This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/sXlHt8dVvMvRDk-z4mx7yfN18pA.roa
File:                     sXlHt8dVvMvRDk-z4mx7yfN18pA.roa (raw, json)
Hash identifier:          JcovqlIDNXFTAcILNhi0OUki1VVI3DETXQCJ5bTmzq8=
Subject key identifier:   B1:79:47:B7:C7:55:BC:CB:D1:0E:4F:B3:E2:6C:7B:C9:F3:75:F2:90
Certificate issuer:       /CN=ab46686008a8c101e84ea878318ae58eb71cec82
Certificate serial:       019B7C80CF1353B076E28EBE9924591EBA65
Authority key identifier: AB:46:68:60:08:A8:C1:01:E8:4E:A8:78:31:8A:E5:8E:B7:1C:EC:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q0ZoYAiowQHoTqh4MYrljrcc7II.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/sXlHt8dVvMvRDk-z4mx7yfN18pA.roa
Signing time:             Fri 02 Jan 2026 02:19:34 +0000
ROA not before:           Fri 02 Jan 2026 02:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        194.11.152.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/q0ZoYAiowQHoTqh4MYrljrcc7II.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/q0ZoYAiowQHoTqh4MYrljrcc7II.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q0ZoYAiowQHoTqh4MYrljrcc7II.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:cf:13:53:b0:76:e2:8e:be:99:24:59:1e:ba:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab46686008a8c101e84ea878318ae58eb71cec82
        Validity
            Not Before: Jan  2 02:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b17947b7c755bccbd10e4fb3e26c7bc9f375f290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5f:11:76:95:22:39:5e:d7:2f:44:71:10:02:
                    64:05:3d:6a:98:c9:43:e9:af:c8:6b:c5:25:75:a5:
                    74:5c:fd:31:cb:ee:26:d2:e8:3f:e2:61:43:56:8e:
                    2d:99:a9:f1:0a:4f:92:45:a1:f3:08:f6:30:ff:9e:
                    dc:97:99:da:3a:c1:16:23:7f:9c:4b:d1:f7:cf:c4:
                    38:8c:ce:0e:05:bd:46:d4:dc:1d:2e:5a:d3:ab:53:
                    c7:d8:2a:d6:be:08:bc:1b:1f:6d:73:b2:a2:76:23:
                    03:15:09:95:85:80:a4:51:dd:c5:20:37:fe:a3:f9:
                    50:e5:8a:c6:bd:0b:a9:4f:a5:67:4a:72:f5:d2:f5:
                    49:49:2a:ea:42:b1:64:b4:98:39:0b:23:5c:a6:ea:
                    70:32:8b:84:5c:37:c2:a7:4b:d2:08:7a:8a:0c:ed:
                    78:18:5c:fa:5c:23:ef:29:13:a9:d3:41:58:18:02:
                    19:60:a0:e0:8e:62:8b:2c:95:a5:f8:b3:3d:0c:71:
                    59:db:5e:c7:f1:29:48:a8:e4:4f:84:1f:e1:0b:be:
                    a6:1e:07:02:ad:61:22:a2:37:9d:59:69:1f:86:9e:
                    90:ab:86:31:f9:c5:a1:04:83:b6:0b:c0:c0:d2:de:
                    87:97:fe:06:8b:99:33:f9:5d:1e:18:8b:1e:7a:77:
                    de:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:79:47:B7:C7:55:BC:CB:D1:0E:4F:B3:E2:6C:7B:C9:F3:75:F2:90
            X509v3 Authority Key Identifier:
                keyid:AB:46:68:60:08:A8:C1:01:E8:4E:A8:78:31:8A:E5:8E:B7:1C:EC:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q0ZoYAiowQHoTqh4MYrljrcc7II.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/sXlHt8dVvMvRDk-z4mx7yfN18pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/7264d6-3bfd-4de9-8ffb-f3363cbd424c/1/q0ZoYAiowQHoTqh4MYrljrcc7II.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dc:c6:2a:63:c6:80:b6:fd:07:e6:f1:dc:35:ec:f0:d0:82:65:
         06:5c:7a:bb:b4:d1:94:73:31:7b:d8:b7:2e:09:5b:f9:82:e4:
         00:bb:2e:86:cd:2c:96:0c:3c:4a:5b:7a:6a:13:9f:d7:1b:2c:
         16:fe:d6:63:d4:95:80:cd:02:23:ea:b5:07:f5:e4:b2:ee:82:
         4a:59:3f:b8:d5:2a:c9:3c:22:29:72:25:71:eb:0d:a3:ff:9a:
         47:59:2d:62:d0:77:1e:48:ac:90:64:27:7e:f9:6f:d6:9b:80:
         f8:f8:c0:2a:ce:be:7e:b7:50:2d:0f:c3:93:ed:0f:d3:04:43:
         a2:7e:cb:ec:4a:0f:22:e3:fc:1e:1c:42:a8:ba:9b:ef:84:57:
         ac:c2:c5:65:df:42:e7:12:4d:55:00:b4:a7:c4:d5:dc:08:26:
         71:d1:ac:da:a6:47:e2:3e:20:59:18:3c:e1:b8:1b:f5:ab:6d:
         c4:07:a4:49:3a:aa:e1:56:c2:76:c2:f7:f0:4c:bd:77:64:9e:
         66:d1:e1:41:72:55:0a:63:3f:03:50:b0:16:02:f5:b8:47:69:
         58:06:ae:6a:33:39:af:d8:47:34:4f:1d:83:73:10:30:b9:30:
         58:73:a9:e6:72:0c:d8:db:f7:85:5a:04:59:1c:59:ce:9e:22:
         ca:83:83:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gM8TU7B24o6+mSRZHrplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNDY2ODYwMDhhOGMxMDFlODRlYTg3ODMxOGFlNThlYjcx
Y2VjODIwHhcNMjYwMTAyMDIxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc5NDdiN2M3NTViY2NiZDEwZTRmYjNlMjZjN2JjOWYzNzVmMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol8RdpUiOV7XL0RxEAJkBT1qmMlD
6a/Ia8UldaV0XP0xy+4m0ug/4mFDVo4tmanxCk+SRaHzCPYw/57cl5naOsEWI3+c
S9H3z8Q4jM4OBb1G1NwdLlrTq1PH2CrWvgi8Gx9tc7KidiMDFQmVhYCkUd3FIDf+
o/lQ5YrGvQupT6VnSnL10vVJSSrqQrFktJg5CyNcpupwMouEXDfCp0vSCHqKDO14
GFz6XCPvKROp00FYGAIZYKDgjmKLLJWl+LM9DHFZ217H8SlIqORPhB/hC76mHgcC
rWEiojedWWkfhp6Qq4Yx+cWhBIO2C8DA0t6Hl/4Gi5kz+V0eGIseenfe1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF5R7fHVbzL0Q5Ps+Jse8nzdfKQMB8GA1UdIwQY
MBaAFKtGaGAIqMEB6E6oeDGK5Y63HOyCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTBab1lBaW93UUhvVHFoNE1ZcmxqcmNjN0lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi83MjY0ZDYtM2JmZC00ZGU5LThmZmIt
ZjMzNjNjYmQ0MjRjLzEvc1hsSHQ4ZFZ2TXZSRGstejRteDd5Zk4xOHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi83MjY0ZDYtM2JmZC00ZGU5LThmZmItZjMzNjNjYmQ0MjRj
LzEvcTBab1lBaW93UUhvVHFoNE1ZcmxqcmNjN0lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwguYMA0G
CSqGSIb3DQEBCwUAA4IBAQDcxipjxoC2/Qfm8dw17PDQgmUGXHq7tNGUczF72Lcu
CVv5guQAuy6GzSyWDDxKW3pqE5/XGywW/tZj1JWAzQIj6rUH9eSy7oJKWT+41SrJ
PCIpciVx6w2j/5pHWS1i0HceSKyQZCd++W/Wm4D4+MAqzr5+t1AtD8OT7Q/TBEOi
fsvsSg8i4/weHEKoupvvhFeswsVl30LnEk1VALSnxNXcCCZx0azapkfiPiBZGDzh
uBv1q23EB6RJOqrhVsJ2wvfwTL13ZJ5m0eFBclUKYz8DULAWAvW4R2lYBq5qMzmv
2Ec0Tx2DcxAwuTBYc6nmcgzY2/eFWgRZHFnOniLKg4Pn
-----END CERTIFICATE-----