:54:f2:dd:bf:db:fc:94:3e:94:28:f9:42:5c:
         3f:e6:0a:de:b7:6a:f3:37:b1:27:7c:c0:8b:d1:3a:0a:23:d8:
         4c:96:42:01:08:34:ca:f9:c8:df:bc:8b:7c:b5:94:fb:67:a3:
         06:d6:b6:63:4f:a2:63:0a:41:7f:54:58:9d:07:a6:cd:7f:ad:
         d5:02:e2:ce:bf:0e:00:de:42:c3:08:5f:9d:8e:9d:e7:09:e5:
         6d:5b:21:c4:8d:61:98:82:98:41:15:21:eb:69:fc:7d:ce:ad:
         44:44:f7:95:83:73:ef:7b:d5:9c:5d:06:41:69:3d:0a:ab:f4:
         c2:d3:18:62:c3:ae:5e:70:f6:77:ff:00:e5:75:0c:da:d8:91:
         10:68:8b:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fdbgVhyy+ailfhiCk63oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZDcyNzE4ZDE1NWFjMGU3ZDMyN2Y2Mzg0YTJlNGM5NTQx
NmQ3NjAwHhcNMjYwMTAxMTIxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRhZTU1NjMyMDEyMTVjNzkyN2RiZGI2YjI5NDcyZGFmZWQ4MWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquVeb/DulmJjQoKXSrhx++Z9esQL
um38XbFGjyHqThMqtNR2gAIWm7lF0/pqVVbq0qqTrd/FEzijP2rIux4NMc/hTPCk
uEqwLOZuWu22mZC3h7pq7hdDyGsdA5l7AaAZT/A81KKJNI7D2t+Inzye9P9IzUmA
/TlkhplZsx2KBNew818LJ5eJ7O9MwFFKV541fVyetN1o0yBb+r1rsDcck/6MpGyV
ZeBxaqk5tu8D57yitVbol9z8kF7Nwudold7kNMJ2qWuisgZf8VrYiq7xCwrvcAH2
fqZ6+QafZQt3y6lToVHj1ifsCnJBPcqeBPgcuZX8Oaq2aATdfqv7CDqtSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJK5VYyASFceSfb22spRy2v7YHzMB8GA1UdIwQY
MBaAFBLXJxjRVawOfTJ/Y4Si5MlUFtdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQt
NTg3NjVmMTkzZmVjLzEvSWtybFZqSUJJVng1Sjl2YmF5bEhMYV90Z2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NGY1YjItYzdlMi00YTdlLWI2YzQtNTg3NjVmMTkzZmVj
LzEvRXRjbkdORlZyQTU5TW45amhLTGt5VlFXMTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKZgMA0G
CSqGSIb3DQEBCwUAA4IBAQBseChnPCP04t42STQr1bb+DSgZw/CrgCJob+rE45De
9p/aoRAUXZxQQXPCAyAd7ixfvsKzq5t632y/cCqaY1VIKAPEQNXeknQBEwEXKtOX
T5BiVxwvTYKhT4hMPEjvEYcUmtWcTN0ZzfypXFEVrlj1JVTy3b/b/JQ+lCj5Qlw/
5gret2rzN7EnfMCL0ToKI9hMlkIBCDTK+cjfvIt8tZT7Z6MG1rZjT6JjCkF/VFid
B6bNf63VAuLOvw4A3kLDCF+djp3nCeVtWyHEjWGYgphBFSHrafx9zq1ERPeVg3Pv
e9WcXQZBaT0Kq/TC0xhiw65ecPZ3/wDldQza2JEQaIuN
-----END CERTIFICATE-----