This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/dNqWn8LLbtUjse_iEIk0LyE_w9U.roa
File:                     dNqWn8LLbtUjse_iEIk0LyE_w9U.roa (raw, json)
Hash identifier:          pyT41frLnr8b4Y4mOhVh340WexYxDekl72v7q/1e+g4=
Subject key identifier:   74:DA:96:9F:C2:CB:6E:D5:23:B1:EF:E2:10:89:34:2F:21:3F:C3:D5
Certificate issuer:       /CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
Certificate serial:       019B78A35558630659BB39C3AD54CF389168
Authority key identifier: A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/dNqWn8LLbtUjse_iEIk0LyE_w9U.roa
Signing time:             Thu 01 Jan 2026 08:18:48 +0000
ROA not before:           Thu 01 Jan 2026 08:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147293
IP address blocks:        146.19.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:55:58:63:06:59:bb:39:c3:ad:54:cf:38:91:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0df7f5b6618bda23c83bed11b442041f1fb456d
        Validity
            Not Before: Jan  1 08:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74da969fc2cb6ed523b1efe21089342f213fc3d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:22:34:39:fb:a0:de:6e:01:9a:d7:df:84:a3:
                    4d:62:22:c1:9b:27:26:9f:dd:56:d2:c5:5d:55:00:
                    41:15:e9:fe:84:aa:e7:92:65:be:4e:9c:fc:21:10:
                    02:b7:2a:35:9b:f0:4e:89:7e:92:48:1a:67:66:a0:
                    ef:65:d1:3e:04:59:6b:9e:bd:77:5c:27:57:d7:f2:
                    25:4b:f9:41:d5:bf:34:17:f9:20:73:a6:00:38:85:
                    d8:0a:d1:fb:a8:0e:d5:4f:23:78:34:d1:74:ce:f8:
                    db:cd:e5:32:9f:70:39:10:43:54:84:16:e4:86:b8:
                    46:41:bf:cb:1d:93:4b:87:b7:85:b1:83:80:c7:b9:
                    14:5a:06:93:19:66:6c:79:a2:6e:0b:ae:b4:66:5e:
                    57:1f:57:c7:d4:46:17:e1:e5:82:07:b0:68:45:ce:
                    4a:d5:de:f9:29:46:59:7a:f1:11:d2:30:84:77:92:
                    c2:e1:64:4d:98:74:7b:70:7c:5a:6b:90:bb:8b:ea:
                    4d:f2:6c:ce:57:da:ad:1a:31:18:2d:98:e7:ae:a3:
                    08:7a:93:ec:ee:25:1b:35:29:14:54:a3:6e:df:c6:
                    be:c5:eb:11:2d:fd:41:c1:41:43:4c:04:1d:69:1c:
                    d6:14:b0:5f:80:a3:59:0a:bc:34:3c:d4:9f:49:be:
                    a5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DA:96:9F:C2:CB:6E:D5:23:B1:EF:E2:10:89:34:2F:21:3F:C3:D5
            X509v3 Authority Key Identifier:
                keyid:A0:DF:7F:5B:66:18:BD:A2:3C:83:BE:D1:1B:44:20:41:F1:FB:45:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oN9_W2YYvaI8g77RG0QgQfH7RW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/dNqWn8LLbtUjse_iEIk0LyE_w9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a5728b-a36d-4fba-93aa-5f4bc900c03d/1/oN9_W2YYvaI8g77RG0QgQfH7RW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:b4:e6:f3:ef:32:8c:46:64:f9:3d:26:58:20:46:82:b7:70:
         41:5b:77:55:df:ea:be:23:ea:b6:70:72:0b:41:fe:d8:b3:98:
         1c:f9:1a:ec:ed:3e:47:bd:de:22:3e:fb:c6:a4:f4:5d:d7:65:
         96:69:67:ce:1b:c7:26:ac:4e:2c:79:85:37:f7:f3:1a:9c:a3:
         0a:80:a0:19:d6:13:3c:20:bd:29:d4:93:cf:f0:b4:f7:ab:47:
         ac:70:2b:2f:02:8c:76:80:3b:00:9c:a8:92:ab:8c:a0:d7:9c:
         3d:14:bc:17:81:5b:d2:f3:91:f6:36:fe:0c:e2:3c:2c:3e:cb:
         c6:27:fc:41:2e:26:a4:9c:c0:03:a5:38:c9:0f:c3:f4:1f:42:
         55:98:cb:7d:e2:ad:96:6b:b9:7a:5c:a0:e4:cf:68:4a:6c:d8:
         4a:67:41:f6:7a:72:f0:0d:d4:0b:7d:ad:9f:da:bd:3a:54:a5:
         42:c6:33:88:df:62:8d:0d:1e:e5:10:cc:ab:86:e7:c1:1a:ea:
         4f:af:dd:25:1c:81:8b:3e:dd:ce:74:4d:af:47:13:42:24:5d:
         49:48:28:e9:81:01:b0:ba:d2:03:29:4c:67:8e:89:2b:bd:74:
         80:10:b8:95:ed:a6:c5:8f:b1:38:2e:b9:13:87:fe:4e:f3:dc:
         b3:34:87:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o1VYYwZZuznDrVTPOJFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGY3ZjViNjYxOGJkYTIzYzgzYmVkMTFiNDQyMDQxZjFm
YjQ1NmQwHhcNMjYwMTAxMDgxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRhOTY5ZmMyY2I2ZWQ1MjNiMWVmZTIxMDg5MzQyZjIxM2ZjM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSI0Ofug3m4BmtffhKNNYiLBmycm
n91W0sVdVQBBFen+hKrnkmW+Tpz8IRACtyo1m/BOiX6SSBpnZqDvZdE+BFlrnr13
XCdX1/IlS/lB1b80F/kgc6YAOIXYCtH7qA7VTyN4NNF0zvjbzeUyn3A5EENUhBbk
hrhGQb/LHZNLh7eFsYOAx7kUWgaTGWZseaJuC660Zl5XH1fH1EYX4eWCB7BoRc5K
1d75KUZZevER0jCEd5LC4WRNmHR7cHxaa5C7i+pN8mzOV9qtGjEYLZjnrqMIepPs
7iUbNSkUVKNu38a+xesRLf1BwUFDTAQdaRzWFLBfgKNZCrw0PNSfSb6l8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTalp/Cy27VI7Hv4hCJNC8hP8PVMB8GA1UdIwQY
MBaAFKDff1tmGL2iPIO+0RtEIEHx+0VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEt
NWY0YmM5MDBjMDNkLzEvZE5xV244TExidFVqc2VfaUVJazBMeUVfdzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hNTcyOGItYTM2ZC00ZmJhLTkzYWEtNWY0YmM5MDBjMDNk
LzEvb045X1cyWVl2YUk4Zzc3UkcwUWdRZkg3UlcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOuMA0G
CSqGSIb3DQEBCwUAA4IBAQCvtObz7zKMRmT5PSZYIEaCt3BBW3dV3+q+I+q2cHIL
Qf7Ys5gc+Rrs7T5Hvd4iPvvGpPRd12WWaWfOG8cmrE4seYU39/ManKMKgKAZ1hM8
IL0p1JPP8LT3q0escCsvAox2gDsAnKiSq4yg15w9FLwXgVvS85H2Nv4M4jwsPsvG
J/xBLiaknMADpTjJD8P0H0JVmMt94q2Wa7l6XKDkz2hKbNhKZ0H2enLwDdQLfa2f
2r06VKVCxjOI32KNDR7lEMyrhufBGupPr90lHIGLPt3OdE2vRxNCJF1JSCjpgQGw
utIDKUxnjokrvXSAELiV7abFj7E4LrkTh/5O89yzNIc6
-----END CERTIFICATE-----