This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/kB1VAe7IiWttP305SpTIQdMVrgs.roa
File:                     kB1VAe7IiWttP305SpTIQdMVrgs.roa (raw, json)
Hash identifier:          317W73vQ+ktqI7vunTSNBr39CAMFJ4AGWozNVMt/2j4=
Subject key identifier:   90:1D:55:01:EE:C8:89:6B:6D:3F:7D:39:4A:94:C8:41:D3:15:AE:0B
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       019B7E389696A5C0FDDB3FA6749C928A016E
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/kB1VAe7IiWttP305SpTIQdMVrgs.roa
Signing time:             Fri 02 Jan 2026 10:19:56 +0000
ROA not before:           Fri 02 Jan 2026 10:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44307
IP address blocks:        83.126.0.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:96:96:a5:c0:fd:db:3f:a6:74:9c:92:8a:01:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  2 10:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=901d5501eec8896b6d3f7d394a94c841d315ae0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:82:38:9d:d5:28:24:42:56:bf:1d:32:d5:67:
                    be:63:e4:ed:7f:c0:ac:bd:8f:cb:38:4f:3a:ff:19:
                    a4:62:ec:bb:ca:90:ae:eb:db:c5:b4:f6:2d:70:4f:
                    41:94:9f:92:d5:63:c0:b5:6b:fb:52:b1:3f:1e:dc:
                    86:c8:20:d3:0c:33:dd:07:84:d6:98:2d:c1:97:67:
                    5b:c9:b8:4d:08:81:47:6e:10:80:ce:92:fa:17:62:
                    1d:62:67:fa:c7:3f:81:d0:23:22:d3:d3:22:fd:15:
                    77:1d:23:c1:25:9c:0b:02:67:d9:88:35:54:77:2f:
                    d9:55:be:81:b6:84:66:c5:25:65:d1:de:ce:f1:df:
                    01:0b:a6:40:d6:24:51:e3:18:58:d9:24:82:5c:f4:
                    eb:c8:a7:74:51:6f:3e:35:6c:55:88:90:2e:74:66:
                    1a:ec:81:94:17:b2:d7:38:12:5c:d7:d5:5c:8a:24:
                    96:0f:66:ab:3f:b4:6f:29:bb:bc:9e:cf:b5:f7:5c:
                    fd:c9:04:b5:a1:46:4a:88:d9:7a:13:ab:4f:64:1b:
                    a9:af:d4:86:93:dd:07:60:3c:11:a6:5b:e3:9c:cf:
                    0c:1c:a5:70:43:71:ef:a8:be:b8:07:04:fd:22:14:
                    6b:d6:5a:ae:2d:6d:bf:3b:93:02:45:d8:93:be:77:
                    ab:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1D:55:01:EE:C8:89:6B:6D:3F:7D:39:4A:94:C8:41:D3:15:AE:0B
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/kB1VAe7IiWttP305SpTIQdMVrgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.126.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         41:1e:cb:6d:26:cf:b2:49:6e:d7:18:4e:d7:08:e3:2e:6f:36:
         19:a4:7d:e8:43:5f:1c:d8:cc:3c:2e:6b:a1:71:a7:e0:d0:97:
         26:a6:d0:09:78:b5:a3:00:cc:7d:d2:3a:3d:2f:4b:41:c8:0f:
         1b:ea:b6:1f:f7:7c:e8:b0:68:45:24:f8:3e:d1:ea:4a:3c:09:
         ea:a3:8d:ef:86:6b:36:0f:45:ff:44:ea:fc:a5:d3:27:32:e7:
         82:6c:b0:88:89:5f:bf:bb:ec:ff:f5:63:97:b3:8e:c7:4c:2a:
         ec:98:78:4b:94:12:72:bf:7e:65:20:37:ac:0e:8f:27:d3:2f:
         3b:e8:05:92:a4:2e:76:8e:18:7a:77:ec:2f:4b:ce:5e:c0:3f:
         9c:0f:90:35:8e:2b:70:5f:0c:ff:e6:ba:32:39:cb:08:0c:13:
         b3:84:25:ec:e8:60:a4:ea:19:5d:64:55:c9:e7:e1:3f:7a:c2:
         38:9f:ba:bc:ab:85:bd:17:a8:37:8c:08:2b:af:0c:53:56:4b:
         0c:98:c8:9a:99:a0:a3:cb:32:99:bf:1b:e3:61:6b:6f:ab:9c:
         0a:38:ce:41:65:c5:15:8a:da:d7:9c:1c:be:f1:f7:6d:71:73:
         06:26:3a:bf:da:50:ba:fd:c0:e2:58:0b:52:62:93:37:c7:21:
         67:5f:36:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJaWpcD92z+mdJySigFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjYwMTAyMTAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFkNTUwMWVlYzg4OTZiNmQzZjdkMzk0YTk0Yzg0MWQzMTVhZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoII4ndUoJEJWvx0y1We+Y+Ttf8Cs
vY/LOE86/xmkYuy7ypCu69vFtPYtcE9BlJ+S1WPAtWv7UrE/HtyGyCDTDDPdB4TW
mC3Bl2dbybhNCIFHbhCAzpL6F2IdYmf6xz+B0CMi09Mi/RV3HSPBJZwLAmfZiDVU
dy/ZVb6BtoRmxSVl0d7O8d8BC6ZA1iRR4xhY2SSCXPTryKd0UW8+NWxViJAudGYa
7IGUF7LXOBJc19VciiSWD2arP7RvKbu8ns+191z9yQS1oUZKiNl6E6tPZBupr9SG
k90HYDwRplvjnM8MHKVwQ3HvqL64BwT9IhRr1lquLW2/O5MCRdiTvnertwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAdVQHuyIlrbT99OUqUyEHTFa4LMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEva0IxVkFlN0lpV3R0UDMwNVNwVElRZE1WcmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU34AMA0G
CSqGSIb3DQEBCwUAA4IBAQBBHsttJs+ySW7XGE7XCOMubzYZpH3oQ18c2Mw8Lmuh
cafg0JcmptAJeLWjAMx90jo9L0tByA8b6rYf93zosGhFJPg+0epKPAnqo43vhms2
D0X/ROr8pdMnMueCbLCIiV+/u+z/9WOXs47HTCrsmHhLlBJyv35lIDesDo8n0y87
6AWSpC52jhh6d+wvS85ewD+cD5A1jitwXwz/5royOcsIDBOzhCXs6GCk6hldZFXJ
5+E/esI4n7q8q4W9F6g3jAgrrwxTVksMmMiamaCjyzKZvxvjYWtvq5wKOM5BZcUV
itrXnBy+8fdtcXMGJjq/2lC6/cDiWAtSYpM3xyFnXzae
-----END CERTIFICATE-----