This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/kUqj_jeUDh3dlpjWljMC7msoL3g.roa
File:                     kUqj_jeUDh3dlpjWljMC7msoL3g.roa (raw, json)
Hash identifier:          6Qbo5xUNd0YNqPivHOfLW5ZqEfhVypLSM8N0TdqoUjI=
Subject key identifier:   91:4A:A3:FE:37:94:0E:1D:DD:96:98:D6:96:33:02:EE:6B:28:2F:78
Certificate issuer:       /CN=05ad79492e809934d693b11855e75103241569eb
Certificate serial:       019B7B36037E1CFEAD1BAD30B1968E8ACC51
Authority key identifier: 05:AD:79:49:2E:80:99:34:D6:93:B1:18:55:E7:51:03:24:15:69:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/kUqj_jeUDh3dlpjWljMC7msoL3g.roa
Signing time:             Thu 01 Jan 2026 20:18:15 +0000
ROA not before:           Thu 01 Jan 2026 20:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2269
IP address blocks:        138.231.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:03:7e:1c:fe:ad:1b:ad:30:b1:96:8e:8a:cc:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05ad79492e809934d693b11855e75103241569eb
        Validity
            Not Before: Jan  1 20:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=914aa3fe37940e1ddd9698d6963302ee6b282f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:af:44:42:47:63:71:67:2f:28:a5:ef:0d:33:
                    82:82:65:d9:80:7f:0d:cd:90:d3:cf:99:09:ed:0a:
                    32:ba:a4:b8:78:6a:ba:c6:fa:23:a7:53:b9:04:e9:
                    7f:2d:e4:64:6a:fa:3a:34:ed:20:35:3e:b4:38:22:
                    8a:17:0f:52:a0:f0:d9:db:c9:0c:20:d7:90:b5:3d:
                    1e:7f:33:02:30:3c:26:86:27:e9:10:4c:f4:0e:64:
                    6f:ff:cd:bf:6d:95:d6:8a:e0:cf:0e:2d:a1:48:78:
                    15:86:29:65:b9:98:64:40:52:36:02:c3:c9:89:77:
                    17:bd:0d:a7:e3:d7:88:c6:17:34:ca:82:59:c4:35:
                    2b:2b:c4:a4:f2:cb:a6:0a:c8:5f:8d:81:94:46:d0:
                    b0:31:8b:a9:cf:db:46:c9:11:26:4e:e4:91:2e:33:
                    30:d3:df:b7:7e:64:45:16:a3:a7:2f:65:7c:81:4d:
                    7b:b1:a7:f4:22:37:ff:62:f1:22:60:c6:c8:46:42:
                    e9:72:50:bc:b2:08:aa:65:8b:6b:63:24:82:c5:78:
                    b5:c1:fa:b4:6c:20:bd:86:3c:c0:b4:68:b1:85:6e:
                    04:ec:54:c3:39:49:e2:db:cd:58:d1:ce:4e:db:6c:
                    05:b0:1c:dd:8a:aa:28:d1:90:ce:03:7b:8e:de:02:
                    76:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4A:A3:FE:37:94:0E:1D:DD:96:98:D6:96:33:02:EE:6B:28:2F:78
            X509v3 Authority Key Identifier:
                keyid:05:AD:79:49:2E:80:99:34:D6:93:B1:18:55:E7:51:03:24:15:69:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/kUqj_jeUDh3dlpjWljMC7msoL3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         63:6a:e8:80:bd:8c:9a:42:09:95:9c:79:ef:39:88:0d:55:57:
         30:80:2e:96:57:cb:eb:8d:47:99:40:16:0d:3b:14:08:73:a3:
         4e:16:72:0c:61:41:b4:d6:4c:cb:2e:93:37:d7:89:89:24:8d:
         f0:3a:d6:78:3a:2a:d1:a8:6f:b2:f5:cc:2e:84:37:c6:30:44:
         e5:14:45:a4:7b:44:cb:71:de:aa:d2:77:7d:3c:2e:ce:1a:14:
         3f:46:16:c2:42:63:96:ed:7b:ac:20:ab:77:ab:af:bb:c3:d9:
         3c:53:03:c2:d1:4d:d5:8c:81:41:df:96:35:24:4d:41:b3:82:
         fa:ca:d0:44:2b:a9:9e:6d:05:be:61:31:4c:22:6a:a4:bc:3e:
         f6:07:e7:bd:06:a0:aa:50:09:36:87:61:68:34:60:9f:1b:63:
         af:22:85:35:97:c8:e1:8e:36:61:9c:f6:cf:f1:ec:67:31:b5:
         26:f8:c4:01:4d:b3:cd:98:f0:88:f7:e2:86:ca:07:3f:be:67:
         45:b9:b8:ef:10:19:a3:23:b2:93:60:e4:c2:f2:ca:38:a3:22:
         f0:6c:f1:97:ec:23:f8:e5:87:4f:8f:3e:62:07:8a:b2:2c:4b:
         dc:b2:7e:64:d5:91:57:c7:54:7f:4e:94:5d:a7:1c:26:55:07:
         d8:7d:ac:98
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7NgN+HP6tG60wsZaOisxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YWQ3OTQ5MmU4MDk5MzRkNjkzYjExODU1ZTc1MTAzMjQx
NTY5ZWIwHhcNMjYwMTAxMjAxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRhYTNmZTM3OTQwZTFkZGQ5Njk4ZDY5NjMzMDJlZTZiMjgyZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2q9EQkdjcWcvKKXvDTOCgmXZgH8N
zZDTz5kJ7QoyuqS4eGq6xvojp1O5BOl/LeRkavo6NO0gNT60OCKKFw9SoPDZ28kM
INeQtT0efzMCMDwmhifpEEz0DmRv/82/bZXWiuDPDi2hSHgVhilluZhkQFI2AsPJ
iXcXvQ2n49eIxhc0yoJZxDUrK8Sk8sumCshfjYGURtCwMYupz9tGyREmTuSRLjMw
09+3fmRFFqOnL2V8gU17saf0Ijf/YvEiYMbIRkLpclC8sgiqZYtrYySCxXi1wfq0
bCC9hjzAtGixhW4E7FTDOUni281Y0c5O22wFsBzdiqoo0ZDOA3uO3gJ2EQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJFKo/43lA4d3ZaY1pYzAu5rKC94MB8GA1UdIwQY
MBaAFAWteUkugJk01pOxGFXnUQMkFWnrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmExNVNTNkFtVFRXazdFWVZlZFJBeVFWYWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yODBiNzYtMTVhYy00YzY4LTgwMzIt
ZjM3OTdlZjM0OGZmLzEva1Vxal9qZVVEaDNkbHBqV2xqTUM3bXNvTDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yODBiNzYtMTVhYy00YzY4LTgwMzItZjM3OTdlZjM0OGZm
LzEvQmExNVNTNkFtVFRXazdFWVZlZFJBeVFWYWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiucwDQYJ
KoZIhvcNAQELBQADggEBAGNq6IC9jJpCCZWcee85iA1VVzCALpZXy+uNR5lAFg07
FAhzo04WcgxhQbTWTMsukzfXiYkkjfA61ng6KtGob7L1zC6EN8YwROUURaR7RMtx
3qrSd308Ls4aFD9GFsJCY5bte6wgq3err7vD2TxTA8LRTdWMgUHfljUkTUGzgvrK
0EQrqZ5tBb5hMUwiaqS8PvYH570GoKpQCTaHYWg0YJ8bY68ihTWXyOGONmGc9s/x
7GcxtSb4xAFNs82Y8Ij34obKBz++Z0W5uO8QGaMjspNg5MLyyjijIvBs8ZfsI/jl
h0+PPmIHirIsS9yyfmTVkVfHVH9OlF2nHCZVB9h9rJg=
-----END CERTIFICATE-----