This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/aoX3qgSrCGpVmGI2-sNdQlbBEmo.roa
File:                     aoX3qgSrCGpVmGI2-sNdQlbBEmo.roa (raw, json)
Hash identifier:          fUASGNwLnomXxmckWPpEyeY/fBQ9vTiFVyQieAo28z4=
Subject key identifier:   6A:85:F7:AA:04:AB:08:6A:55:98:62:36:FA:C3:5D:42:56:C1:12:6A
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       019B7A5B91A779D47D202CC755E6696CBF01
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/aoX3qgSrCGpVmGI2-sNdQlbBEmo.roa
Signing time:             Thu 01 Jan 2026 16:19:39 +0000
ROA not before:           Thu 01 Jan 2026 16:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208057
IP address blocks:        213.191.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:91:a7:79:d4:7d:20:2c:c7:55:e6:69:6c:bf:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jan  1 16:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a85f7aa04ab086a55986236fac35d4256c1126a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d0:37:33:ed:22:18:69:05:63:78:43:e8:02:
                    17:17:c9:fd:94:58:35:cd:e9:62:a7:4e:be:20:0e:
                    e4:35:12:44:6e:92:25:66:a7:be:d8:bf:9e:c3:85:
                    6d:08:8d:ab:d3:a4:1b:01:fc:b7:0e:83:88:2a:d2:
                    50:ec:f6:bd:73:8e:a4:a5:ee:5f:00:70:05:f1:9a:
                    ac:a7:36:06:3e:81:62:ea:42:e4:17:5b:02:75:58:
                    76:9e:46:da:5e:80:a2:01:06:67:5c:15:b0:fe:82:
                    c9:62:04:75:fa:60:ec:31:43:fb:a9:7a:f6:9a:6d:
                    a0:fe:d8:24:ac:38:ab:9c:c4:73:00:88:46:8b:9d:
                    e5:07:f3:f9:7f:c7:af:a1:12:5f:9f:59:a3:48:31:
                    86:a5:f8:64:60:42:03:40:0e:da:8f:f2:e6:73:4c:
                    59:e8:75:2c:0b:19:95:17:60:bc:ba:06:0a:3e:04:
                    8a:47:f2:61:d4:d3:8b:1a:d8:a6:3c:12:1d:c6:01:
                    c6:91:c7:b1:23:5e:40:1b:88:d4:da:7f:68:30:05:
                    11:c1:14:a9:42:86:d3:d6:74:41:07:70:58:60:5e:
                    ff:3c:14:ce:19:d6:57:cd:7d:87:e1:14:a3:a5:48:
                    f9:f6:e6:67:69:7c:4c:22:ae:e5:c7:00:e6:d0:29:
                    55:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:85:F7:AA:04:AB:08:6A:55:98:62:36:FA:C3:5D:42:56:C1:12:6A
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/aoX3qgSrCGpVmGI2-sNdQlbBEmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.191.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:20:50:2c:16:79:f2:47:06:a8:69:af:37:e5:4a:66:9b:b4:
         0f:da:be:e9:9f:b8:9d:1a:24:b5:2f:9a:1a:22:7c:59:f1:92:
         f3:09:f2:d4:7b:f9:96:79:b2:4d:52:87:71:b4:1f:c4:c7:b5:
         7c:45:f8:50:ee:50:d6:54:9c:1b:c4:35:83:39:ed:68:a2:e4:
         8e:40:29:2b:d3:b4:9a:eb:34:bb:2e:ff:4a:a5:76:85:f4:9f:
         7c:af:d6:48:b2:5b:5c:9e:d0:a0:79:71:78:f7:d8:93:23:b8:
         0f:8b:f9:da:a3:e2:ff:c9:e9:33:56:ff:e4:cb:84:f9:b7:f0:
         1a:db:75:6d:31:0e:2c:df:4e:41:7d:fb:07:47:a2:68:e1:73:
         41:f0:32:60:9d:6c:f3:1b:b2:f4:78:93:71:98:29:23:38:5b:
         57:2f:c2:f0:b8:68:ec:bd:ce:58:91:76:e0:61:5f:a8:1e:23:
         f8:84:a3:e0:c0:91:26:a1:6f:91:7c:4e:84:63:81:0e:26:78:
         0e:19:1e:28:a6:c9:0d:81:f1:8a:f2:90:27:8d:c2:27:44:0b:
         ed:bb:95:a6:1d:2d:87:45:64:93:25:3d:a4:d0:8a:14:24:b6:
         e1:1f:c9:33:ca:f1:5c:2c:42:61:c9:7c:0c:06:bb:f7:73:42:
         1f:e9:73:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W5GnedR9ICzHVeZpbL8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjYwMTAxMTYxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTg1ZjdhYTA0YWIwODZhNTU5ODYyMzZmYWMzNWQ0MjU2YzExMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNA3M+0iGGkFY3hD6AIXF8n9lFg1
zelip06+IA7kNRJEbpIlZqe+2L+ew4VtCI2r06QbAfy3DoOIKtJQ7Pa9c46kpe5f
AHAF8ZqspzYGPoFi6kLkF1sCdVh2nkbaXoCiAQZnXBWw/oLJYgR1+mDsMUP7qXr2
mm2g/tgkrDirnMRzAIhGi53lB/P5f8evoRJfn1mjSDGGpfhkYEIDQA7aj/Lmc0xZ
6HUsCxmVF2C8ugYKPgSKR/Jh1NOLGtimPBIdxgHGkcexI15AG4jU2n9oMAURwRSp
QobT1nRBB3BYYF7/PBTOGdZXzX2H4RSjpUj59uZnaXxMIq7lxwDm0ClVKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqF96oEqwhqVZhiNvrDXUJWwRJqMB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvYW9YM3FnU3JDR3BWbUdJMi1zTmRRbGJCRW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b+MMA0G
CSqGSIb3DQEBCwUAA4IBAQBfIFAsFnnyRwaoaa835Upmm7QP2r7pn7idGiS1L5oa
InxZ8ZLzCfLUe/mWebJNUodxtB/Ex7V8RfhQ7lDWVJwbxDWDOe1oouSOQCkr07Sa
6zS7Lv9KpXaF9J98r9ZIsltcntCgeXF499iTI7gPi/nao+L/yekzVv/ky4T5t/Aa
23VtMQ4s305BffsHR6Jo4XNB8DJgnWzzG7L0eJNxmCkjOFtXL8LwuGjsvc5YkXbg
YV+oHiP4hKPgwJEmoW+RfE6EY4EOJngOGR4opskNgfGK8pAnjcInRAvtu5WmHS2H
RWSTJT2k0IoUJLbhH8kzyvFcLEJhyXwMBrv3c0If6XOX
-----END CERTIFICATE-----