This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/aVXhAizmDepCVOoLPu585d5UOlQ.roa
File:                     aVXhAizmDepCVOoLPu585d5UOlQ.roa (raw, json)
Hash identifier:          YB+GHVOhQos2qu1NUzfo9daXC5WuIe75DyabTVAx7KA=
Subject key identifier:   69:55:E1:02:2C:E6:0D:EA:42:54:EA:0B:3E:EE:7C:E5:DE:54:3A:54
Certificate issuer:       /CN=53b105065c0d9139b5ffedc32c900cf64b4312eb
Certificate serial:       019B797EF4EB4F6A3D83F0F19E158A5BD910
Authority key identifier: 53:B1:05:06:5C:0D:91:39:B5:FF:ED:C3:2C:90:0C:F6:4B:43:12:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/aVXhAizmDepCVOoLPu585d5UOlQ.roa
Signing time:             Thu 01 Jan 2026 12:18:41 +0000
ROA not before:           Thu 01 Jan 2026 12:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51088
IP address blocks:        185.41.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f4:eb:4f:6a:3d:83:f0:f1:9e:15:8a:5b:d9:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b105065c0d9139b5ffedc32c900cf64b4312eb
        Validity
            Not Before: Jan  1 12:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6955e1022ce60dea4254ea0b3eee7ce5de543a54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c4:a2:a3:8a:2b:b5:93:8d:c3:9d:1c:0d:04:
                    56:d0:e7:d8:0c:f5:9f:97:fe:cb:fd:9c:2f:eb:cd:
                    0d:46:a9:2c:c4:8b:9e:81:cb:f5:d4:bd:f2:8e:4f:
                    e5:e8:0a:8f:5e:57:d8:fd:4a:b3:0d:24:69:e8:f4:
                    19:2f:db:e0:9b:6b:f1:af:d5:09:f3:75:5f:17:ba:
                    f8:b3:1f:64:a3:e6:93:3f:32:d0:2b:00:ef:5a:75:
                    04:44:8b:c6:c7:f1:cd:d5:bd:2e:03:10:44:3a:ca:
                    b2:92:4f:47:21:7b:e7:c0:66:fc:46:5b:d9:a4:53:
                    35:fd:ef:36:c5:a9:34:8e:35:df:75:d6:e7:26:77:
                    21:65:b6:23:cc:59:a5:70:45:78:34:62:c2:05:26:
                    c1:56:be:3a:24:fe:da:48:c8:33:44:b1:2a:f2:27:
                    6e:c5:0e:45:95:bd:da:86:75:2a:82:8e:90:ef:a4:
                    f6:b1:b8:c1:ab:aa:93:4e:ed:35:db:2d:0c:05:22:
                    e9:3a:0e:73:10:f0:e2:e6:1e:48:3f:d2:d0:3b:c1:
                    0e:4d:23:b9:84:30:9c:e4:30:9f:4d:be:12:25:2a:
                    0f:63:c2:97:cf:42:6d:8f:d0:11:3a:3f:c0:20:88:
                    de:a9:38:7a:44:70:e8:1e:55:e7:7e:09:2a:5d:84:
                    c7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:55:E1:02:2C:E6:0D:EA:42:54:EA:0B:3E:EE:7C:E5:DE:54:3A:54
            X509v3 Authority Key Identifier:
                keyid:53:B1:05:06:5C:0D:91:39:B5:FF:ED:C3:2C:90:0C:F6:4B:43:12:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/aVXhAizmDepCVOoLPu585d5UOlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:12:cf:dd:8f:f0:94:3d:49:22:ad:b6:d5:f2:28:c0:de:7e:
         f5:b9:56:e7:24:31:5c:01:b2:87:8a:44:49:b2:2c:63:84:84:
         3b:e2:64:0d:55:00:f6:d9:8a:10:71:4d:7e:d6:ee:75:a2:81:
         8d:1c:c3:31:77:62:3c:a0:30:41:63:3b:7b:46:6c:56:7b:f7:
         92:a6:a3:b9:6a:ae:0e:82:97:60:80:42:d3:45:84:b1:3e:0e:
         8a:27:b5:72:1c:ba:e1:b0:4a:5c:ab:50:e5:6a:ab:69:f4:6f:
         4e:b8:94:f9:4d:6d:50:63:85:00:e2:94:5c:12:3d:4f:ff:51:
         c3:f2:86:77:f3:77:e7:8b:91:5b:d8:24:62:3a:bc:b1:c9:6d:
         65:76:96:a6:09:39:91:cf:df:11:6a:a4:4c:bb:b5:44:01:7c:
         cf:39:65:57:df:dc:4a:42:69:3d:07:27:56:03:2f:16:9c:df:
         76:0f:ec:a0:80:3e:19:d5:96:17:fb:a9:88:35:e3:bd:0d:2e:
         5c:f0:3a:27:bb:ca:35:ef:24:b7:96:ba:1c:e3:1f:14:00:2d:
         ec:ed:a4:0c:a0:a7:2e:f8:8b:a1:85:3f:a0:93:58:57:01:2c:
         69:95:f4:7a:85:e9:a9:fd:7a:77:25:ad:17:85:46:26:71:15:
         b0:f1:e9:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvTrT2o9g/DxnhWKW9kQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjEwNTA2NWMwZDkxMzliNWZmZWRjMzJjOTAwY2Y2NGI0
MzEyZWIwHhcNMjYwMTAxMTIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTU1ZTEwMjJjZTYwZGVhNDI1NGVhMGIzZWVlN2NlNWRlNTQzYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MSio4ortZONw50cDQRW0OfYDPWf
l/7L/Zwv680NRqksxIuegcv11L3yjk/l6AqPXlfY/UqzDSRp6PQZL9vgm2vxr9UJ
83VfF7r4sx9ko+aTPzLQKwDvWnUERIvGx/HN1b0uAxBEOsqykk9HIXvnwGb8RlvZ
pFM1/e82xak0jjXfddbnJnchZbYjzFmlcEV4NGLCBSbBVr46JP7aSMgzRLEq8idu
xQ5Flb3ahnUqgo6Q76T2sbjBq6qTTu012y0MBSLpOg5zEPDi5h5IP9LQO8EOTSO5
hDCc5DCfTb4SJSoPY8KXz0Jtj9AROj/AIIjeqTh6RHDoHlXnfgkqXYTHTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlV4QIs5g3qQlTqCz7ufOXeVDpUMB8GA1UdIwQY
MBaAFFOxBQZcDZE5tf/twyyQDPZLQxLrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdFRkJsd05rVG0xXy0zRExKQU05a3RERXVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MWMwOTEtMGE0ZS00MDA1LWJlMjIt
YTdlODY0NTNhYmNkLzEvYVZYaEFpem1EZXBDVk9vTFB1NTg1ZDVVT2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MWMwOTEtMGE0ZS00MDA1LWJlMjItYTdlODY0NTNhYmNk
LzEvVTdFRkJsd05rVG0xXy0zRExKQU05a3RERXVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSl8MA0G
CSqGSIb3DQEBCwUAA4IBAQBlEs/dj/CUPUkirbbV8ijA3n71uVbnJDFcAbKHikRJ
sixjhIQ74mQNVQD22YoQcU1+1u51ooGNHMMxd2I8oDBBYzt7RmxWe/eSpqO5aq4O
gpdggELTRYSxPg6KJ7VyHLrhsEpcq1Dlaqtp9G9OuJT5TW1QY4UA4pRcEj1P/1HD
8oZ383fni5Fb2CRiOryxyW1ldpamCTmRz98RaqRMu7VEAXzPOWVX39xKQmk9BydW
Ay8WnN92D+yggD4Z1ZYX+6mINeO9DS5c8Donu8o17yS3lroc4x8UAC3s7aQMoKcu
+IuhhT+gk1hXASxplfR6hemp/Xp3Ja0XhUYmcRWw8ekN
-----END CERTIFICATE-----