This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/tXhbIuVpYeE_jd1CU4lv2cgwfnw.roa
File:                     tXhbIuVpYeE_jd1CU4lv2cgwfnw.roa (raw, json)
Hash identifier:          lxyF6ei0/QTcu7Po0gkCzFazsZNHVkwJorFWOFgBWYI=
Subject key identifier:   B5:78:5B:22:E5:69:61:E1:3F:8D:DD:42:53:89:6F:D9:C8:30:7E:7C
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       019B797F08FF5F818A30AFB2B8F651E4228E
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/tXhbIuVpYeE_jd1CU4lv2cgwfnw.roa
Signing time:             Thu 01 Jan 2026 12:18:46 +0000
ROA not before:           Thu 01 Jan 2026 12:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204723
IP address blocks:        213.83.5.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:08:ff:5f:81:8a:30:af:b2:b8:f6:51:e4:22:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  1 12:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5785b22e56961e13f8ddd4253896fd9c8307e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0f:25:05:9d:51:0d:91:30:7c:2f:ce:95:31:
                    91:d2:36:bc:8f:ff:91:ea:79:9c:bd:95:6e:92:b9:
                    15:33:eb:8d:b6:24:58:eb:38:b1:59:c3:3e:90:1d:
                    39:93:f7:17:fe:4e:8d:c6:1a:c9:36:55:6b:2c:84:
                    3f:25:b2:f9:9f:9f:ee:9c:e0:b9:f8:0c:0e:34:f4:
                    e0:bb:42:85:96:f5:2e:c1:4d:23:1f:96:0d:c1:4a:
                    52:cc:89:69:3d:ad:6e:90:17:79:88:12:c7:3f:93:
                    f7:cf:5d:c4:d1:41:19:5b:43:23:f4:c1:18:dd:41:
                    c5:d5:47:f4:8d:b0:18:ef:39:48:23:95:8c:55:1c:
                    dc:27:de:0a:50:f7:42:03:2b:a9:1a:3b:92:71:8f:
                    2d:05:a4:32:0b:f5:71:2f:67:2c:e4:82:34:f9:b2:
                    62:0d:6f:64:24:2f:72:49:e6:3d:15:1d:fe:62:f7:
                    9a:cd:88:02:e9:26:a2:17:52:a1:4f:46:53:e0:f7:
                    bb:cb:44:fd:ff:48:32:36:1b:fb:a5:3b:e3:18:60:
                    d7:d0:85:db:0e:90:6a:c3:9f:60:46:67:21:ba:dd:
                    c4:a4:cd:a2:91:d2:18:06:b5:58:0a:61:31:1d:62:
                    7c:d7:75:48:3b:8a:8c:b7:1f:4e:1d:c0:05:2c:e8:
                    56:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:78:5B:22:E5:69:61:E1:3F:8D:DD:42:53:89:6F:D9:C8:30:7E:7C
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/tXhbIuVpYeE_jd1CU4lv2cgwfnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.83.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:05:0f:e3:90:a6:b7:1b:84:32:08:a8:f6:01:ee:a4:d6:cc:
         49:79:ba:56:11:cf:bb:31:e0:d0:84:5c:89:54:bb:4d:b6:f7:
         97:db:4f:31:7c:cc:2b:da:1e:13:ca:80:25:f2:fd:3f:83:0d:
         1a:61:82:73:db:d6:a4:2b:7a:8d:a0:e8:0c:a5:fb:63:10:5a:
         55:da:c4:58:2a:5d:1b:27:3a:aa:d6:b6:e8:af:fe:eb:88:1e:
         aa:b0:37:22:58:4c:cd:f9:e1:5b:83:a0:a6:d9:1f:6b:01:29:
         2c:17:7a:5b:23:50:81:fe:32:75:83:8f:59:60:33:93:26:84:
         73:58:0d:38:1e:3a:3f:b6:ff:cc:ad:04:0c:6f:0d:bd:3f:19:
         20:4e:df:80:49:0f:b8:18:93:30:24:52:aa:ba:61:ec:20:f6:
         c6:98:17:04:60:c6:33:cd:e4:16:31:52:62:2c:b1:79:6e:34:
         65:8f:ef:2d:32:9a:53:70:c5:83:67:a6:55:2e:1d:3c:df:a8:
         3b:4a:3c:18:64:a0:dc:9b:10:32:8e:e8:41:b0:71:57:79:46:
         bd:ef:e5:4b:a3:a4:2c:5b:53:10:bb:f8:49:79:e4:5c:d3:18:
         36:98:5e:03:e3:f8:81:48:6e:4f:5a:4f:2e:2b:ce:83:68:ff:
         11:01:b5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwj/X4GKMK+yuPZR5CKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjYwMTAxMTIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc4NWIyMmU1Njk2MWUxM2Y4ZGRkNDI1Mzg5NmZkOWM4MzA3ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw8lBZ1RDZEwfC/OlTGR0ja8j/+R
6nmcvZVukrkVM+uNtiRY6zixWcM+kB05k/cX/k6NxhrJNlVrLIQ/JbL5n5/unOC5
+AwONPTgu0KFlvUuwU0jH5YNwUpSzIlpPa1ukBd5iBLHP5P3z13E0UEZW0Mj9MEY
3UHF1Uf0jbAY7zlII5WMVRzcJ94KUPdCAyupGjuScY8tBaQyC/VxL2cs5II0+bJi
DW9kJC9ySeY9FR3+YveazYgC6SaiF1KhT0ZT4Pe7y0T9/0gyNhv7pTvjGGDX0IXb
DpBqw59gRmchut3EpM2ikdIYBrVYCmExHWJ813VIO4qMtx9OHcAFLOhWFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV4WyLlaWHhP43dQlOJb9nIMH58MB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvdFhoYkl1VnBZZUVfamQxQ1U0bHYyY2d3Zm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VMFMA0G
CSqGSIb3DQEBCwUAA4IBAQAcBQ/jkKa3G4QyCKj2Ae6k1sxJebpWEc+7MeDQhFyJ
VLtNtveX208xfMwr2h4TyoAl8v0/gw0aYYJz29akK3qNoOgMpftjEFpV2sRYKl0b
Jzqq1rbor/7riB6qsDciWEzN+eFbg6Cm2R9rASksF3pbI1CB/jJ1g49ZYDOTJoRz
WA04Hjo/tv/MrQQMbw29PxkgTt+ASQ+4GJMwJFKqumHsIPbGmBcEYMYzzeQWMVJi
LLF5bjRlj+8tMppTcMWDZ6ZVLh0836g7SjwYZKDcmxAyjuhBsHFXeUa97+VLo6Qs
W1MQu/hJeeRc0xg2mF4D4/iBSG5PWk8uK86DaP8RAbWY
-----END CERTIFICATE-----