This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/1aorfBEtrS5GmOfmJCAhL86Ev9o.roa
File:                     1aorfBEtrS5GmOfmJCAhL86Ev9o.roa (raw, json)
Hash identifier:          nVeN0o0LJkNxID8TEKJoSJ7nvDwzMLsmkaxY6SDeSaE=
Subject key identifier:   D5:AA:2B:7C:11:2D:AD:2E:46:98:E7:E6:24:20:21:2F:CE:84:BF:DA
Certificate issuer:       /CN=1ddc53d1de7a2ef7eb2b90c80915544140042488
Certificate serial:       019B7EA6E3C367638132BF18E3AC7E011A3A
Authority key identifier: 1D:DC:53:D1:DE:7A:2E:F7:EB:2B:90:C8:09:15:54:41:40:04:24:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/1aorfBEtrS5GmOfmJCAhL86Ev9o.roa
Signing time:             Fri 02 Jan 2026 12:20:25 +0000
ROA not before:           Fri 02 Jan 2026 12:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205954
IP address blocks:        130.193.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:e3:c3:67:63:81:32:bf:18:e3:ac:7e:01:1a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ddc53d1de7a2ef7eb2b90c80915544140042488
        Validity
            Not Before: Jan  2 12:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5aa2b7c112dad2e4698e7e62420212fce84bfda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:cc:01:ec:75:cb:5a:58:62:bb:b0:78:dc:ec:
                    84:78:b3:d0:a5:66:21:6e:b6:0f:d0:a2:32:e1:4e:
                    d0:26:84:56:d9:ab:e9:0e:c4:e8:ce:04:38:f8:06:
                    87:fc:86:07:3c:90:f7:62:96:66:3b:7d:4b:37:15:
                    f6:6b:fa:c4:c9:42:85:37:9a:9d:b7:2e:76:d9:ed:
                    e6:d6:db:8d:36:43:f1:e6:12:63:05:36:2b:03:ff:
                    b3:84:7e:2d:4b:93:18:aa:f8:8e:95:bb:24:09:60:
                    d6:51:04:47:e6:e8:d9:b3:a4:8a:eb:52:c9:6f:d6:
                    4b:b3:ee:c5:cc:3b:68:a4:9b:0b:61:8e:f3:c4:b2:
                    9c:72:df:59:f9:54:20:f6:13:e5:34:b9:61:2e:2c:
                    96:83:fa:88:79:53:fd:cb:18:b3:15:cb:aa:f1:31:
                    5b:e1:ca:52:0d:9d:2e:e7:45:42:9b:b8:c3:1b:69:
                    63:4e:03:2f:7f:f6:bd:db:1e:1d:cd:43:24:47:51:
                    c2:87:83:07:4f:cb:ad:46:f4:55:63:77:57:f0:d7:
                    82:ab:2e:60:6b:be:aa:48:0d:1e:c2:03:73:f9:bc:
                    2a:0e:cf:41:fd:f2:c9:25:2e:01:85:ff:ae:a0:67:
                    d8:2b:d2:28:98:10:a1:ef:cf:18:87:f2:eb:cb:0b:
                    25:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AA:2B:7C:11:2D:AD:2E:46:98:E7:E6:24:20:21:2F:CE:84:BF:DA
            X509v3 Authority Key Identifier:
                keyid:1D:DC:53:D1:DE:7A:2E:F7:EB:2B:90:C8:09:15:54:41:40:04:24:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HdxT0d56LvfrK5DICRVUQUAEJIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/1aorfBEtrS5GmOfmJCAhL86Ev9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/557414-d993-4cbf-8181-48671fb7d380/1/HdxT0d56LvfrK5DICRVUQUAEJIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:7a:b6:e3:cf:21:96:5a:25:8c:9e:61:68:62:f6:85:73:92:
         45:05:c1:5d:4d:fd:59:96:7c:ba:62:5c:2c:88:5c:04:73:bb:
         7c:59:80:4d:0c:c9:d7:74:f2:57:87:30:a2:46:52:72:6e:c7:
         03:99:d1:c2:a1:a1:1a:c8:6c:e9:e5:80:ab:a5:d1:d8:42:74:
         2a:12:6a:df:06:06:48:62:cc:f3:6e:8e:ae:3c:a6:08:7b:75:
         dc:e1:27:19:98:48:19:f3:1f:2c:ec:fb:ba:de:39:19:db:7c:
         df:d2:72:39:49:00:69:18:cf:ef:5d:d8:c9:32:0a:d0:86:66:
         b3:b7:76:08:39:20:ae:f9:f7:1b:83:30:50:19:b8:37:d4:ad:
         4a:bb:e1:00:2e:c4:fb:24:6d:aa:aa:eb:3b:b4:a6:de:73:ea:
         c4:81:37:2e:40:db:46:4a:ee:2f:73:25:a9:22:eb:2a:f1:d2:
         92:08:0f:1a:27:63:52:a5:e6:21:a9:57:9c:0c:fd:92:6e:cf:
         8c:66:d8:aa:36:b4:e5:2b:33:4d:9a:63:c7:ff:a4:02:39:06:
         1d:a0:eb:e7:2a:30:a8:70:b5:35:24:8d:67:c3:80:cf:ee:8b:
         eb:41:52:f3:74:f2:8a:4a:8f:b0:18:65:07:fc:24:83:97:70:
         bb:73:6a:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+puPDZ2OBMr8Y46x+ARo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGM1M2QxZGU3YTJlZjdlYjJiOTBjODA5MTU1NDQxNDAw
NDI0ODgwHhcNMjYwMTAyMTIyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWFhMmI3YzExMmRhZDJlNDY5OGU3ZTYyNDIwMjEyZmNlODRiZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlswB7HXLWlhiu7B43OyEeLPQpWYh
brYP0KIy4U7QJoRW2avpDsTozgQ4+AaH/IYHPJD3YpZmO31LNxX2a/rEyUKFN5qd
ty522e3m1tuNNkPx5hJjBTYrA/+zhH4tS5MYqviOlbskCWDWUQRH5ujZs6SK61LJ
b9ZLs+7FzDtopJsLYY7zxLKcct9Z+VQg9hPlNLlhLiyWg/qIeVP9yxizFcuq8TFb
4cpSDZ0u50VCm7jDG2ljTgMvf/a92x4dzUMkR1HCh4MHT8utRvRVY3dX8NeCqy5g
a76qSA0ewgNz+bwqDs9B/fLJJS4Bhf+uoGfYK9IomBCh788Yh/Lrywsl6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWqK3wRLa0uRpjn5iQgIS/OhL/aMB8GA1UdIwQY
MBaAFB3cU9Heei736yuQyAkVVEFABCSIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGR4VDBkNTZMdmZySzVESUNSVlVRVUFFSklnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy81NTc0MTQtZDk5My00Y2JmLTgxODEt
NDg2NzFmYjdkMzgwLzEvMWFvcmZCRXRyUzVHbU9mbUpDQWhMODZFdjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy81NTc0MTQtZDk5My00Y2JmLTgxODEtNDg2NzFmYjdkMzgw
LzEvSGR4VDBkNTZMdmZySzVESUNSVlVRVUFFSklnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsFFMA0G
CSqGSIb3DQEBCwUAA4IBAQAAerbjzyGWWiWMnmFoYvaFc5JFBcFdTf1Zlny6Ylws
iFwEc7t8WYBNDMnXdPJXhzCiRlJybscDmdHCoaEayGzp5YCrpdHYQnQqEmrfBgZI
Yszzbo6uPKYIe3Xc4ScZmEgZ8x8s7Pu63jkZ23zf0nI5SQBpGM/vXdjJMgrQhmaz
t3YIOSCu+fcbgzBQGbg31K1Ku+EALsT7JG2qqus7tKbec+rEgTcuQNtGSu4vcyWp
Iusq8dKSCA8aJ2NSpeYhqVecDP2Sbs+MZtiqNrTlKzNNmmPH/6QCOQYdoOvnKjCo
cLU1JI1nw4DP7ovrQVLzdPKKSo+wGGUH/CSDl3C7c2pB
-----END CERTIFICATE-----