This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/IRpFGeK75W2NCoLOiJ_s8Xp5yew.roa
File:                     IRpFGeK75W2NCoLOiJ_s8Xp5yew.roa (raw, json)
Hash identifier:          BhIo7ljP7ZgEPGbs9sKTB4qik1eSNnRy76SvPdzQrR4=
Subject key identifier:   21:1A:45:19:E2:BB:E5:6D:8D:0A:82:CE:88:9F:EC:F1:7A:79:C9:EC
Certificate issuer:       /CN=b10780df36b5b942f660e403a2fe608a75e4e57d
Certificate serial:       019B7C80CC098AB0A801A9FDEAEFF1697B1E
Authority key identifier: B1:07:80:DF:36:B5:B9:42:F6:60:E4:03:A2:FE:60:8A:75:E4:E5:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sQeA3za1uUL2YOQDov5ginXk5X0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/IRpFGeK75W2NCoLOiJ_s8Xp5yew.roa
Signing time:             Fri 02 Jan 2026 02:19:34 +0000
ROA not before:           Fri 02 Jan 2026 02:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2852
IP address blocks:        192.108.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/sQeA3za1uUL2YOQDov5ginXk5X0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/sQeA3za1uUL2YOQDov5ginXk5X0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sQeA3za1uUL2YOQDov5ginXk5X0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:cc:09:8a:b0:a8:01:a9:fd:ea:ef:f1:69:7b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b10780df36b5b942f660e403a2fe608a75e4e57d
        Validity
            Not Before: Jan  2 02:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=211a4519e2bbe56d8d0a82ce889fecf17a79c9ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9b:2f:f4:65:69:0e:92:cd:27:72:b8:64:89:
                    dc:aa:65:0b:f6:1d:43:12:d2:7c:c4:15:c0:e4:2b:
                    4c:75:c3:59:55:73:fe:77:f3:1c:48:ac:24:78:af:
                    ed:79:19:28:5d:c2:b5:c3:24:92:23:fb:88:92:b9:
                    b6:b3:42:69:27:70:6e:a4:04:64:e7:94:f8:2c:79:
                    eb:6b:ba:6e:a2:7a:99:3d:c4:05:82:00:6d:e8:81:
                    d8:8e:ea:76:f9:59:fd:5e:56:cc:eb:63:d3:6d:89:
                    17:2d:10:48:90:ee:9f:9c:8a:83:de:38:ed:e0:70:
                    ce:03:81:2a:0c:a5:45:09:c6:ca:17:01:06:d8:a3:
                    d1:d6:25:20:c7:55:1d:60:80:ce:c6:bb:62:73:02:
                    ae:97:0f:c5:28:11:5d:15:44:53:3d:2d:48:56:d7:
                    bf:0b:2d:19:d6:4c:cf:e1:71:1c:7f:83:6f:aa:99:
                    01:ff:3f:3b:27:e4:0b:84:4b:1c:1e:01:94:08:51:
                    ce:3a:c2:a2:2b:c8:ff:b3:ae:f7:d4:27:7a:3c:39:
                    51:cb:81:45:03:1a:a6:c4:5f:d8:02:2c:a6:47:37:
                    05:c9:3b:01:52:88:56:00:b8:90:9b:64:04:eb:aa:
                    f0:38:22:71:ab:ce:d8:5b:c4:08:92:0b:a5:ac:38:
                    93:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1A:45:19:E2:BB:E5:6D:8D:0A:82:CE:88:9F:EC:F1:7A:79:C9:EC
            X509v3 Authority Key Identifier:
                keyid:B1:07:80:DF:36:B5:B9:42:F6:60:E4:03:A2:FE:60:8A:75:E4:E5:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQeA3za1uUL2YOQDov5ginXk5X0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/IRpFGeK75W2NCoLOiJ_s8Xp5yew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b56504-ed17-4197-bba0-a0adecfd5fa9/1/sQeA3za1uUL2YOQDov5ginXk5X0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.108.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:98:ed:d8:d5:c9:47:4f:c1:bb:68:8e:ab:25:b5:3b:75:21:
         ac:29:10:11:6f:eb:61:b4:69:46:47:b5:39:24:86:97:6d:8f:
         cd:26:21:06:fd:83:19:b4:9f:f1:ea:42:eb:00:84:0f:20:33:
         15:e0:11:b6:f1:bd:41:57:57:cc:54:38:26:ad:65:f1:e0:8b:
         25:3a:43:da:9a:47:0e:0a:25:8b:cf:6e:39:3d:87:63:b0:fe:
         af:26:65:d4:34:5a:75:37:54:73:5e:b1:28:40:89:aa:71:6c:
         1f:21:fa:78:62:0e:c6:cc:e6:1d:ac:51:12:c7:f3:7e:8f:94:
         a2:ad:cc:0f:f6:3d:77:56:d9:c0:53:ee:84:0d:6f:c7:1f:4e:
         18:ac:63:1e:3b:21:c3:42:29:4f:f1:c7:cb:80:c1:d2:42:95:
         0e:8c:70:68:80:5f:53:d7:58:99:b6:65:3e:ce:10:ae:39:e7:
         69:a1:7c:ff:fb:f3:3c:dd:02:84:d5:81:8d:1e:65:d7:fe:46:
         d7:f3:96:e2:48:a4:57:9f:57:63:ae:23:65:95:06:cb:0c:39:
         c0:a3:26:78:0e:77:bf:38:31:7d:d4:25:de:31:a4:57:6b:a0:
         89:2a:f2:a7:7d:4b:fa:9c:15:e8:58:6d:42:f1:25:11:d9:2b:
         65:04:20:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gMwJirCoAan96u/xaXseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMDc4MGRmMzZiNWI5NDJmNjYwZTQwM2EyZmU2MDhhNzVl
NGU1N2QwHhcNMjYwMTAyMDIxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFhNDUxOWUyYmJlNTZkOGQwYTgyY2U4ODlmZWNmMTdhNzljOWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpsv9GVpDpLNJ3K4ZIncqmUL9h1D
EtJ8xBXA5CtMdcNZVXP+d/McSKwkeK/teRkoXcK1wySSI/uIkrm2s0JpJ3BupARk
55T4LHnra7puonqZPcQFggBt6IHYjup2+Vn9XlbM62PTbYkXLRBIkO6fnIqD3jjt
4HDOA4EqDKVFCcbKFwEG2KPR1iUgx1UdYIDOxrticwKulw/FKBFdFURTPS1IVte/
Cy0Z1kzP4XEcf4NvqpkB/z87J+QLhEscHgGUCFHOOsKiK8j/s6731Cd6PDlRy4FF
AxqmxF/YAiymRzcFyTsBUohWALiQm2QE66rwOCJxq87YW8QIkgulrDiT/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEaRRniu+VtjQqCzoif7PF6ecnsMB8GA1UdIwQY
MBaAFLEHgN82tblC9mDkA6L+YIp15OV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1FlQTN6YTF1VUwyWU9RRG92NWdpblhrNVgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iNTY1MDQtZWQxNy00MTk3LWJiYTAt
YTBhZGVjZmQ1ZmE5LzEvSVJwRkdlSzc1VzJOQ29MT2lKX3M4WHA1eWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iNTY1MDQtZWQxNy00MTk3LWJiYTAtYTBhZGVjZmQ1ZmE5
LzEvc1FlQTN6YTF1VUwyWU9RRG92NWdpblhrNVgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGyAMA0G
CSqGSIb3DQEBCwUAA4IBAQChmO3Y1clHT8G7aI6rJbU7dSGsKRARb+thtGlGR7U5
JIaXbY/NJiEG/YMZtJ/x6kLrAIQPIDMV4BG28b1BV1fMVDgmrWXx4IslOkPamkcO
CiWLz245PYdjsP6vJmXUNFp1N1RzXrEoQImqcWwfIfp4Yg7GzOYdrFESx/N+j5Si
rcwP9j13VtnAU+6EDW/HH04YrGMeOyHDQilP8cfLgMHSQpUOjHBogF9T11iZtmU+
zhCuOedpoXz/+/M83QKE1YGNHmXX/kbX85biSKRXn1djriNllQbLDDnAoyZ4Dne/
ODF91CXeMaRXa6CJKvKnfUv6nBXoWG1C8SUR2StlBCDY
-----END CERTIFICATE-----