This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/dKuH0lj-FcvTEnVQ3b_1AAvtcwM.roa
File:                     dKuH0lj-FcvTEnVQ3b_1AAvtcwM.roa (raw, json)
Hash identifier:          IdTgVOkZiNhxtZ6mU+Z1OJOU/QZ/1eAxm1oF//XLXhw=
Subject key identifier:   74:AB:87:D2:58:FE:15:CB:D3:12:75:50:DD:BF:F5:00:0B:ED:73:03
Certificate issuer:       /CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
Certificate serial:       019B7AC7979FD2A6993DAA1EF9D5D21277AD
Authority key identifier: 33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/dKuH0lj-FcvTEnVQ3b_1AAvtcwM.roa
Signing time:             Thu 01 Jan 2026 18:17:39 +0000
ROA not before:           Thu 01 Jan 2026 18:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12859
IP address blocks:        194.53.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:97:9f:d2:a6:99:3d:aa:1e:f9:d5:d2:12:77:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
        Validity
            Not Before: Jan  1 18:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74ab87d258fe15cbd3127550ddbff5000bed7303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:39:f6:85:a5:f5:1d:0c:99:c5:46:f8:9d:53:
                    65:2e:d5:26:da:38:4d:d3:a6:a2:48:e9:36:a4:fc:
                    31:b6:3a:61:99:fc:39:07:49:63:7b:19:c8:71:a5:
                    62:dc:76:46:42:e1:eb:09:3a:e8:fb:3a:47:a0:1d:
                    e2:58:d0:c7:ac:53:26:7f:77:f4:fa:6d:6f:ef:6b:
                    f1:b6:cb:44:94:b4:09:05:e4:3c:a6:10:dc:01:af:
                    95:4f:b4:e6:ac:92:55:0f:6d:31:c8:6b:e2:c3:3d:
                    7d:8d:55:fb:59:96:fa:ff:1e:b7:5e:08:57:65:45:
                    4c:90:4e:9e:9f:b1:d5:33:7f:59:3c:0f:8f:6f:3a:
                    42:e2:b9:64:f9:09:c4:e0:7e:d2:e0:b5:ec:66:ba:
                    04:9c:28:eb:ab:da:a0:40:0c:a7:89:91:f2:f4:f3:
                    20:88:1a:47:8c:ff:d6:3b:fd:4b:c9:bf:77:53:e1:
                    6a:83:da:5e:2e:a1:fb:4d:2c:b8:13:fb:38:ca:73:
                    59:44:31:4c:fb:70:5c:ca:0a:80:a9:48:05:76:48:
                    95:19:46:e3:fb:78:2d:05:d7:1d:54:ab:e7:3d:13:
                    37:da:07:62:86:0c:06:ba:46:7b:f5:9b:53:8f:d7:
                    6f:25:e2:09:90:95:00:e8:44:46:92:10:53:f1:3f:
                    6c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AB:87:D2:58:FE:15:CB:D3:12:75:50:DD:BF:F5:00:0B:ED:73:03
            X509v3 Authority Key Identifier:
                keyid:33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/dKuH0lj-FcvTEnVQ3b_1AAvtcwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:92:e6:52:4d:32:33:ff:ea:d8:ab:2f:6b:fd:63:a5:5d:25:
         75:81:39:51:91:dd:8d:f1:ce:ee:48:c7:6a:49:0f:b1:91:25:
         7d:77:6c:75:78:a4:65:e4:94:c9:6d:6c:79:a6:7d:37:96:c9:
         d6:55:24:60:31:4a:35:e1:64:0a:49:04:1d:32:cc:ff:b0:ee:
         32:ca:cb:b7:1b:f4:b5:fe:e0:3f:f9:37:bd:ca:e8:b0:8e:98:
         14:be:f2:88:aa:4a:7f:8d:bc:90:49:0b:c4:f4:56:df:64:64:
         01:c1:8e:31:d6:98:8e:f6:16:18:5f:fd:bc:8b:36:e7:ad:b6:
         4b:1d:67:f3:95:98:63:39:fc:cc:86:f0:30:e5:f4:ce:b6:3d:
         50:18:74:ad:0b:57:0e:8e:ba:68:7d:79:a9:fa:18:41:e5:8e:
         e2:37:0d:60:d4:2a:a3:73:70:9c:0e:c9:b9:7c:84:f5:d2:06:
         93:b4:ea:dd:d7:3f:9e:24:68:19:85:27:82:50:4f:d1:72:22:
         66:4e:12:81:b8:75:77:c4:f5:73:b0:57:47:39:4b:de:1a:bd:
         cf:4d:73:38:4f:31:78:49:da:d8:b2:c7:cc:f9:ef:d1:98:88:
         f0:bb:40:0b:e8:2b:40:f6:2c:a2:bb:0b:56:40:4e:9e:f3:e0:
         d9:00:d5:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5ef0qaZPaoe+dXSEnetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTUxZDdmZjAyZDIxZmFjMTkzYWU0YWVkMWYwYzM5NTZj
ZTQ1MTUwHhcNMjYwMTAxMTgxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFiODdkMjU4ZmUxNWNiZDMxMjc1NTBkZGJmZjUwMDBiZWQ3MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDn2haX1HQyZxUb4nVNlLtUm2jhN
06aiSOk2pPwxtjphmfw5B0ljexnIcaVi3HZGQuHrCTro+zpHoB3iWNDHrFMmf3f0
+m1v72vxtstElLQJBeQ8phDcAa+VT7TmrJJVD20xyGviwz19jVX7WZb6/x63XghX
ZUVMkE6en7HVM39ZPA+PbzpC4rlk+QnE4H7S4LXsZroEnCjrq9qgQAyniZHy9PMg
iBpHjP/WO/1Lyb93U+Fqg9peLqH7TSy4E/s4ynNZRDFM+3BcygqAqUgFdkiVGUbj
+3gtBdcdVKvnPRM32gdihgwGukZ79ZtTj9dvJeIJkJUA6ERGkhBT8T9sYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSrh9JY/hXL0xJ1UN2/9QAL7XMDMB8GA1UdIwQY
MBaAFDOlHX/wLSH6wZOuSu0fDDlWzkUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjIt
OWIxZTZhOGU0MGYzLzEvZEt1SDBsai1GY3ZURW5WUTNiXzFBQXZ0Y3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjItOWIxZTZhOGU0MGYz
LzEvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNkuZSTTIz/+rYqy9r/WOlXSV1gTlRkd2N8c7uSMdq
SQ+xkSV9d2x1eKRl5JTJbWx5pn03lsnWVSRgMUo14WQKSQQdMsz/sO4yysu3G/S1
/uA/+Te9yuiwjpgUvvKIqkp/jbyQSQvE9FbfZGQBwY4x1piO9hYYX/28izbnrbZL
HWfzlZhjOfzMhvAw5fTOtj1QGHStC1cOjrpofXmp+hhB5Y7iNw1g1Cqjc3CcDsm5
fIT10gaTtOrd1z+eJGgZhSeCUE/RciJmThKBuHV3xPVzsFdHOUveGr3PTXM4TzF4
SdrYssfM+e/RmIjwu0AL6CtA9iyiuwtWQE6e8+DZANXe
-----END CERTIFICATE-----