This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/flfltgjrEI3oRJnb_nuDGd9ZkEk.roa
File:                     flfltgjrEI3oRJnb_nuDGd9ZkEk.roa (raw, json)
Hash identifier:          mlslQxjQf/JRHAs0saa8uXOWnoSt5OrgJ/0ib+GmN5Y=
Subject key identifier:   7E:57:E5:B6:08:EB:10:8D:E8:44:99:DB:FE:7B:83:19:DF:59:90:49
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019B78348167C405F703966490B41A4D2C4D
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/flfltgjrEI3oRJnb_nuDGd9ZkEk.roa
Signing time:             Thu 01 Jan 2026 06:17:45 +0000
ROA not before:           Thu 01 Jan 2026 06:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203038
IP address blocks:        193.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:81:67:c4:05:f7:03:96:64:90:b4:1a:4d:2c:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  1 06:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e57e5b608eb108de84499dbfe7b8319df599049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:e2:d7:70:81:c3:56:74:6c:9e:11:9c:82:
                    e1:17:08:b7:50:2e:fd:d1:31:ff:e5:89:ca:68:ab:
                    61:6c:32:8f:6b:c0:1e:a2:4d:37:c4:bc:c0:10:35:
                    71:7a:c5:9d:76:e7:a0:47:c9:a6:60:29:c9:d0:ee:
                    04:1c:ba:78:e1:c2:49:ab:26:c6:18:f5:1c:c2:cd:
                    2b:48:7c:25:ba:45:3a:b1:3f:0f:a5:5d:84:0f:ce:
                    61:ee:63:39:a4:5e:4b:3c:ab:7d:64:7a:f4:7a:aa:
                    d1:34:6b:b9:ca:ff:fb:07:dd:00:fe:df:3f:56:a4:
                    6d:a6:8d:d6:4e:de:55:d6:2a:ed:b4:cb:38:fe:fd:
                    d7:cc:b6:07:33:c9:6b:19:fb:dc:34:eb:ee:9a:d7:
                    8c:f1:6c:b8:3f:3e:18:66:0a:0e:e9:55:e4:3e:cd:
                    05:05:53:c3:60:4d:00:92:d8:31:a6:eb:6e:30:fb:
                    66:95:25:b6:20:83:29:34:77:e8:f7:d0:63:31:24:
                    4c:87:2c:34:c1:7d:2e:13:23:41:b2:83:21:7b:82:
                    02:29:7b:0d:2c:7c:17:bd:f4:6c:bf:f7:b6:00:09:
                    0d:66:c4:79:e1:6c:32:66:a6:d6:a1:e0:c2:f2:75:
                    8c:ab:c0:13:7a:e2:a0:e1:b5:72:37:38:bf:e8:eb:
                    dd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:57:E5:B6:08:EB:10:8D:E8:44:99:DB:FE:7B:83:19:DF:59:90:49
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/flfltgjrEI3oRJnb_nuDGd9ZkEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3b:f1:42:4c:73:28:9e:1d:b8:6b:8b:f3:ce:87:c3:9c:09:
         9f:9a:af:cd:6a:fa:31:10:a5:5e:db:cd:f4:43:af:56:7a:c7:
         6d:f8:8f:bc:2f:82:3b:d5:4d:c7:88:fc:84:aa:8a:f8:9a:b7:
         9d:b4:91:be:08:8a:6d:60:80:b0:66:83:22:df:ec:48:c1:7e:
         04:b1:f1:1b:3b:a5:4f:94:be:bb:93:e9:0e:df:cf:8b:3b:61:
         59:ed:3a:0d:00:6f:c4:e3:0d:fc:41:e1:b5:6d:00:35:69:99:
         66:b1:b9:45:43:57:24:35:10:90:39:bb:9d:d6:f4:9c:9c:8f:
         d4:27:7e:32:70:db:95:a2:99:6a:0c:30:5e:3d:6b:c7:aa:23:
         03:8b:1e:ca:a3:ba:f0:60:70:91:9a:08:e7:38:3d:00:8d:6b:
         45:be:06:52:c8:50:97:30:91:e9:8f:6c:1a:d0:7a:29:65:e4:
         5a:83:7c:ca:b2:b7:74:1d:97:58:13:d9:a7:ff:7d:99:5f:00:
         89:52:5b:c8:e6:4b:7b:49:98:2f:ae:05:e1:5b:aa:fd:e2:3d:
         f1:56:96:90:e5:75:8b:90:e6:96:30:67:2a:a4:ab:43:ab:bd:
         b4:cf:4e:9b:ac:cc:8d:36:7d:73:0a:7e:e5:7e:ca:75:39:92:
         ad:d3:1a:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NIFnxAX3A5ZkkLQaTSxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMTAxMDYxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTU3ZTViNjA4ZWIxMDhkZTg0NDk5ZGJmZTdiODMxOWRmNTk5MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmPi13CBw1Z0bJ4RnILhFwi3UC79
0TH/5YnKaKthbDKPa8Aeok03xLzAEDVxesWdduegR8mmYCnJ0O4EHLp44cJJqybG
GPUcws0rSHwlukU6sT8PpV2ED85h7mM5pF5LPKt9ZHr0eqrRNGu5yv/7B90A/t8/
VqRtpo3WTt5V1irttMs4/v3XzLYHM8lrGfvcNOvumteM8Wy4Pz4YZgoO6VXkPs0F
BVPDYE0AktgxputuMPtmlSW2IIMpNHfo99BjMSRMhyw0wX0uEyNBsoMhe4ICKXsN
LHwXvfRsv/e2AAkNZsR54WwyZqbWoeDC8nWMq8ATeuKg4bVyNzi/6OvdOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5X5bYI6xCN6ESZ2/57gxnfWZBJMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZmxmbHRnanJFSTNvUkpuYl9udURHZDlaa0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQCKO/FCTHMonh24a4vzzofDnAmfmq/NavoxEKVe2830
Q69Wesdt+I+8L4I71U3HiPyEqor4mredtJG+CIptYICwZoMi3+xIwX4EsfEbO6VP
lL67k+kO38+LO2FZ7ToNAG/E4w38QeG1bQA1aZlmsblFQ1ckNRCQObud1vScnI/U
J34ycNuVoplqDDBePWvHqiMDix7Ko7rwYHCRmgjnOD0AjWtFvgZSyFCXMJHpj2wa
0HopZeRag3zKsrd0HZdYE9mn/32ZXwCJUlvI5kt7SZgvrgXhW6r94j3xVpaQ5XWL
kOaWMGcqpKtDq720z06brMyNNn1zCn7lfsp1OZKt0xob
-----END CERTIFICATE-----