This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/eHFFve7oB3P4jI8nEd4tmbXombs.roa
File:                     eHFFve7oB3P4jI8nEd4tmbXombs.roa (raw, json)
Hash identifier:          2jkRmBwjqx2G1TPqQBkiFukmoNh6yKO3uMYlkbOFlyk=
Subject key identifier:   78:71:45:BD:EE:E8:07:73:F8:8C:8F:27:11:DE:2D:99:B5:E8:99:BB
Certificate issuer:       /CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
Certificate serial:       019B7B355D211CF6B3FE2633DF6757AA5BC8
Authority key identifier: 88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/eHFFve7oB3P4jI8nEd4tmbXombs.roa
Signing time:             Thu 01 Jan 2026 20:17:33 +0000
ROA not before:           Thu 01 Jan 2026 20:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29208
IP address blocks:        194.145.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:5d:21:1c:f6:b3:fe:26:33:df:67:57:aa:5b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ff4ee623d8fab73c901d0cbdc93a321e9ccfb7
        Validity
            Not Before: Jan  1 20:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=787145bdeee80773f88c8f2711de2d99b5e899bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6a:0d:d8:37:c4:ef:a5:ee:1e:6d:58:58:16:
                    19:14:8f:d4:cb:34:19:42:81:bd:e0:2f:c8:2d:29:
                    fd:8a:ac:d1:5f:5d:d5:7d:b0:5a:9d:15:5c:19:f6:
                    ac:7e:44:c5:81:40:46:0c:57:de:32:c2:c9:dd:55:
                    11:b6:4d:1b:80:04:3c:29:a4:3d:05:11:85:6d:b4:
                    63:49:0e:6e:4e:96:57:de:a6:4f:70:4e:f9:23:00:
                    6b:dc:b3:02:4c:2b:ee:99:3d:99:a9:3d:78:76:2e:
                    67:cb:8d:47:eb:35:37:30:17:05:1b:24:5f:43:13:
                    43:c5:ee:35:97:57:2a:43:eb:f9:b9:96:fa:fd:7f:
                    37:16:f5:29:93:24:1a:38:29:f5:10:fa:04:da:c5:
                    3d:44:20:bc:48:79:e0:dc:97:ca:73:5b:e7:e7:80:
                    45:0f:bb:ee:59:a8:c1:9f:d5:bd:86:46:88:52:c5:
                    72:f3:75:f9:34:31:be:69:c2:94:ce:e0:e9:0c:30:
                    fb:87:73:f5:3b:d6:cc:61:57:dd:a8:b7:90:ff:37:
                    ab:9e:1e:79:16:36:cd:f1:32:f8:e3:90:96:33:32:
                    dd:85:46:46:75:a0:fd:4e:7e:70:5d:40:a2:33:1c:
                    a1:06:3f:18:80:37:42:75:e1:41:f8:f4:02:73:2a:
                    f3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:71:45:BD:EE:E8:07:73:F8:8C:8F:27:11:DE:2D:99:B5:E8:99:BB
            X509v3 Authority Key Identifier:
                keyid:88:FF:4E:E6:23:D8:FA:B7:3C:90:1D:0C:BD:C9:3A:32:1E:9C:CF:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/eHFFve7oB3P4jI8nEd4tmbXombs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/eaf2e2-1817-40a8-9be8-2507db32c1c4/1/iP9O5iPY-rc8kB0Mvck6Mh6cz7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:c1:72:02:91:d0:9e:d0:2f:ed:3a:78:50:66:68:12:a8:0c:
         46:3e:62:aa:88:8e:ba:d7:16:3b:1c:cc:4d:53:7b:87:1a:e9:
         de:0b:85:26:cd:ed:02:bb:5c:da:8a:ba:93:80:ea:83:04:39:
         69:ca:4b:ab:94:4b:34:6c:dc:a7:21:2a:7d:c8:22:f4:5a:72:
         cc:e4:af:e6:e6:9b:64:3f:2a:0f:3f:29:61:e9:ad:eb:f4:5e:
         94:99:24:f5:15:27:f7:69:81:e8:85:1e:7e:12:b6:bf:ed:01:
         12:88:68:d0:fd:50:d9:0a:26:34:16:e0:56:54:db:28:9a:ff:
         77:b6:9d:8f:4d:91:8e:3d:d9:ac:69:e6:20:68:e2:2a:99:0d:
         42:1d:e7:30:33:ab:b8:82:23:3f:5d:6b:f2:e0:3c:dd:57:15:
         b1:75:46:5a:cc:e1:33:e8:87:6f:69:6a:ee:1b:7b:08:d5:77:
         4a:85:95:25:99:2a:d3:6c:37:fa:b9:59:81:14:b6:ea:4d:ae:
         6b:d0:af:ee:ae:c1:b9:50:a2:da:ba:3a:76:7c:7a:eb:67:cc:
         24:b7:92:7d:6c:a8:21:02:08:77:35:c4:bf:dc:bc:29:d3:72:
         2a:fc:28:71:7c:94:a7:2b:05:2a:9b:74:fb:9c:b6:ed:2c:ff:
         f2:86:cc:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NV0hHPaz/iYz32dXqlvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmY0ZWU2MjNkOGZhYjczYzkwMWQwY2JkYzkzYTMyMWU5
Y2NmYjcwHhcNMjYwMTAxMjAxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODcxNDViZGVlZTgwNzczZjg4YzhmMjcxMWRlMmQ5OWI1ZTg5OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWoN2DfE76XuHm1YWBYZFI/UyzQZ
QoG94C/ILSn9iqzRX13VfbBanRVcGfasfkTFgUBGDFfeMsLJ3VURtk0bgAQ8KaQ9
BRGFbbRjSQ5uTpZX3qZPcE75IwBr3LMCTCvumT2ZqT14di5ny41H6zU3MBcFGyRf
QxNDxe41l1cqQ+v5uZb6/X83FvUpkyQaOCn1EPoE2sU9RCC8SHng3JfKc1vn54BF
D7vuWajBn9W9hkaIUsVy83X5NDG+acKUzuDpDDD7h3P1O9bMYVfdqLeQ/zernh55
FjbN8TL445CWMzLdhUZGdaD9Tn5wXUCiMxyhBj8YgDdCdeFB+PQCcyrzVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhxRb3u6Adz+IyPJxHeLZm16Jm7MB8GA1UdIwQY
MBaAFIj/TuYj2Pq3PJAdDL3JOjIenM+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgt
MjUwN2RiMzJjMWM0LzEvZUhGRnZlN29CM1A0akk4bkVkNHRtYlhvbWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lYWYyZTItMTgxNy00MGE4LTliZTgtMjUwN2RiMzJjMWM0
LzEvaVA5TzVpUFktcmM4a0IwTXZjazZNaDZjejdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGcMA0G
CSqGSIb3DQEBCwUAA4IBAQCbwXICkdCe0C/tOnhQZmgSqAxGPmKqiI661xY7HMxN
U3uHGuneC4Umze0Cu1zairqTgOqDBDlpykurlEs0bNynISp9yCL0WnLM5K/m5ptk
PyoPPylh6a3r9F6UmST1FSf3aYHohR5+Era/7QESiGjQ/VDZCiY0FuBWVNsomv93
tp2PTZGOPdmsaeYgaOIqmQ1CHecwM6u4giM/XWvy4DzdVxWxdUZazOEz6IdvaWru
G3sI1XdKhZUlmSrTbDf6uVmBFLbqTa5r0K/ursG5UKLaujp2fHrrZ8wkt5J9bKgh
Agh3NcS/3Lwp03Iq/ChxfJSnKwUqm3T7nLbtLP/yhszk
-----END CERTIFICATE-----