This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/i6fOq96bqbS3jPaRJawyTtILyjg.roa
File:                     i6fOq96bqbS3jPaRJawyTtILyjg.roa (raw, json)
Hash identifier:          YGTUBvTLKywCZ3FlZpKe1HeDwjtAUL7UO7hmGC7b05s=
Subject key identifier:   8B:A7:CE:AB:DE:9B:A9:B4:B7:8C:F6:91:25:AC:32:4E:D2:0B:CA:38
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F8490AA25790F6438FF7EEC50F1BFE1
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/i6fOq96bqbS3jPaRJawyTtILyjg.roa
Signing time:             Fri 02 Jan 2026 16:22:32 +0000
ROA not before:           Fri 02 Jan 2026 16:22:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20536
IP address blocks:        146.158.74.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:90:aa:25:79:0f:64:38:ff:7e:ec:50:f1:bf:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ba7ceabde9ba9b4b78cf69125ac324ed20bca38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:86:e5:9a:4f:f0:70:b7:86:08:be:00:a1:19:
                    16:5f:2a:9d:b7:39:2c:49:c2:37:de:4a:60:67:0c:
                    95:a9:f2:6c:8c:fe:8c:6d:b4:63:34:28:00:11:fa:
                    16:10:ac:48:46:09:33:61:51:02:4a:70:f9:26:55:
                    10:b4:8e:e1:03:d6:06:3d:44:73:94:78:a0:02:54:
                    b0:50:d9:d8:fe:6d:6f:99:f3:04:9b:0a:19:f3:aa:
                    fd:36:ff:c0:4d:9b:7a:f3:81:4d:65:f6:ca:d8:27:
                    08:74:cd:8e:20:7b:c8:30:cd:35:60:5f:d4:ed:f9:
                    73:9f:f6:e2:a5:e4:6c:43:0c:80:bb:4d:8b:23:f8:
                    64:c0:93:ab:c5:f8:51:51:b6:5c:fd:ad:a1:e0:c6:
                    68:73:60:3f:58:71:82:42:0c:cc:0c:a7:e0:ac:99:
                    69:aa:2b:d9:68:c5:29:45:43:0b:63:fd:ae:6f:f4:
                    1e:9b:00:e2:9d:b3:b2:d1:86:87:20:6a:12:18:4e:
                    8b:62:25:c1:70:83:1c:3e:d5:dd:8a:56:55:31:52:
                    e7:80:ee:e3:92:c9:af:51:8b:dd:8c:35:2d:ca:25:
                    ef:ff:bc:d1:ea:e9:a4:60:0a:e8:5c:d0:85:c8:20:
                    71:b4:57:b4:98:85:62:00:70:04:0d:8d:3c:32:24:
                    9d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A7:CE:AB:DE:9B:A9:B4:B7:8C:F6:91:25:AC:32:4E:D2:0B:CA:38
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/i6fOq96bqbS3jPaRJawyTtILyjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:8d:6f:b0:e4:ac:c6:e2:f6:ec:a8:02:a7:1c:0a:4f:5e:70:
         0a:d2:dd:36:63:c1:9f:12:71:66:ea:ea:27:83:37:3a:2d:97:
         11:5d:40:eb:2c:fa:5f:e0:f7:e2:2e:2c:31:84:f0:2f:d4:86:
         7f:d3:5e:60:cb:fc:15:7e:05:1b:3b:5b:27:a8:f4:99:33:bf:
         77:1f:08:8e:be:7a:98:6d:9f:85:8c:ca:be:21:5e:1c:bc:76:
         59:9b:6e:95:34:75:93:ae:44:ca:c1:26:01:76:7a:68:1e:74:
         80:01:df:c7:29:86:a7:73:71:6a:21:36:5d:46:50:09:a7:bb:
         8a:12:84:ab:c3:95:6e:ee:04:dd:e1:b5:c1:46:d0:fc:e2:15:
         6e:0e:50:0d:94:77:6b:13:ce:20:56:7b:8f:0e:9d:8a:5d:c1:
         50:66:e0:51:90:77:82:61:a3:e5:dc:e6:14:50:e5:4d:ef:49:
         26:1e:60:02:55:c5:34:31:60:33:f6:20:3b:1a:57:4e:a4:8e:
         c2:8a:38:67:3e:42:f7:7c:44:6d:12:08:ef:90:51:28:78:00:
         37:8b:3e:51:2a:02:3c:ab:0f:32:a8:e0:2e:5b:2c:79:32:49:
         c9:36:26:50:c1:0e:9a:95:84:63:cf:bc:6f:4a:1a:2d:97:88:
         8c:0e:14:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hJCqJXkPZDj/fuxQ8b/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE3Y2VhYmRlOWJhOWI0Yjc4Y2Y2OTEyNWFjMzI0ZWQyMGJjYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Iblmk/wcLeGCL4AoRkWXyqdtzks
ScI33kpgZwyVqfJsjP6MbbRjNCgAEfoWEKxIRgkzYVECSnD5JlUQtI7hA9YGPURz
lHigAlSwUNnY/m1vmfMEmwoZ86r9Nv/ATZt684FNZfbK2CcIdM2OIHvIMM01YF/U
7flzn/bipeRsQwyAu02LI/hkwJOrxfhRUbZc/a2h4MZoc2A/WHGCQgzMDKfgrJlp
qivZaMUpRUMLY/2ub/QemwDinbOy0YaHIGoSGE6LYiXBcIMcPtXdilZVMVLngO7j
ksmvUYvdjDUtyiXv/7zR6umkYAroXNCFyCBxtFe0mIViAHAEDY08MiSd7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIunzqvem6m0t4z2kSWsMk7SC8o4MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvaTZmT3E5NmJxYlMzalBhUkphd3lUdElMeWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkp5KMA0G
CSqGSIb3DQEBCwUAA4IBAQAqjW+w5KzG4vbsqAKnHApPXnAK0t02Y8GfEnFm6uon
gzc6LZcRXUDrLPpf4PfiLiwxhPAv1IZ/015gy/wVfgUbO1snqPSZM793HwiOvnqY
bZ+FjMq+IV4cvHZZm26VNHWTrkTKwSYBdnpoHnSAAd/HKYanc3FqITZdRlAJp7uK
EoSrw5Vu7gTd4bXBRtD84hVuDlANlHdrE84gVnuPDp2KXcFQZuBRkHeCYaPl3OYU
UOVN70kmHmACVcU0MWAz9iA7GldOpI7CijhnPkL3fERtEgjvkFEoeAA3iz5RKgI8
qw8yqOAuWyx5MknJNiZQwQ6alYRjz7xvShotl4iMDhTY
-----END CERTIFICATE-----