This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/gHq4ZQAB43U72DuDXjjiZ0-2-00.roa
File:                     gHq4ZQAB43U72DuDXjjiZ0-2-00.roa (raw, json)
Hash identifier:          UuXFiLQX/A/tFOUVtGrjRAOGOHSsYt/+KkH7+iWkPIk=
Subject key identifier:   80:7A:B8:65:00:01:E3:75:3B:D8:3B:83:5E:38:E2:67:4F:B6:FB:4D
Certificate issuer:       /CN=472694d8a399a3a66f442ec72295c754acbbad41
Certificate serial:       019B7AC886FB17E4CA0900D81D22395F859C
Authority key identifier: 47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/gHq4ZQAB43U72DuDXjjiZ0-2-00.roa
Signing time:             Thu 01 Jan 2026 18:18:40 +0000
ROA not before:           Thu 01 Jan 2026 18:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39122
IP address blocks:        185.173.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:86:fb:17:e4:ca:09:00:d8:1d:22:39:5f:85:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=472694d8a399a3a66f442ec72295c754acbbad41
        Validity
            Not Before: Jan  1 18:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=807ab8650001e3753bd83b835e38e2674fb6fb4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c2:15:a8:58:13:dd:a3:07:25:95:c2:07:d9:
                    cd:c7:44:56:7e:fd:c0:64:22:2b:a5:a8:92:8d:33:
                    34:db:16:ac:ee:e0:b1:4d:3a:90:1e:4e:6f:f1:56:
                    72:a8:7d:33:40:d1:06:03:75:d8:48:ff:22:a0:56:
                    b2:38:07:76:5f:09:c2:bb:17:d7:26:35:90:31:fc:
                    eb:45:61:09:f8:a4:eb:49:6c:f3:6c:29:b7:82:0f:
                    ae:a6:8e:e9:5e:1d:70:04:30:07:24:b9:1c:de:f1:
                    69:3b:41:35:65:fa:30:63:8b:85:41:f8:3e:ca:cb:
                    cf:34:22:b3:26:97:85:86:b7:a3:42:31:2d:07:32:
                    35:e8:71:2e:fc:03:d6:3f:19:dc:a6:5d:86:be:bb:
                    49:d3:45:23:21:4a:36:2c:10:ee:f8:73:9a:d0:ec:
                    e7:67:62:a1:7a:ed:94:a8:00:88:8f:f6:a8:6d:c2:
                    33:16:15:76:d8:90:24:c4:de:47:14:7e:d2:eb:72:
                    59:88:a3:f4:44:6f:68:64:ac:01:6a:7f:37:f2:7a:
                    69:5f:74:37:3a:fd:88:9b:e2:93:13:1c:db:83:27:
                    57:a9:e2:ee:53:24:85:b6:f0:ff:d1:94:cb:e8:8b:
                    59:84:db:05:c3:b3:37:1f:03:a5:f6:b6:de:5d:1b:
                    60:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7A:B8:65:00:01:E3:75:3B:D8:3B:83:5E:38:E2:67:4F:B6:FB:4D
            X509v3 Authority Key Identifier:
                keyid:47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/gHq4ZQAB43U72DuDXjjiZ0-2-00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:5b:89:ba:8d:ec:02:d9:5a:d6:93:68:35:80:cc:f2:c9:38:
         9f:ea:9e:3e:93:2f:dd:fe:72:39:80:34:24:c1:26:9e:f0:7c:
         c3:bf:e7:cd:a7:88:6b:70:1c:87:3c:50:93:f2:82:e9:58:93:
         3a:05:17:5d:2a:8a:5c:9a:a3:ee:07:09:9d:84:f5:50:b9:4d:
         2f:5c:1c:88:80:96:d7:cd:f1:1d:e0:df:70:b2:f2:d0:37:79:
         93:ca:83:14:b7:a1:55:b3:1c:43:c4:5a:b5:9f:db:9c:39:0f:
         59:d6:d7:42:28:e1:a3:12:8a:c6:bd:b5:be:14:8b:59:5e:4f:
         6f:d2:c2:28:b1:fb:dc:ff:4a:61:08:88:f6:39:bc:28:f1:d4:
         a0:8d:c1:c2:82:22:ae:80:bf:62:2e:1f:f9:ac:78:44:aa:7b:
         5d:36:c0:a1:cd:f5:3d:c4:e3:94:15:f6:7f:7e:7b:a6:b7:38:
         c7:0b:d2:26:da:23:da:21:d7:2a:6d:97:16:f3:ab:46:47:08:
         68:64:ed:ac:b2:49:db:1a:a0:1d:d2:ea:72:f9:bb:b2:62:6d:
         70:f8:61:1e:32:0d:db:66:cc:10:35:07:4c:dd:ce:c5:92:61:
         9b:e3:3c:3a:80:d9:dc:98:6f:4f:a6:0d:aa:52:20:8b:0f:ef:
         4e:ce:dc:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yIb7F+TKCQDYHSI5X4WcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjY5NGQ4YTM5OWEzYTY2ZjQ0MmVjNzIyOTVjNzU0YWNi
YmFkNDEwHhcNMjYwMTAxMTgxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdhYjg2NTAwMDFlMzc1M2JkODNiODM1ZTM4ZTI2NzRmYjZmYjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMIVqFgT3aMHJZXCB9nNx0RWfv3A
ZCIrpaiSjTM02xas7uCxTTqQHk5v8VZyqH0zQNEGA3XYSP8ioFayOAd2XwnCuxfX
JjWQMfzrRWEJ+KTrSWzzbCm3gg+upo7pXh1wBDAHJLkc3vFpO0E1ZfowY4uFQfg+
ysvPNCKzJpeFhrejQjEtBzI16HEu/APWPxncpl2GvrtJ00UjIUo2LBDu+HOa0Ozn
Z2Kheu2UqACIj/aobcIzFhV22JAkxN5HFH7S63JZiKP0RG9oZKwBan838nppX3Q3
Ov2Im+KTExzbgydXqeLuUySFtvD/0ZTL6ItZhNsFw7M3HwOl9rbeXRtgMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB6uGUAAeN1O9g7g1444mdPtvtNMB8GA1UdIwQY
MBaAFEcmlNijmaOmb0QuxyKVx1Ssu61BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEt
MDYzYTA4ODFhNmQyLzEvZ0hxNFpRQUI0M1U3MkR1RFhqamlaMC0yLTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEtMDYzYTA4ODFhNmQy
LzEvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua2nMA0G
CSqGSIb3DQEBCwUAA4IBAQCOW4m6jewC2VrWk2g1gMzyyTif6p4+ky/d/nI5gDQk
wSae8HzDv+fNp4hrcByHPFCT8oLpWJM6BRddKopcmqPuBwmdhPVQuU0vXByIgJbX
zfEd4N9wsvLQN3mTyoMUt6FVsxxDxFq1n9ucOQ9Z1tdCKOGjEorGvbW+FItZXk9v
0sIosfvc/0phCIj2Obwo8dSgjcHCgiKugL9iLh/5rHhEqntdNsChzfU9xOOUFfZ/
fnumtzjHC9Im2iPaIdcqbZcW86tGRwhoZO2ssknbGqAd0upy+buyYm1w+GEeMg3b
ZswQNQdM3c7FkmGb4zw6gNncmG9Ppg2qUiCLD+9Ozty/
-----END CERTIFICATE-----