This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/aFNhBsBj-ZBfP8L0NrUC_nO9pPg.roa
File:                     aFNhBsBj-ZBfP8L0NrUC_nO9pPg.roa (raw, json)
Hash identifier:          HGwMoHWdFAfz3fMiL4Fa4RdLW7mO6LIOX2HFGuPp8Ys=
Subject key identifier:   68:53:61:06:C0:63:F9:90:5F:3F:C2:F4:36:B5:02:FE:73:BD:A4:F8
Certificate issuer:       /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial:       019B7BA3914734D29D02D947E7EDD6BA4F9C
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/aFNhBsBj-ZBfP8L0NrUC_nO9pPg.roa
Signing time:             Thu 01 Jan 2026 22:17:55 +0000
ROA not before:           Thu 01 Jan 2026 22:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210166
IP address blocks:        194.61.32.0/24 maxlen: 24
                          194.61.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:91:47:34:d2:9d:02:d9:47:e7:ed:d6:ba:4f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
        Validity
            Not Before: Jan  1 22:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68536106c063f9905f3fc2f436b502fe73bda4f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:29:73:1f:4a:cb:dd:c3:7b:ee:dd:49:c5:fa:
                    59:ad:22:97:1e:9e:0f:58:b2:27:6f:46:bc:f4:be:
                    79:df:64:c1:8e:e8:b0:f3:a1:4c:16:21:08:a7:74:
                    9b:64:a9:0c:43:02:dd:30:e3:72:65:dc:90:16:3d:
                    98:00:e3:d0:46:51:f3:eb:7c:7d:a5:a8:aa:4e:d8:
                    d8:88:8a:e4:a7:8a:2e:a8:b1:2b:05:6a:5b:d2:5f:
                    e3:ce:ac:29:06:ce:5a:9f:c2:f9:96:88:76:32:83:
                    6e:43:33:d9:89:79:97:98:d4:fd:49:5d:46:e7:0c:
                    45:ae:1b:b1:f1:8a:9c:2a:9e:4a:71:b4:8e:61:4a:
                    c6:b6:91:6e:ae:bb:86:ca:5d:b0:5b:55:9b:35:67:
                    d6:6b:39:d0:f1:be:8f:7c:d9:a2:90:5d:3f:08:c5:
                    e4:8f:b5:6a:60:33:86:38:50:26:29:be:8d:6f:9e:
                    3c:05:19:8e:f9:ba:ce:d0:18:0e:0e:a5:80:ed:a8:
                    9f:d9:46:80:34:05:23:63:63:33:b5:cd:47:de:7d:
                    53:e0:29:ae:a7:fa:fa:67:ad:f5:f0:a0:ff:e7:41:
                    e7:8b:dc:3a:c8:8a:bf:16:87:43:82:53:e9:6e:4b:
                    37:9f:c3:35:45:b6:96:31:17:fc:b6:84:06:2f:2b:
                    e8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:53:61:06:C0:63:F9:90:5F:3F:C2:F4:36:B5:02:FE:73:BD:A4:F8
            X509v3 Authority Key Identifier:
                keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/aFNhBsBj-ZBfP8L0NrUC_nO9pPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:34:ab:76:5f:03:4f:d4:3a:82:ca:95:ee:0b:21:58:ae:78:
         f3:30:61:4b:42:c4:13:2c:f4:de:ab:84:0f:2e:ff:61:88:1b:
         24:a8:e0:f3:b4:ba:5e:64:4d:24:08:9b:22:06:76:4d:30:94:
         23:0f:d8:3a:3d:36:b6:fa:17:f5:63:0b:cd:2c:9f:5d:7b:27:
         bc:a8:12:38:5c:ec:82:3d:a8:f8:8f:40:21:1b:f7:67:ee:08:
         8c:1a:62:5e:50:05:f0:39:10:81:73:51:70:e4:d9:bb:7c:9b:
         bf:26:3b:fa:b7:80:5a:4c:43:8e:f1:c1:48:7f:8c:75:a5:64:
         28:c0:69:03:18:b4:8e:33:14:bb:2c:c3:8d:75:1b:60:c3:84:
         7c:50:09:4a:2f:22:ff:28:17:4c:20:3d:f8:81:2d:3e:f7:7d:
         a1:14:62:16:ae:da:66:32:3f:01:d2:01:19:6d:c1:a1:db:58:
         50:cb:51:34:ab:ac:52:58:4a:ea:f4:a3:e1:a5:f3:5a:dd:1d:
         c5:68:72:51:bf:51:42:48:36:26:d2:24:7e:ca:d9:f3:b4:b2:
         1b:68:db:1a:ad:c3:b0:83:3b:75:b2:15:ee:67:44:48:af:e6:
         67:be:bb:8f:ef:05:9d:bb:45:58:73:42:03:3a:ee:b8:78:99:
         3d:3b:79:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o5FHNNKdAtlH5+3Wuk+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjYwMTAxMjIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODUzNjEwNmMwNjNmOTkwNWYzZmMyZjQzNmI1MDJmZTczYmRhNGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsClzH0rL3cN77t1JxfpZrSKXHp4P
WLInb0a89L5532TBjuiw86FMFiEIp3SbZKkMQwLdMONyZdyQFj2YAOPQRlHz63x9
paiqTtjYiIrkp4ouqLErBWpb0l/jzqwpBs5an8L5loh2MoNuQzPZiXmXmNT9SV1G
5wxFrhux8YqcKp5KcbSOYUrGtpFurruGyl2wW1WbNWfWaznQ8b6PfNmikF0/CMXk
j7VqYDOGOFAmKb6Nb548BRmO+brO0BgODqWA7aif2UaANAUjY2Mztc1H3n1T4Cmu
p/r6Z6318KD/50Hni9w6yIq/FodDglPpbks3n8M1RbaWMRf8toQGLyvotQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhTYQbAY/mQXz/C9Da1Av5zvaT4MB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvYUZOaEJzQmotWkJmUDhMME5yVUNfbk85cFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2NjktMWY5M2MyMzlhMDEy
LzEvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj0gMA0G
CSqGSIb3DQEBCwUAA4IBAQBYNKt2XwNP1DqCypXuCyFYrnjzMGFLQsQTLPTeq4QP
Lv9hiBskqODztLpeZE0kCJsiBnZNMJQjD9g6PTa2+hf1YwvNLJ9deye8qBI4XOyC
Paj4j0AhG/dn7giMGmJeUAXwORCBc1Fw5Nm7fJu/Jjv6t4BaTEOO8cFIf4x1pWQo
wGkDGLSOMxS7LMONdRtgw4R8UAlKLyL/KBdMID34gS0+932hFGIWrtpmMj8B0gEZ
bcGh21hQy1E0q6xSWErq9KPhpfNa3R3FaHJRv1FCSDYm0iR+ytnztLIbaNsarcOw
gzt1shXuZ0RIr+ZnvruP7wWdu0VYc0IDOu64eJk9O3kl
-----END CERTIFICATE-----