This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/1-rh3SVK_l4oC_Y7ih51PfkV69KE.roa
File:                     1-rh3SVK_l4oC_Y7ih51PfkV69KE.roa (raw, json)
Hash identifier:          NJ7OHlFB+x8OrDZE2G7eqZGbDxSKcSz5o8ZkkHAui3k=
Subject key identifier:   FA:B8:77:49:52:BF:97:8A:02:FD:8E:E2:87:9D:4F:7E:45:7A:F4:A1
Certificate issuer:       /CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Certificate serial:       019B79ED17EF784BE994AFEFE978E4BFDA04
Authority key identifier: 5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/1-rh3SVK_l4oC_Y7ih51PfkV69KE.roa
Signing time:             Thu 01 Jan 2026 14:18:59 +0000
ROA not before:           Thu 01 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9031
IP address blocks:        94.105.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:17:ef:78:4b:e9:94:af:ef:e9:78:e4:bf:da:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
        Validity
            Not Before: Jan  1 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fab8774952bf978a02fd8ee2879d4f7e457af4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fd:ef:1f:da:28:ff:76:fb:98:70:4b:e4:2a:
                    11:41:50:7b:a3:ad:0a:0a:d8:00:34:60:90:67:49:
                    df:36:6a:9f:92:c6:a9:bc:75:b8:05:95:ad:71:76:
                    c2:28:69:a1:08:d3:83:73:b2:7d:c9:17:fd:01:f9:
                    4b:55:d7:86:19:60:62:59:50:38:ef:08:f2:53:51:
                    6f:eb:64:e5:ca:50:31:37:a8:67:b2:25:7b:bb:98:
                    72:77:c1:2b:9b:d6:8e:3d:dc:d8:cb:2a:b9:db:57:
                    b8:87:df:2a:77:20:a0:b6:e6:f8:8e:1c:22:51:7b:
                    db:0e:41:7e:80:ed:34:bf:e0:79:8e:f8:50:63:ca:
                    07:6a:d4:d0:a5:f4:44:41:9d:d9:cf:5c:a5:b1:60:
                    91:ad:d7:37:dd:66:ed:d5:56:6f:77:ff:24:c6:be:
                    76:50:b4:ee:6c:a2:75:fd:d1:06:70:39:8e:a0:52:
                    a5:86:3f:86:78:04:70:01:cf:61:3f:a1:8b:17:6a:
                    b6:6d:bf:56:4f:4c:5e:52:01:c7:c4:a6:3f:48:e8:
                    ef:09:65:ca:c1:d2:a8:b9:55:67:da:61:91:10:3c:
                    77:0c:64:64:8c:78:52:3e:ff:71:f3:f0:ee:f1:f4:
                    c1:03:89:70:2f:40:ba:c8:2e:9a:de:fc:d1:e1:cf:
                    dd:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B8:77:49:52:BF:97:8A:02:FD:8E:E2:87:9D:4F:7E:45:7A:F4:A1
            X509v3 Authority Key Identifier:
                keyid:5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/1-rh3SVK_l4oC_Y7ih51PfkV69KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.105.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         00:05:4e:f9:5a:54:79:24:54:76:3e:36:ac:8c:6e:ae:15:23:
         06:7e:62:5d:2f:25:92:de:cc:af:41:f4:6e:91:b3:07:f4:78:
         2a:4d:b3:1d:a9:ac:35:67:75:6a:e2:cc:e4:ad:1f:6a:52:3e:
         70:72:74:5f:46:b0:ff:5f:d5:e8:39:3a:53:66:17:69:cf:d1:
         c4:70:7a:8d:7d:ed:c4:00:4e:3e:b6:5c:7b:f1:ad:c1:75:bd:
         a4:ff:77:85:db:fb:fb:1c:3f:2b:b5:17:51:6e:c5:dc:6d:57:
         12:22:f5:86:9e:f4:c8:a4:ce:04:a4:f4:da:77:8e:1b:08:58:
         0b:ff:5d:21:7d:c6:a2:13:3d:bc:be:16:58:39:39:61:d4:80:
         c6:7e:7f:67:25:6b:e9:b7:63:7c:c2:4b:0d:d1:a7:ce:6d:79:
         fe:54:0d:6c:5c:8b:61:47:e5:6e:16:ae:87:f2:fd:6b:8f:cb:
         bb:7c:50:38:7d:bf:44:33:83:ee:2f:62:a2:74:8d:ba:af:7d:
         55:e3:8d:4c:b8:09:73:3b:62:d4:ec:a4:21:ed:8e:13:92:1c:
         26:3b:f9:89:69:56:0a:2d:d5:c0:80:e8:4d:c2:b8:12:16:42:
         68:ec:5c:e1:bc:76:ba:87:21:1b:53:e6:e4:aa:b1:97:88:38:
         cf:3c:45:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt57RfveEvplK/v6Xjkv9oEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkM2JiODQ4OTE2NTFmMjAzOWNkODFiMGI2MDkxMmY3YzBl
NWNmOTYwHhcNMjYwMTAxMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWI4Nzc0OTUyYmY5NzhhMDJmZDhlZTI4NzlkNGY3ZTQ1N2FmNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/3vH9oo/3b7mHBL5CoRQVB7o60K
CtgANGCQZ0nfNmqfksapvHW4BZWtcXbCKGmhCNODc7J9yRf9AflLVdeGGWBiWVA4
7wjyU1Fv62TlylAxN6hnsiV7u5hyd8Erm9aOPdzYyyq521e4h98qdyCgtub4jhwi
UXvbDkF+gO00v+B5jvhQY8oHatTQpfREQZ3Zz1ylsWCRrdc33Wbt1VZvd/8kxr52
ULTubKJ1/dEGcDmOoFKlhj+GeARwAc9hP6GLF2q2bb9WT0xeUgHHxKY/SOjvCWXK
wdKouVVn2mGREDx3DGRkjHhSPv9x8/Du8fTBA4lwL0C6yC6a3vzR4c/dnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq4d0lSv5eKAv2O4oedT35FevShMB8GA1UdIwQY
MBaAFF07uEiRZR8gOc2BsLYJEvfA5c+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4Njkt
NGY4YzYzOGE3MmUxLzEvMS1yaDNTVktfbDRvQ19ZN2loNTFQZmtWNjlLRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWEvNTg3ZjdlLTYwY2MtNDFhMC04ODY5LTRmOGM2MzhhNzJl
MS8xL1hUdTRTSkZsSHlBNXpZR3d0Z2tTOThEbHo1WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBV5pYDAN
BgkqhkiG9w0BAQsFAAOCAQEAAAVO+VpUeSRUdj42rIxurhUjBn5iXS8lkt7Mr0H0
bpGzB/R4Kk2zHamsNWd1auLM5K0falI+cHJ0X0aw/1/V6Dk6U2YXac/RxHB6jX3t
xABOPrZce/GtwXW9pP93hdv7+xw/K7UXUW7F3G1XEiL1hp70yKTOBKT02neOGwhY
C/9dIX3GohM9vL4WWDk5YdSAxn5/ZyVr6bdjfMJLDdGnzm15/lQNbFyLYUflbhau
h/L9a4/Lu3xQOH2/RDOD7i9ionSNuq99VeONTLgJczti1OykIe2OE5IcJjv5iWlW
Ci3VwIDoTcK4EhZCaOxc4bx2uochG1Pm5Kqxl4g4zzxFaw==
-----END CERTIFICATE-----