This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/fzcDp5dV2DmkC-y6ymw-6vDBwsw.roa
File:                     fzcDp5dV2DmkC-y6ymw-6vDBwsw.roa (raw, json)
Hash identifier:          hL9dNMejuEUO9l1d3ry+OzWf9mSOIbCqJfdKn9Mov1Q=
Subject key identifier:   7F:37:03:A7:97:55:D8:39:A4:0B:EC:BA:CA:6C:3E:EA:F0:C1:C2:CC
Certificate issuer:       /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial:       019B7EA5742BE27D54A0B4171265A7EB1418
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/fzcDp5dV2DmkC-y6ymw-6vDBwsw.roa
Signing time:             Fri 02 Jan 2026 12:18:50 +0000
ROA not before:           Fri 02 Jan 2026 12:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204457
IP address blocks:        188.125.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:74:2b:e2:7d:54:a0:b4:17:12:65:a7:eb:14:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
        Validity
            Not Before: Jan  2 12:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f3703a79755d839a40becbaca6c3eeaf0c1c2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b7:c8:89:c4:08:8e:e6:8b:b0:79:f1:67:5f:
                    dd:8c:7b:54:5a:e4:20:52:0c:5f:28:dc:ce:1d:08:
                    1a:ce:5b:8a:49:43:f2:b7:0c:be:3a:d5:ca:f0:d8:
                    fd:0e:f0:42:9a:a9:8c:6e:22:59:07:e4:f9:ab:a6:
                    c3:88:23:bd:0f:5c:9c:f2:db:3f:b5:f9:96:ab:2f:
                    34:d7:7f:88:a4:ef:a4:95:20:a5:91:18:11:74:5e:
                    6e:54:04:6f:77:f0:2a:19:da:73:7b:39:0a:0a:31:
                    46:5c:b7:a1:59:d2:23:99:04:ce:ec:bf:e5:ad:65:
                    84:1d:5e:67:ec:6e:c2:9d:8c:7c:c6:35:e8:0b:e0:
                    0e:b5:23:7e:09:e5:88:d1:f4:35:80:1a:35:56:78:
                    4b:3e:79:84:8f:05:ef:6d:34:98:f3:c6:2b:78:12:
                    2a:0a:83:e1:7d:d3:e6:0e:c0:02:89:bb:65:b6:a9:
                    bc:3d:40:0f:ac:3b:58:76:db:01:2e:ef:a9:f6:92:
                    32:f4:07:da:87:03:05:01:5f:6c:48:2a:2c:1c:18:
                    93:a8:ff:5e:b8:12:00:2a:f2:88:6d:8d:ce:79:cf:
                    92:b7:1f:68:65:4b:6d:ea:92:b5:42:a0:c7:62:f3:
                    44:33:90:78:ee:ea:5b:e9:ec:b9:4c:ab:d4:85:0c:
                    e2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:37:03:A7:97:55:D8:39:A4:0B:EC:BA:CA:6C:3E:EA:F0:C1:C2:CC
            X509v3 Authority Key Identifier:
                keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/fzcDp5dV2DmkC-y6ymw-6vDBwsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:59:d4:4a:43:bf:da:7c:ef:5e:4b:1a:28:1f:50:88:61:a8:
         84:96:d9:11:44:8d:e5:98:68:7e:ac:f3:1a:f5:06:f3:42:21:
         8f:b2:33:7d:bc:f6:cd:57:ca:94:fc:c0:8c:dc:3f:63:3d:cf:
         0c:2f:33:b2:ec:9f:ae:33:6f:dc:b6:46:cf:ce:74:0c:6e:70:
         0f:27:21:69:56:38:92:ce:53:49:68:87:b2:ae:51:26:6a:bf:
         65:20:27:44:43:c8:d8:67:b0:ce:c1:2b:60:83:33:32:04:c7:
         51:26:80:74:de:6e:96:ab:26:fa:9b:8f:0a:4b:ee:6e:b5:5c:
         15:77:89:8c:c2:8b:eb:85:65:e2:5b:31:15:72:42:9a:b8:d3:
         db:22:d2:81:f3:c7:41:f0:36:22:62:0a:56:f5:6a:60:81:ed:
         49:51:d7:de:ca:50:f3:22:dd:56:ba:54:d6:bb:95:d3:40:e4:
         fc:bf:61:d1:3e:b5:1c:dc:30:3d:d0:85:85:45:17:88:3e:f8:
         fa:82:db:ca:d1:78:da:32:77:c4:b5:d3:92:ac:7f:77:49:00:
         02:ad:50:9c:1d:a6:43:5b:a4:85:c6:68:27:aa:ab:c7:17:a0:
         d3:1e:df:53:e5:5d:86:bb:33:7f:78:7e:1f:1e:c6:4f:af:e0:
         ac:5f:aa:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pXQr4n1UoLQXEmWn6xQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjYwMTAyMTIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM3MDNhNzk3NTVkODM5YTQwYmVjYmFjYTZjM2VlYWYwYzFjMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurfIicQIjuaLsHnxZ1/djHtUWuQg
UgxfKNzOHQgazluKSUPytwy+OtXK8Nj9DvBCmqmMbiJZB+T5q6bDiCO9D1yc8ts/
tfmWqy8013+IpO+klSClkRgRdF5uVARvd/AqGdpzezkKCjFGXLehWdIjmQTO7L/l
rWWEHV5n7G7CnYx8xjXoC+AOtSN+CeWI0fQ1gBo1VnhLPnmEjwXvbTSY88YreBIq
CoPhfdPmDsACibtltqm8PUAPrDtYdtsBLu+p9pIy9AfahwMFAV9sSCosHBiTqP9e
uBIAKvKIbY3Oec+Stx9oZUtt6pK1QqDHYvNEM5B47upb6ey5TKvUhQzinwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH83A6eXVdg5pAvsuspsPurwwcLMMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvZnpjRHA1ZFYyRG1rQy15Nnltdy02dkRCd3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2jMA0G
CSqGSIb3DQEBCwUAA4IBAQABWdRKQ7/afO9eSxooH1CIYaiEltkRRI3lmGh+rPMa
9QbzQiGPsjN9vPbNV8qU/MCM3D9jPc8MLzOy7J+uM2/ctkbPznQMbnAPJyFpVjiS
zlNJaIeyrlEmar9lICdEQ8jYZ7DOwStggzMyBMdRJoB03m6Wqyb6m48KS+5utVwV
d4mMwovrhWXiWzEVckKauNPbItKB88dB8DYiYgpW9Wpgge1JUdfeylDzIt1WulTW
u5XTQOT8v2HRPrUc3DA90IWFRReIPvj6gtvK0XjaMnfEtdOSrH93SQACrVCcHaZD
W6SFxmgnqqvHF6DTHt9T5V2GuzN/eH4fHsZPr+CsX6pL
-----END CERTIFICATE-----