This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/aAFXMbFTINoxMuF0hZtweA-ykGI.roa
File:                     aAFXMbFTINoxMuF0hZtweA-ykGI.roa (raw, json)
Hash identifier:          Al30HWkjRUnkIGeLcIOnmzvSzYnDvHiYrDwOMo4WcF8=
Subject key identifier:   68:01:57:31:B1:53:20:DA:31:32:E1:74:85:9B:70:78:0F:B2:90:62
Certificate issuer:       /CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
Certificate serial:       019B7C8080B35E33967E860C109D0C704929
Authority key identifier: E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/aAFXMbFTINoxMuF0hZtweA-ykGI.roa
Signing time:             Fri 02 Jan 2026 02:19:14 +0000
ROA not before:           Fri 02 Jan 2026 02:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48737
IP address blocks:        193.42.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:80:b3:5e:33:96:7e:86:0c:10:9d:0c:70:49:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
        Validity
            Not Before: Jan  2 02:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68015731b15320da3132e174859b70780fb29062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:12:de:62:57:88:99:f5:28:20:4a:be:f7:c6:
                    91:fc:08:09:6f:b0:2c:f5:f1:fa:7b:cc:be:3d:9b:
                    21:01:46:55:0d:16:25:54:8c:3b:10:72:05:ae:a1:
                    c3:41:85:49:8a:d6:58:e6:c1:28:2d:b8:f4:57:6d:
                    1f:4b:6f:38:b7:d1:a0:4a:53:0b:c1:73:2f:ff:76:
                    73:38:6d:db:f3:40:f4:b1:74:bf:be:04:ab:b2:fa:
                    1e:f5:e0:0e:c4:92:3c:79:4c:b1:b6:cd:35:ee:48:
                    c8:6e:cc:6c:31:58:9d:ab:62:84:69:4d:01:48:bf:
                    c7:06:40:77:3f:c6:c1:7d:d4:a8:d7:ac:a9:ec:92:
                    3c:2b:61:85:ef:a0:f7:0a:0a:b2:54:bf:de:82:ab:
                    08:41:b5:be:99:c3:f9:21:0a:cf:94:e0:c8:68:22:
                    83:02:de:c8:a9:6c:49:ee:dc:60:fe:8d:66:b7:b6:
                    48:8c:4e:71:38:65:5d:92:46:40:cb:f1:0f:df:e5:
                    52:20:de:d9:fb:7e:ea:c0:b6:f2:01:12:f3:7a:d2:
                    1f:33:68:27:eb:6f:20:0b:5a:40:6a:60:92:8b:46:
                    3f:5b:e4:d4:82:11:62:08:9e:aa:97:16:61:65:fe:
                    ed:58:fc:7b:10:5b:c3:93:f7:d1:a3:7f:c8:a7:c3:
                    3f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:01:57:31:B1:53:20:DA:31:32:E1:74:85:9B:70:78:0F:B2:90:62
            X509v3 Authority Key Identifier:
                keyid:E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/aAFXMbFTINoxMuF0hZtweA-ykGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:00:7c:f3:fe:96:1d:8f:61:d2:a1:a8:84:bf:b5:ce:76:43:
         71:3a:55:fa:ef:e9:a9:80:e5:9c:33:bc:ca:a9:4a:07:38:1f:
         d1:45:36:74:0e:79:76:53:75:73:10:9d:96:51:af:1f:40:06:
         4a:0f:d9:93:8a:1b:8d:c2:4c:64:2b:df:a3:fd:b8:20:6f:cd:
         8a:aa:73:e5:e9:f8:3b:08:78:3a:a5:4c:7a:28:28:ac:b3:7f:
         f7:6f:bf:4e:76:02:b9:77:b0:5f:c4:08:d0:61:01:64:97:07:
         92:ed:93:8d:7f:94:a8:16:16:43:8f:9f:e3:90:36:58:28:2e:
         86:ea:8f:3d:da:e7:65:3f:3d:93:0d:e7:51:46:92:17:e9:61:
         60:1f:60:c4:24:ae:f6:67:13:4d:d7:d3:61:1a:9e:9f:88:7f:
         51:4f:0e:c8:33:84:6d:b1:70:38:98:95:d2:0a:9a:0a:a3:f6:
         55:06:98:ed:a6:56:5a:52:c5:80:43:28:ff:ff:74:4c:8b:e4:
         0e:e5:c4:13:20:a3:a2:25:e9:f4:3b:27:29:d0:18:96:df:e3:
         63:65:7e:78:95:ce:fc:05:df:42:33:30:ca:0c:19:a7:06:1b:
         d0:c3:96:4a:f8:0a:f4:65:d2:06:f4:f0:48:65:09:b8:53:8b:
         0a:4d:7b:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gICzXjOWfoYMEJ0McEkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjZlODQ5OWZmZTMxZTFmNmQ2NzgwZDAzMDE3ZTgzNDcz
ZjJkM2MwHhcNMjYwMTAyMDIxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODAxNTczMWIxNTMyMGRhMzEzMmUxNzQ4NTliNzA3ODBmYjI5MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xLeYleImfUoIEq+98aR/AgJb7As
9fH6e8y+PZshAUZVDRYlVIw7EHIFrqHDQYVJitZY5sEoLbj0V20fS284t9GgSlML
wXMv/3ZzOG3b80D0sXS/vgSrsvoe9eAOxJI8eUyxts017kjIbsxsMVidq2KEaU0B
SL/HBkB3P8bBfdSo16yp7JI8K2GF76D3CgqyVL/egqsIQbW+mcP5IQrPlODIaCKD
At7IqWxJ7txg/o1mt7ZIjE5xOGVdkkZAy/EP3+VSIN7Z+37qwLbyARLzetIfM2gn
628gC1pAamCSi0Y/W+TUghFiCJ6qlxZhZf7tWPx7EFvDk/fRo3/Ip8M/qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgBVzGxUyDaMTLhdIWbcHgPspBiMB8GA1UdIwQY
MBaAFOi26Emf/jHh9tZ4DQMBfoNHPy08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMt
NjgxYzRhNWQ1Yjc0LzEvYUFGWE1iRlRJTm94TXVGMGhadHdlQS15a0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMtNjgxYzRhNWQ1Yjc0
LzEvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSpkMA0G
CSqGSIb3DQEBCwUAA4IBAQAfAHzz/pYdj2HSoaiEv7XOdkNxOlX67+mpgOWcM7zK
qUoHOB/RRTZ0Dnl2U3VzEJ2WUa8fQAZKD9mTihuNwkxkK9+j/bggb82KqnPl6fg7
CHg6pUx6KCiss3/3b79OdgK5d7BfxAjQYQFklweS7ZONf5SoFhZDj5/jkDZYKC6G
6o892udlPz2TDedRRpIX6WFgH2DEJK72ZxNN19NhGp6fiH9RTw7IM4RtsXA4mJXS
CpoKo/ZVBpjtplZaUsWAQyj//3RMi+QO5cQTIKOiJen0Oycp0BiW3+NjZX54lc78
Bd9CMzDKDBmnBhvQw5ZK+Ar0ZdIG9PBIZQm4U4sKTXv0
-----END CERTIFICATE-----