This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/U8u1b5Pq3pRMcKbM8GicLTeR9Tk.roa
File:                     U8u1b5Pq3pRMcKbM8GicLTeR9Tk.roa (raw, json)
Hash identifier:          R5sho8p6NKUCSWgu2hqUkQHKto75y0jfre83Hes2hwo=
Subject key identifier:   53:CB:B5:6F:93:EA:DE:94:4C:70:A6:CC:F0:68:9C:2D:37:91:F5:39
Certificate issuer:       /CN=021b3ea35edfdd138c15506d74a76022dd37694b
Certificate serial:       019B7BA35DF4A36D87D6FD3020B8C49D0938
Authority key identifier: 02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/U8u1b5Pq3pRMcKbM8GicLTeR9Tk.roa
Signing time:             Thu 01 Jan 2026 22:17:42 +0000
ROA not before:           Thu 01 Jan 2026 22:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203703
IP address blocks:        192.100.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:5d:f4:a3:6d:87:d6:fd:30:20:b8:c4:9d:09:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b3ea35edfdd138c15506d74a76022dd37694b
        Validity
            Not Before: Jan  1 22:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53cbb56f93eade944c70a6ccf0689c2d3791f539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5d:fc:38:3d:16:36:65:5e:14:35:95:07:02:
                    e6:43:c3:87:12:42:7f:3e:96:d3:23:52:7a:80:ee:
                    d6:54:13:4a:c5:e3:28:af:d9:00:9e:59:69:40:44:
                    13:23:28:b8:5d:8c:63:1a:3c:e3:77:8d:5d:e7:f6:
                    bc:2b:be:4c:85:20:0f:38:fa:8c:15:57:be:85:81:
                    8f:9e:52:eb:ce:4d:c6:66:3d:8d:99:f5:a4:60:f1:
                    cf:eb:70:3d:8c:33:44:af:4d:15:e5:92:34:ff:5f:
                    7b:2a:75:9c:c2:09:57:45:ab:cd:18:73:97:7d:35:
                    57:bf:65:3d:3b:7c:81:1e:6a:6e:c5:cf:df:b9:a9:
                    dc:8d:e3:68:b8:99:e3:63:33:60:f6:2f:8b:94:01:
                    c4:76:69:7e:48:40:84:da:92:9c:74:f7:d2:25:78:
                    14:66:57:6b:b0:c7:73:27:be:ed:5e:94:06:c6:c7:
                    c1:31:d6:a9:0a:d1:d6:55:f3:02:a1:10:e4:e6:d1:
                    bb:8a:d4:ac:79:70:bd:76:87:f4:0c:2a:40:84:8b:
                    59:41:93:6a:f1:f2:c3:7f:b9:96:9f:ec:69:e6:26:
                    b1:f3:0c:72:96:c4:61:7e:f9:47:5f:01:60:42:ab:
                    27:a4:52:b7:89:4a:a6:85:fe:18:b2:9d:75:88:95:
                    80:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CB:B5:6F:93:EA:DE:94:4C:70:A6:CC:F0:68:9C:2D:37:91:F5:39
            X509v3 Authority Key Identifier:
                keyid:02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/U8u1b5Pq3pRMcKbM8GicLTeR9Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.100.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:f0:3c:d9:8d:46:c1:4d:83:5e:c6:f6:18:54:48:6d:aa:49:
         5e:35:35:cc:cc:b9:c0:7e:9d:5f:ae:ce:8b:a5:23:76:f1:0f:
         9e:c8:6b:e3:d7:68:88:90:93:d0:e3:cc:28:3a:5a:7a:9c:a7:
         27:10:40:32:08:9f:7c:f3:d3:c4:af:05:e2:fe:36:f3:95:db:
         b2:c1:87:74:56:db:c7:7a:08:e5:dc:1a:b2:eb:de:72:e8:61:
         54:0b:4a:d4:d7:0b:af:29:a9:5d:e5:1d:04:e5:8c:fe:c0:e0:
         63:1b:f0:7e:26:03:f3:54:41:92:df:37:e3:59:bb:99:eb:38:
         de:00:4e:f6:b8:d6:56:48:57:d8:69:0f:09:ee:80:cb:5f:9e:
         50:31:68:8a:38:1b:2a:4f:7b:fd:d1:25:d1:17:fa:16:c9:28:
         0e:fd:a6:7c:e4:c3:84:2d:b0:93:4e:73:30:af:a3:58:57:0f:
         1f:5d:2d:67:f4:c1:38:eb:d5:f3:78:a4:b5:90:a6:10:3c:20:
         94:b6:5f:b8:da:23:c4:21:d5:60:07:0f:71:d8:71:d7:f3:57:
         dd:84:28:4e:7c:aa:3f:1a:5d:64:a7:c6:ca:1b:67:e2:ed:09:
         b8:e1:f5:b9:d5:f6:02:92:82:06:d7:41:dc:9e:ea:eb:89:09:
         d8:81:0a:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o130o22H1v0wILjEnQk4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWIzZWEzNWVkZmRkMTM4YzE1NTA2ZDc0YTc2MDIyZGQz
NzY5NGIwHhcNMjYwMTAxMjIxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NiYjU2ZjkzZWFkZTk0NGM3MGE2Y2NmMDY4OWMyZDM3OTFmNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl38OD0WNmVeFDWVBwLmQ8OHEkJ/
PpbTI1J6gO7WVBNKxeMor9kAnllpQEQTIyi4XYxjGjzjd41d5/a8K75MhSAPOPqM
FVe+hYGPnlLrzk3GZj2NmfWkYPHP63A9jDNEr00V5ZI0/197KnWcwglXRavNGHOX
fTVXv2U9O3yBHmpuxc/fuancjeNouJnjYzNg9i+LlAHEdml+SECE2pKcdPfSJXgU
ZldrsMdzJ77tXpQGxsfBMdapCtHWVfMCoRDk5tG7itSseXC9dof0DCpAhItZQZNq
8fLDf7mWn+xp5iax8wxylsRhfvlHXwFgQqsnpFK3iUqmhf4Ysp11iJWABwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPLtW+T6t6UTHCmzPBonC03kfU5MB8GA1UdIwQY
MBaAFAIbPqNe390TjBVQbXSnYCLdN2lLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAt
YzMyMDRiZGU3NzczLzEvVTh1MWI1UHEzcFJNY0tiTThHaWNMVGVSOVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAtYzMyMDRiZGU3Nzcz
LzEvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwGRgMA0G
CSqGSIb3DQEBCwUAA4IBAQCv8DzZjUbBTYNexvYYVEhtqkleNTXMzLnAfp1frs6L
pSN28Q+eyGvj12iIkJPQ48woOlp6nKcnEEAyCJ9889PErwXi/jbzlduywYd0VtvH
egjl3Bqy695y6GFUC0rU1wuvKald5R0E5Yz+wOBjG/B+JgPzVEGS3zfjWbuZ6zje
AE72uNZWSFfYaQ8J7oDLX55QMWiKOBsqT3v90SXRF/oWySgO/aZ85MOELbCTTnMw
r6NYVw8fXS1n9ME469XzeKS1kKYQPCCUtl+42iPEIdVgBw9x2HHX81fdhChOfKo/
Gl1kp8bKG2fi7Qm44fW51fYCkoIG10HcnurriQnYgQqz
-----END CERTIFICATE-----