This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/6lQ-d2RqD34pr1B6YNpd-OcDomw.roa
File:                     6lQ-d2RqD34pr1B6YNpd-OcDomw.roa (raw, json)
Hash identifier:          EUu4nLunhxSbrVXC44jFtM4/qfl2QcaLlDGbKHKerK8=
Subject key identifier:   EA:54:3E:77:64:6A:0F:7E:29:AF:50:7A:60:DA:5D:F8:E7:03:A2:6C
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       019B7F154DC0CF55FE169026C71ABA24913B
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/6lQ-d2RqD34pr1B6YNpd-OcDomw.roa
Signing time:             Fri 02 Jan 2026 14:21:01 +0000
ROA not before:           Fri 02 Jan 2026 14:21:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        195.198.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4d:c0:cf:55:fe:16:90:26:c7:1a:ba:24:91:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  2 14:21:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea543e77646a0f7e29af507a60da5df8e703a26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d7:ea:c0:ad:5a:48:f6:97:61:84:b9:e0:79:
                    84:69:ee:6a:ef:a0:f9:78:d6:1d:b6:57:db:fd:5c:
                    d2:1f:6c:f1:5f:7f:fb:ad:0d:af:38:21:22:11:9f:
                    a6:bd:e6:d0:6d:6d:eb:ae:86:63:f8:76:bb:fe:a6:
                    95:f2:2c:81:ee:39:de:b7:06:3f:74:9a:bd:8d:35:
                    fc:d9:27:13:a6:22:9a:04:e3:21:33:87:a1:4d:6d:
                    6a:e4:57:13:44:a5:28:ea:b6:4a:51:9f:8c:a9:32:
                    29:38:da:00:3d:67:13:43:c9:3c:93:9d:7d:0c:7f:
                    22:81:62:6f:c8:ad:5e:9f:27:51:53:22:62:fa:7a:
                    41:77:7c:0a:6e:11:95:96:71:ab:0f:53:6b:f7:e5:
                    30:70:e1:94:f8:8b:4f:63:87:0c:84:89:2e:04:e3:
                    ed:2d:6e:f4:18:69:a3:68:d2:68:8d:d4:d7:67:5b:
                    70:17:37:64:97:49:88:bb:bd:27:37:6a:67:71:7d:
                    04:b1:11:79:47:a7:ce:a2:02:0e:e2:f4:d4:97:5d:
                    70:48:6d:2f:a0:89:47:f0:f0:35:5b:ef:cf:a0:48:
                    a6:9c:2a:16:7e:1e:0f:71:f5:d0:f6:f4:26:50:c7:
                    80:ea:7a:dd:5f:31:f2:65:01:13:f0:05:1d:7b:f3:
                    b5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:54:3E:77:64:6A:0F:7E:29:AF:50:7A:60:DA:5D:F8:E7:03:A2:6C
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/6lQ-d2RqD34pr1B6YNpd-OcDomw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.198.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:ef:06:a5:69:38:89:41:0f:fc:73:37:32:09:9c:c9:9b:ff:
         89:be:20:38:83:10:85:2b:eb:59:d7:75:f3:7d:c4:f9:a6:d6:
         65:30:f4:63:56:a6:af:4c:49:34:3c:01:25:a4:9f:7a:0d:a2:
         97:a0:51:79:83:1a:ee:41:f8:62:4b:63:69:a7:3f:3a:bb:12:
         20:f8:de:0b:96:70:f7:9a:c1:3c:71:6f:77:1a:37:a0:4c:05:
         84:dd:e0:4e:e1:b3:d7:c3:21:f2:a0:5e:6d:b8:57:ea:34:c9:
         49:fa:27:c7:62:b8:66:dd:06:cd:26:86:52:76:a5:20:95:00:
         87:75:ba:af:3d:e5:42:72:68:9a:43:a5:5f:fe:04:32:0d:18:
         15:d2:7f:df:d2:e9:d2:a3:79:72:59:3c:58:04:31:50:00:3e:
         9c:b5:f5:ac:d4:57:61:73:50:59:09:4d:17:69:91:6b:6d:1c:
         34:1c:b4:f0:d1:6d:03:70:a7:fd:92:42:10:80:9e:e5:63:eb:
         cd:ea:b8:aa:12:9e:89:37:90:21:18:d8:5b:fc:6e:34:4b:94:
         11:b1:ce:64:25:61:32:a3:08:9c:37:e2:b3:bf:5e:17:c6:22:
         2d:c3:7e:f2:dd:5a:58:58:28:db:03:76:0f:76:9b:2f:61:6b:
         02:fb:5c:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU3Az1X+FpAmxxq6JJE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwMTAyMTQyMTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTU0M2U3NzY0NmEwZjdlMjlhZjUwN2E2MGRhNWRmOGU3MDNhMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodfqwK1aSPaXYYS54HmEae5q76D5
eNYdtlfb/VzSH2zxX3/7rQ2vOCEiEZ+mvebQbW3rroZj+Ha7/qaV8iyB7jnetwY/
dJq9jTX82ScTpiKaBOMhM4ehTW1q5FcTRKUo6rZKUZ+MqTIpONoAPWcTQ8k8k519
DH8igWJvyK1enydRUyJi+npBd3wKbhGVlnGrD1Nr9+UwcOGU+ItPY4cMhIkuBOPt
LW70GGmjaNJojdTXZ1twFzdkl0mIu70nN2pncX0EsRF5R6fOogIO4vTUl11wSG0v
oIlH8PA1W+/PoEimnCoWfh4PcfXQ9vQmUMeA6nrdXzHyZQET8AUde/O1qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpUPndkag9+Ka9QemDaXfjnA6JsMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvNmxRLWQyUnFEMzRwcjFCNllOcGQtT2NEb213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8Y0MA0G
CSqGSIb3DQEBCwUAA4IBAQCG7walaTiJQQ/8czcyCZzJm/+JviA4gxCFK+tZ13Xz
fcT5ptZlMPRjVqavTEk0PAElpJ96DaKXoFF5gxruQfhiS2Nppz86uxIg+N4LlnD3
msE8cW93GjegTAWE3eBO4bPXwyHyoF5tuFfqNMlJ+ifHYrhm3QbNJoZSdqUglQCH
dbqvPeVCcmiaQ6Vf/gQyDRgV0n/f0unSo3lyWTxYBDFQAD6ctfWs1Fdhc1BZCU0X
aZFrbRw0HLTw0W0DcKf9kkIQgJ7lY+vN6riqEp6JN5AhGNhb/G40S5QRsc5kJWEy
owicN+Kzv14XxiItw37y3VpYWCjbA3YPdpsvYWsC+1xI
-----END CERTIFICATE-----