This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/h2z5PFUk9kCOYl2Qfq1nfpB1Cow.roa
File:                     h2z5PFUk9kCOYl2Qfq1nfpB1Cow.roa (raw, json)
Hash identifier:          bmKxTPlO70DQG41qe3REDk+7OXfpbhyEVC0cTa4zyE0=
Subject key identifier:   87:6C:F9:3C:55:24:F6:40:8E:62:5D:90:7E:AD:67:7E:90:75:0A:8C
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019B7A5B804733C834FECD09AB7E7AFEDE62
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/h2z5PFUk9kCOYl2Qfq1nfpB1Cow.roa
Signing time:             Thu 01 Jan 2026 16:19:35 +0000
ROA not before:           Thu 01 Jan 2026 16:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213724
IP address blocks:        185.243.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:80:47:33:c8:34:fe:cd:09:ab:7e:7a:fe:de:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 16:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=876cf93c5524f6408e625d907ead677e90750a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:bd:d7:c4:83:20:17:6e:f7:de:af:28:2e:
                    d2:d6:30:ac:34:6c:a3:4d:a0:f7:8a:04:2b:8d:60:
                    d1:9f:89:d9:7b:e2:73:db:78:a0:87:ca:94:ff:a1:
                    ee:b8:61:72:28:b9:9c:1b:09:c4:c1:7f:04:9e:81:
                    9f:b3:9f:d6:4e:22:a9:9f:d1:67:35:b6:91:cc:7f:
                    a2:08:c4:90:3b:d0:5d:dd:56:8f:b8:75:b6:9b:9f:
                    fd:d8:c6:69:01:ae:ab:24:a3:54:63:11:02:7a:d9:
                    f1:7b:7d:a5:35:72:e4:f0:8f:30:f1:66:23:0c:dc:
                    2b:ed:79:3e:2f:0b:8f:40:e7:64:7f:b2:26:9e:0c:
                    dd:65:6f:87:2a:dd:db:f3:2a:f7:d1:83:a6:99:22:
                    53:0b:59:53:ab:af:c4:3d:b0:fb:93:01:c0:fb:e4:
                    0f:24:b8:13:37:7e:7f:24:8f:bc:76:63:99:82:24:
                    e9:eb:08:16:e1:5d:ce:a7:4d:de:92:01:43:c0:7b:
                    d0:8b:6b:0b:f5:ef:f2:b2:cf:a7:df:2c:51:96:6b:
                    0f:27:44:8b:cd:6a:e6:59:bc:6c:12:6f:82:8a:af:
                    f4:36:c6:54:19:af:0e:8a:82:69:bf:a9:2c:f7:81:
                    f9:72:44:48:4c:94:3b:7c:43:b3:1f:a7:8f:66:cd:
                    47:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:6C:F9:3C:55:24:F6:40:8E:62:5D:90:7E:AD:67:7E:90:75:0A:8C
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/h2z5PFUk9kCOYl2Qfq1nfpB1Cow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:31:c1:52:fd:cb:95:7a:7f:05:d0:80:c0:4e:86:28:57:98:
         3c:9a:48:bc:ee:cc:d0:1f:97:3c:cc:65:30:73:0e:79:10:87:
         cc:bb:a6:29:b9:7f:34:39:d5:4a:ef:72:0c:7d:4e:39:0b:08:
         2b:0d:77:0d:b0:8b:77:aa:89:67:83:f7:a9:ab:42:c8:69:d8:
         ac:ab:c3:e1:c0:1b:6c:9a:f5:e8:25:2a:52:9d:78:e4:b8:de:
         85:e2:12:7d:1f:e2:52:04:ab:96:a8:81:e1:0e:98:b3:8e:0d:
         f7:0c:e5:04:90:83:aa:a3:5a:4c:9d:61:d6:eb:ea:b4:3f:5e:
         9e:50:36:ec:79:19:ab:c9:63:98:8d:64:23:92:be:30:5d:97:
         96:e0:84:27:97:ec:e0:6f:00:0f:1f:e7:65:13:45:01:37:04:
         59:0f:cb:5c:ef:0a:8d:43:e4:39:a3:6f:08:22:71:f8:a3:d7:
         9a:5b:f0:28:14:5d:24:ef:11:40:b7:9d:a4:10:51:e3:7f:a2:
         4f:8f:d5:bf:fb:6c:86:0e:b6:dc:a0:b0:ea:9d:21:1e:36:33:
         b8:d6:b0:d1:53:11:e5:98:b5:27:f2:4b:2d:47:b4:6a:f5:0f:
         1d:d5:ee:e6:94:1f:63:be:91:6a:25:0d:3b:08:4a:38:39:cf:
         90:a4:8e:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W4BHM8g0/s0Jq356/t5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjYwMTAxMTYxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzZjZjkzYzU1MjRmNjQwOGU2MjVkOTA3ZWFkNjc3ZTkwNzUwYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ+918SDIBdu996vKC7S1jCsNGyj
TaD3igQrjWDRn4nZe+Jz23igh8qU/6HuuGFyKLmcGwnEwX8EnoGfs5/WTiKpn9Fn
NbaRzH+iCMSQO9Bd3VaPuHW2m5/92MZpAa6rJKNUYxECetnxe32lNXLk8I8w8WYj
DNwr7Xk+LwuPQOdkf7ImngzdZW+HKt3b8yr30YOmmSJTC1lTq6/EPbD7kwHA++QP
JLgTN35/JI+8dmOZgiTp6wgW4V3Op03ekgFDwHvQi2sL9e/yss+n3yxRlmsPJ0SL
zWrmWbxsEm+Ciq/0NsZUGa8OioJpv6ks94H5ckRITJQ7fEOzH6ePZs1HswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIds+TxVJPZAjmJdkH6tZ36QdQqMMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvaDJ6NVBGVWs5a0NPWWwyUWZxMW5mcEIxQ293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufOaMA0G
CSqGSIb3DQEBCwUAA4IBAQBxMcFS/cuVen8F0IDAToYoV5g8mki87szQH5c8zGUw
cw55EIfMu6YpuX80OdVK73IMfU45CwgrDXcNsIt3qolng/epq0LIadisq8PhwBts
mvXoJSpSnXjkuN6F4hJ9H+JSBKuWqIHhDpizjg33DOUEkIOqo1pMnWHW6+q0P16e
UDbseRmryWOYjWQjkr4wXZeW4IQnl+zgbwAPH+dlE0UBNwRZD8tc7wqNQ+Q5o28I
InH4o9eaW/AoFF0k7xFAt52kEFHjf6JPj9W/+2yGDrbcoLDqnSEeNjO41rDRUxHl
mLUn8kstR7Rq9Q8d1e7mlB9jvpFqJQ07CEo4Oc+QpI79
-----END CERTIFICATE-----