This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/TrZbLVY0iXqlw78jA1uMduH-vUQ.roa
File:                     TrZbLVY0iXqlw78jA1uMduH-vUQ.roa (raw, json)
Hash identifier:          KRDdhAasvGi+XoVP5w8RcZgsqXheZXBgHtl6x/DPy1c=
Subject key identifier:   4E:B6:5B:2D:56:34:89:7A:A5:C3:BF:23:03:5B:8C:76:E1:FE:BD:44
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       019B79ECDA65E9A6E50FBCD2CA18FDDA3F04
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/TrZbLVY0iXqlw78jA1uMduH-vUQ.roa
Signing time:             Thu 01 Jan 2026 14:18:44 +0000
ROA not before:           Thu 01 Jan 2026 14:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8218
IP address blocks:        185.172.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:da:65:e9:a6:e5:0f:bc:d2:ca:18:fd:da:3f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  1 14:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4eb65b2d5634897aa5c3bf23035b8c76e1febd44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bd:2b:09:74:26:1d:66:17:80:19:12:8d:b7:
                    9e:41:c0:6c:30:aa:ff:9b:5c:5e:16:c6:3d:17:6f:
                    f8:ba:6e:f4:53:c9:5c:3e:98:88:e4:64:42:fc:91:
                    83:98:02:57:6d:d6:1d:07:17:03:c5:07:8c:2d:5f:
                    93:7b:dd:04:ae:2d:7c:b6:4a:ef:79:7c:4b:1b:3c:
                    2f:ad:a3:54:63:ce:72:93:88:96:5b:18:c3:b9:b3:
                    dc:1a:0f:96:a6:b6:4b:a9:51:70:21:17:a9:27:b5:
                    b1:a2:cf:79:d8:a3:b0:2c:79:cb:9f:67:4a:01:d0:
                    33:52:97:5e:6a:70:76:5a:9a:75:4c:44:fb:4b:89:
                    50:7f:36:32:8b:cc:55:03:b8:5b:82:08:b5:ea:88:
                    da:1b:06:0a:51:44:91:1a:67:79:43:2c:cf:88:1c:
                    bd:7f:6e:cf:6b:b1:c2:8a:f5:14:48:d1:36:ab:c9:
                    54:06:52:a8:da:71:1a:86:54:8a:2b:96:51:fa:75:
                    54:e2:59:96:b3:58:e2:1a:bf:c5:34:e3:bf:64:1c:
                    00:12:67:dc:c0:1a:c8:dd:6c:48:e3:16:8a:c4:cc:
                    a0:3a:51:6a:f7:15:8e:c9:5c:13:05:0d:ca:47:43:
                    d6:2d:ca:99:f3:66:79:22:62:c2:5b:53:21:30:8c:
                    53:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B6:5B:2D:56:34:89:7A:A5:C3:BF:23:03:5B:8C:76:E1:FE:BD:44
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/TrZbLVY0iXqlw78jA1uMduH-vUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:76:b9:d5:ed:38:03:04:95:9d:7f:f8:b6:59:c8:38:48:69:
         a1:af:84:e3:21:31:9a:32:00:3c:27:aa:59:b6:ae:9c:0f:58:
         23:2e:b8:79:e1:09:5a:63:ec:53:93:8c:9d:c0:ba:48:9b:53:
         de:98:6a:41:48:79:ff:34:65:37:b4:8c:95:ff:70:62:a5:e5:
         c1:a6:6d:a8:2d:94:60:38:c1:36:75:eb:4b:2e:50:25:6f:65:
         31:ec:0c:53:88:80:ed:d0:47:cb:78:6c:3c:bc:53:ac:a6:45:
         7a:8a:57:c5:ce:82:c7:5b:82:8f:d7:a9:4d:ee:fe:37:e6:f8:
         53:7e:90:a7:62:95:e2:5a:e4:0a:7d:70:e4:bd:51:48:d8:52:
         7b:3a:e4:fd:b0:a7:3d:d9:75:5f:0e:72:88:4e:7a:53:3b:5d:
         05:19:c9:db:52:88:43:fe:eb:a7:6c:a2:19:a1:5e:b0:75:4e:
         33:76:6a:3b:6e:67:79:23:c2:5d:20:4f:56:ef:bb:12:d0:bf:
         90:f4:d2:d5:24:6d:f4:20:5a:85:a4:11:f8:c4:77:1d:7a:cd:
         fe:1c:7b:f3:3f:4f:79:e0:9d:e0:67:1d:e3:af:b2:67:dc:44:
         e7:ba:05:c9:1a:55:ab:97:03:bc:8e:ca:de:4c:cb:6f:8b:3e:
         23:8a:2d:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Npl6ablD7zSyhj92j8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjYwMTAxMTQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI2NWIyZDU2MzQ4OTdhYTVjM2JmMjMwMzViOGM3NmUxZmViZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb0rCXQmHWYXgBkSjbeeQcBsMKr/
m1xeFsY9F2/4um70U8lcPpiI5GRC/JGDmAJXbdYdBxcDxQeMLV+Te90Eri18tkrv
eXxLGzwvraNUY85yk4iWWxjDubPcGg+WprZLqVFwIRepJ7Wxos952KOwLHnLn2dK
AdAzUpdeanB2Wpp1TET7S4lQfzYyi8xVA7hbggi16ojaGwYKUUSRGmd5QyzPiBy9
f27Pa7HCivUUSNE2q8lUBlKo2nEahlSKK5ZR+nVU4lmWs1jiGr/FNOO/ZBwAEmfc
wBrI3WxI4xaKxMygOlFq9xWOyVwTBQ3KR0PWLcqZ82Z5ImLCW1MhMIxTRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE62Wy1WNIl6pcO/IwNbjHbh/r1EMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvVHJaYkxWWTBpWHFsdzc4akExdU1kdUgtdlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQBtdrnV7TgDBJWdf/i2Wcg4SGmhr4TjITGaMgA8J6pZ
tq6cD1gjLrh54QlaY+xTk4ydwLpIm1PemGpBSHn/NGU3tIyV/3BipeXBpm2oLZRg
OME2detLLlAlb2Ux7AxTiIDt0EfLeGw8vFOspkV6ilfFzoLHW4KP16lN7v435vhT
fpCnYpXiWuQKfXDkvVFI2FJ7OuT9sKc92XVfDnKITnpTO10FGcnbUohD/uunbKIZ
oV6wdU4zdmo7bmd5I8JdIE9W77sS0L+Q9NLVJG30IFqFpBH4xHcdes3+HHvzP095
4J3gZx3jr7Jn3ETnugXJGlWrlwO8jsreTMtviz4jii3/
-----END CERTIFICATE-----