This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/IebKw_yiTfK_V4_z25ukLjaMeWQ.roa
File:                     IebKw_yiTfK_V4_z25ukLjaMeWQ.roa (raw, json)
Hash identifier:          MAvIvWJqafppESV+KP67qNLbvZAyKKXSx7PlRQfGNY0=
Subject key identifier:   21:E6:CA:C3:FC:A2:4D:F2:BF:57:8F:F3:DB:9B:A4:2E:36:8C:79:64
Certificate issuer:       /CN=d5f4345a2af6b544cd1b8e78d73ec02b8895546d
Certificate serial:       019B7B35D5016AA55D1C2973A9E49FFE1F6C
Authority key identifier: D5:F4:34:5A:2A:F6:B5:44:CD:1B:8E:78:D7:3E:C0:2B:88:95:54:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fQ0Wir2tUTNG4541z7AK4iVVG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/IebKw_yiTfK_V4_z25ukLjaMeWQ.roa
Signing time:             Thu 01 Jan 2026 20:18:04 +0000
ROA not before:           Thu 01 Jan 2026 20:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31382
IP address blocks:        148.198.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/1fQ0Wir2tUTNG4541z7AK4iVVG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/1fQ0Wir2tUTNG4541z7AK4iVVG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fQ0Wir2tUTNG4541z7AK4iVVG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:d5:01:6a:a5:5d:1c:29:73:a9:e4:9f:fe:1f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f4345a2af6b544cd1b8e78d73ec02b8895546d
        Validity
            Not Before: Jan  1 20:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21e6cac3fca24df2bf578ff3db9ba42e368c7964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5b:78:22:47:8f:d9:0b:f0:41:d9:50:f2:11:
                    1e:02:63:d1:96:de:98:ec:83:70:ec:29:f5:10:39:
                    7b:97:87:99:a4:ed:97:8d:00:ff:b2:36:83:5c:5a:
                    2f:09:ea:f8:d2:c1:83:04:b9:a6:a2:3d:9c:4d:68:
                    73:83:95:c9:28:9b:c4:9c:ca:65:1e:03:2e:81:31:
                    71:9c:03:5a:09:dd:bd:ce:30:fb:51:53:d7:4b:37:
                    32:97:bb:54:6a:bd:26:a1:f5:0e:b9:91:74:5b:01:
                    cf:bc:50:9d:a1:b5:df:d8:6d:48:ba:be:24:d3:76:
                    22:1f:c1:de:63:53:2b:87:e0:79:7a:0c:5c:cd:6d:
                    67:dd:63:50:6b:7b:ef:71:d6:60:9a:20:34:ed:cf:
                    e6:21:e9:ad:a2:98:87:68:a7:cb:1d:28:99:bd:20:
                    46:ab:56:b6:23:5f:a1:95:61:60:c9:4e:1e:3a:cf:
                    7e:21:ff:48:52:e4:92:c8:42:06:cc:8b:a2:bf:3d:
                    83:65:5d:9c:8d:56:42:93:cb:a4:42:ef:64:30:58:
                    bb:f1:4d:c7:9a:37:79:02:c4:a4:b7:77:0e:c3:f2:
                    14:7b:e5:97:9d:3b:d7:a5:3f:7f:11:d7:1c:24:01:
                    86:cd:39:62:2b:5c:e7:56:d0:9c:ca:36:df:71:2e:
                    fe:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E6:CA:C3:FC:A2:4D:F2:BF:57:8F:F3:DB:9B:A4:2E:36:8C:79:64
            X509v3 Authority Key Identifier:
                keyid:D5:F4:34:5A:2A:F6:B5:44:CD:1B:8E:78:D7:3E:C0:2B:88:95:54:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fQ0Wir2tUTNG4541z7AK4iVVG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/IebKw_yiTfK_V4_z25ukLjaMeWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9edf91-3736-4bf9-a38b-25bb9fb19720/1/1fQ0Wir2tUTNG4541z7AK4iVVG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.198.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c9:a9:d7:c0:b8:f5:c2:6e:48:d0:cd:e4:a0:d7:b5:7a:81:84:
         c0:3a:09:1f:37:54:53:79:4e:dc:7a:d3:36:6a:81:ac:4a:b4:
         1d:92:a6:c1:d3:e9:e3:a3:59:98:f3:ef:e9:37:7e:cb:bf:78:
         90:a3:66:ea:8a:41:56:c9:91:b4:53:78:7b:55:6a:04:30:c4:
         12:89:45:82:2d:87:0e:5a:9b:01:2b:15:34:b0:de:7c:79:29:
         53:70:fd:85:4c:fa:d0:af:a1:19:76:2b:7a:1f:2f:b9:04:4f:
         6c:31:36:7a:21:30:af:e4:ce:2c:36:4c:4f:27:52:36:a2:9a:
         95:cd:e0:c4:2b:23:a4:d3:d3:e2:3d:90:ac:18:69:13:de:0a:
         01:b4:a3:5e:8c:c5:25:b8:09:62:ae:60:e2:22:ca:9e:68:0d:
         66:1a:64:3d:6b:50:c8:1a:f2:2a:e2:69:82:d7:9b:98:29:a4:
         4e:74:68:39:d9:26:e1:3b:63:f8:71:5c:06:9a:08:6d:ed:43:
         b6:a2:4f:43:43:b5:1a:e2:13:80:67:17:f7:80:c5:b3:81:83:
         af:f3:0c:45:1e:c7:46:12:1f:d2:c3:95:b0:76:1b:63:1e:3d:
         a8:a3:91:94:c8:35:7a:73:4c:8a:9d:f1:47:43:4d:41:f4:d9:
         65:2b:01:9a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7NdUBaqVdHClzqeSf/h9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjQzNDVhMmFmNmI1NDRjZDFiOGU3OGQ3M2VjMDJiODg5
NTU0NmQwHhcNMjYwMTAxMjAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWU2Y2FjM2ZjYTI0ZGYyYmY1NzhmZjNkYjliYTQyZTM2OGM3OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVt4IkeP2QvwQdlQ8hEeAmPRlt6Y
7INw7Cn1EDl7l4eZpO2XjQD/sjaDXFovCer40sGDBLmmoj2cTWhzg5XJKJvEnMpl
HgMugTFxnANaCd29zjD7UVPXSzcyl7tUar0mofUOuZF0WwHPvFCdobXf2G1Iur4k
03YiH8HeY1Mrh+B5egxczW1n3WNQa3vvcdZgmiA07c/mIemtopiHaKfLHSiZvSBG
q1a2I1+hlWFgyU4eOs9+If9IUuSSyEIGzIuivz2DZV2cjVZCk8ukQu9kMFi78U3H
mjd5AsSkt3cOw/IUe+WXnTvXpT9/EdccJAGGzTliK1znVtCcyjbfcS7+IwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCHmysP8ok3yv1eP89ubpC42jHlkMB8GA1UdIwQY
MBaAFNX0NFoq9rVEzRuOeNc+wCuIlVRtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZRMFdpcjJ0VVRORzQ1NDF6N0FLNGlWVkcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZWRmOTEtMzczNi00YmY5LWEzOGIt
MjViYjlmYjE5NzIwLzEvSWViS3dfeWlUZktfVjRfejI1dWtMamFNZVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZWRmOTEtMzczNi00YmY5LWEzOGItMjViYjlmYjE5NzIw
LzEvMWZRMFdpcjJ0VVRORzQ1NDF6N0FLNGlWVkcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlMYwDQYJ
KoZIhvcNAQELBQADggEBAMmp18C49cJuSNDN5KDXtXqBhMA6CR83VFN5Ttx60zZq
gaxKtB2SpsHT6eOjWZjz7+k3fsu/eJCjZuqKQVbJkbRTeHtVagQwxBKJRYIthw5a
mwErFTSw3nx5KVNw/YVM+tCvoRl2K3ofL7kET2wxNnohMK/kziw2TE8nUjaimpXN
4MQrI6TT0+I9kKwYaRPeCgG0o16MxSW4CWKuYOIiyp5oDWYaZD1rUMga8iriaYLX
m5gppE50aDnZJuE7Y/hxXAaaCG3tQ7aiT0NDtRriE4BnF/eAxbOBg6/zDEUex0YS
H9LDlbB2G2MePaijkZTINXpzTIqd8UdDTUH02WUrAZo=
-----END CERTIFICATE-----