This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ix2q65tvo79b2VM9SJoR3waKmbY.roa
File:                     ix2q65tvo79b2VM9SJoR3waKmbY.roa (raw, json)
Hash identifier:          45SsaY7Saj0PCodz7wSRlglQW+UHXzTiCmppLl/YbTs=
Subject key identifier:   8B:1D:AA:EB:9B:6F:A3:BF:5B:D9:53:3D:48:9A:11:DF:06:8A:99:B6
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       019B7F155110765C035D0662C5C3A12D8B92
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ix2q65tvo79b2VM9SJoR3waKmbY.roa
Signing time:             Fri 02 Jan 2026 14:21:02 +0000
ROA not before:           Fri 02 Jan 2026 14:21:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29217
IP address blocks:        194.18.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:51:10:76:5c:03:5d:06:62:c5:c3:a1:2d:8b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  2 14:21:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b1daaeb9b6fa3bf5bd9533d489a11df068a99b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7e:9a:9d:2e:1f:0c:c3:fb:4d:eb:f1:23:96:
                    53:2a:69:f2:85:f9:bc:8c:30:72:7b:26:25:c9:42:
                    6d:b1:72:41:a9:b3:e3:df:31:24:6a:67:fd:b9:d9:
                    d4:20:d8:2a:48:8e:e5:5b:c7:77:12:15:7d:f1:10:
                    64:1b:66:55:c1:17:eb:08:51:5a:1a:a4:d7:42:84:
                    88:41:c4:0b:41:0b:59:66:5c:1a:53:d2:fc:c6:66:
                    8a:69:0c:25:6b:be:38:a2:c4:23:5c:31:e7:2f:ca:
                    8d:32:8b:8f:06:de:d2:3e:c8:52:94:ec:ff:bc:24:
                    43:19:4c:86:f0:3e:a3:2f:88:ee:58:80:2f:aa:d2:
                    ed:2c:a8:22:30:31:70:3f:9e:5b:2b:cb:ab:ec:7f:
                    10:08:78:70:9f:82:73:b7:f2:52:11:60:6a:bf:99:
                    ee:3b:6b:3c:92:b8:92:02:f4:98:a5:b8:fc:e7:fb:
                    7b:15:c3:72:00:2a:06:82:a6:75:d7:a5:5d:af:85:
                    bc:1a:fb:28:a9:96:3e:c5:f6:bc:d9:ea:df:26:1f:
                    8a:ce:f5:d9:02:4d:4c:bd:a8:fe:0f:4e:6c:c8:06:
                    2f:bf:8e:ff:81:74:3f:51:bb:09:8c:25:6c:ed:43:
                    df:4e:8c:2e:45:fa:59:7d:16:fa:67:cb:41:74:c4:
                    a1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:1D:AA:EB:9B:6F:A3:BF:5B:D9:53:3D:48:9A:11:DF:06:8A:99:B6
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ix2q65tvo79b2VM9SJoR3waKmbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.18.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:21:ba:35:d4:63:6a:66:b2:c7:dc:7e:67:eb:7a:94:10:f9:
         03:ed:69:0c:a4:d0:e0:06:77:b7:ab:d5:53:5a:e7:ae:e7:c9:
         bb:a9:9c:e4:d2:1c:2c:aa:c9:9d:e3:a4:06:59:56:5d:6b:19:
         dc:a1:26:bb:ef:df:0f:fd:c6:74:73:0a:24:92:27:d9:c9:d5:
         e6:d3:25:13:1b:49:21:63:72:1b:48:2a:38:66:e9:17:7d:0e:
         78:d8:c0:d9:3f:02:98:0c:70:4b:09:11:ef:16:18:32:38:35:
         5a:3a:e1:ef:84:d8:f4:79:96:fe:95:3a:17:04:3e:a6:50:ab:
         d9:4e:03:c5:50:d2:b7:d0:90:ef:9e:f9:28:77:c4:d7:c5:89:
         fa:0c:d8:1d:01:4e:18:70:7a:16:b1:2b:79:77:d8:fd:95:29:
         e3:8c:c3:c6:74:18:56:eb:e5:45:f3:5b:11:51:d3:f2:be:59:
         c9:87:e2:b5:ec:95:0f:d6:cd:04:59:e5:25:82:1f:da:af:75:
         73:6e:39:2e:8f:48:75:77:34:76:02:77:83:b7:07:b5:70:cd:
         3c:8f:0d:a2:fe:09:5d:db:34:53:62:cf:c8:18:c3:af:00:11:
         06:44:ba:05:fa:c7:b2:37:7e:5d:37:bb:6f:66:54:1e:74:50:
         da:d7:19:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FVEQdlwDXQZixcOhLYuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwMTAyMTQyMTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjFkYWFlYjliNmZhM2JmNWJkOTUzM2Q0ODlhMTFkZjA2OGE5OWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX6anS4fDMP7TevxI5ZTKmnyhfm8
jDByeyYlyUJtsXJBqbPj3zEkamf9udnUINgqSI7lW8d3EhV98RBkG2ZVwRfrCFFa
GqTXQoSIQcQLQQtZZlwaU9L8xmaKaQwla744osQjXDHnL8qNMouPBt7SPshSlOz/
vCRDGUyG8D6jL4juWIAvqtLtLKgiMDFwP55bK8ur7H8QCHhwn4Jzt/JSEWBqv5nu
O2s8kriSAvSYpbj85/t7FcNyACoGgqZ116Vdr4W8GvsoqZY+xfa82erfJh+KzvXZ
Ak1Mvaj+D05syAYvv47/gXQ/UbsJjCVs7UPfTowuRfpZfRb6Z8tBdMShXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsdquubb6O/W9lTPUiaEd8Gipm2MB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvaXgycTY1dHZvNzliMlZNOVNKb1Izd2FLbWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhLgMA0G
CSqGSIb3DQEBCwUAA4IBAQAEIbo11GNqZrLH3H5n63qUEPkD7WkMpNDgBne3q9VT
Wueu58m7qZzk0hwsqsmd46QGWVZdaxncoSa7798P/cZ0cwokkifZydXm0yUTG0kh
Y3IbSCo4ZukXfQ542MDZPwKYDHBLCRHvFhgyODVaOuHvhNj0eZb+lToXBD6mUKvZ
TgPFUNK30JDvnvkod8TXxYn6DNgdAU4YcHoWsSt5d9j9lSnjjMPGdBhW6+VF81sR
UdPyvlnJh+K17JUP1s0EWeUlgh/ar3Vzbjkuj0h1dzR2AneDtwe1cM08jw2i/gld
2zRTYs/IGMOvABEGRLoF+seyN35dN7tvZlQedFDa1xmB
-----END CERTIFICATE-----