This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/RxH1gaSjLMp0tnHIqiMkmznCeLE.roa
File:                     RxH1gaSjLMp0tnHIqiMkmznCeLE.roa (raw, json)
Hash identifier:          p4krdNmYmG1wZdtq1raA8Nmp1Uo/DFzB3h6x0GajZ1c=
Subject key identifier:   47:11:F5:81:A4:A3:2C:CA:74:B6:71:C8:AA:23:24:9B:39:C2:78:B1
Certificate issuer:       /CN=351353429e72eb286cc18ecbeb8fa71a31c08190
Certificate serial:       019B79112E16FDF328506FDE6B447C5A5C14
Authority key identifier: 35:13:53:42:9E:72:EB:28:6C:C1:8E:CB:EB:8F:A7:1A:31:C0:81:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRNTQp5y6yhswY7L64-nGjHAgZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/RxH1gaSjLMp0tnHIqiMkmznCeLE.roa
Signing time:             Thu 01 Jan 2026 10:18:47 +0000
ROA not before:           Thu 01 Jan 2026 10:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        185.110.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/NRNTQp5y6yhswY7L64-nGjHAgZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/NRNTQp5y6yhswY7L64-nGjHAgZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRNTQp5y6yhswY7L64-nGjHAgZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:2e:16:fd:f3:28:50:6f:de:6b:44:7c:5a:5c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351353429e72eb286cc18ecbeb8fa71a31c08190
        Validity
            Not Before: Jan  1 10:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4711f581a4a32cca74b671c8aa23249b39c278b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e4:d1:8a:3a:59:03:96:d3:ae:03:a4:8d:db:
                    99:e6:40:17:2f:3e:cb:01:78:c0:96:76:3e:66:9e:
                    4d:93:5c:f3:d7:b1:35:16:0a:90:fe:54:1e:6e:b0:
                    55:70:7b:42:4f:7e:82:82:86:82:1b:14:3e:47:b7:
                    c4:88:f1:5f:ac:08:32:93:cc:a4:d4:ec:f4:36:9e:
                    82:bf:67:b6:d5:5c:52:31:bf:00:e6:93:62:2b:75:
                    8f:5a:70:38:82:32:78:f0:5f:ef:27:ff:c1:5f:bd:
                    6d:ef:18:03:37:79:54:ae:7a:b5:71:24:a6:82:db:
                    49:bb:50:02:37:92:55:27:a9:ee:f3:ae:3a:3c:75:
                    b7:a5:6f:49:64:4c:cd:32:a5:a7:88:b3:6f:e6:a3:
                    84:2c:2a:5c:43:35:d7:dc:7d:42:aa:14:1e:f6:a8:
                    df:38:b2:2d:34:d4:bb:c8:df:28:4d:fb:c1:27:29:
                    78:ef:b4:7d:f1:59:b8:ba:15:5b:19:44:1a:22:84:
                    a0:c3:f2:bb:01:f5:06:94:22:76:40:40:15:1a:17:
                    91:83:c6:8d:76:f7:f4:31:9e:dc:b2:f2:dc:42:39:
                    03:42:3c:bf:1b:9d:5e:b9:25:eb:2c:6e:69:da:3a:
                    1e:73:e2:76:a0:dc:a5:db:c6:df:62:f1:d7:c6:2b:
                    f9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:11:F5:81:A4:A3:2C:CA:74:B6:71:C8:AA:23:24:9B:39:C2:78:B1
            X509v3 Authority Key Identifier:
                keyid:35:13:53:42:9E:72:EB:28:6C:C1:8E:CB:EB:8F:A7:1A:31:C0:81:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRNTQp5y6yhswY7L64-nGjHAgZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/RxH1gaSjLMp0tnHIqiMkmznCeLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/6a2302-85c5-4ebc-9641-39369689f27e/1/NRNTQp5y6yhswY7L64-nGjHAgZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:10:d4:10:c5:cd:86:84:dd:a6:79:c2:f3:f1:31:6f:46:12:
         46:00:52:e9:52:01:7e:e0:89:f5:de:31:d2:33:8d:b5:47:97:
         ab:3c:a6:e6:3f:3e:5a:d7:45:e8:51:82:06:d1:70:42:bf:f9:
         be:4d:5e:95:9e:22:aa:b5:06:e5:a5:a9:d2:91:28:f4:ae:3c:
         37:e5:db:a1:c5:d0:67:74:97:05:b4:47:05:f5:bb:d2:a5:5d:
         67:db:31:54:e4:e3:72:8c:ae:7e:59:bc:e9:cf:a8:03:e0:19:
         8d:c9:44:ed:38:cb:74:9a:98:03:fd:71:a1:cb:ff:05:e5:af:
         59:bb:d1:3f:6e:1d:50:92:da:7b:40:37:47:b8:39:98:11:b9:
         0d:2a:88:1d:25:64:f8:51:85:2e:88:00:66:03:0a:e3:a5:d0:
         d2:37:f8:4b:4a:c8:69:1d:8f:e5:87:43:25:65:7f:43:18:24:
         23:53:ee:46:38:49:12:f6:c9:79:74:0b:fc:8f:9d:5e:12:17:
         b5:61:5f:c2:dc:a3:af:2f:c0:38:0c:83:18:f1:ef:b2:cc:43:
         5d:48:33:ff:19:e4:36:1f:15:a2:21:31:03:7d:80:be:82:fd:
         75:a6:ab:00:ff:26:9f:c0:cd:4b:a0:6b:3c:6b:f1:ce:41:c8:
         53:a5:56:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ES4W/fMoUG/ea0R8WlwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTM1MzQyOWU3MmViMjg2Y2MxOGVjYmViOGZhNzFhMzFj
MDgxOTAwHhcNMjYwMTAxMTAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzExZjU4MWE0YTMyY2NhNzRiNjcxYzhhYTIzMjQ5YjM5YzI3OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuTRijpZA5bTrgOkjduZ5kAXLz7L
AXjAlnY+Zp5Nk1zz17E1FgqQ/lQebrBVcHtCT36CgoaCGxQ+R7fEiPFfrAgyk8yk
1Oz0Np6Cv2e21VxSMb8A5pNiK3WPWnA4gjJ48F/vJ//BX71t7xgDN3lUrnq1cSSm
gttJu1ACN5JVJ6nu8646PHW3pW9JZEzNMqWniLNv5qOELCpcQzXX3H1CqhQe9qjf
OLItNNS7yN8oTfvBJyl477R98Vm4uhVbGUQaIoSgw/K7AfUGlCJ2QEAVGheRg8aN
dvf0MZ7csvLcQjkDQjy/G51euSXrLG5p2joec+J2oNyl28bfYvHXxiv5RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcR9YGkoyzKdLZxyKojJJs5wnixMB8GA1UdIwQY
MBaAFDUTU0KecusobMGOy+uPpxoxwIGQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJOVFFwNXk2eWhzd1k3TDY0LW5HakhBZ1pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS82YTIzMDItODVjNS00ZWJjLTk2NDEt
MzkzNjk2ODlmMjdlLzEvUnhIMWdhU2pMTXAwdG5ISXFpTWttem5DZUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS82YTIzMDItODVjNS00ZWJjLTk2NDEtMzkzNjk2ODlmMjdl
LzEvTlJOVFFwNXk2eWhzd1k3TDY0LW5HakhBZ1pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW4cMA0G
CSqGSIb3DQEBCwUAA4IBAQBtENQQxc2GhN2mecLz8TFvRhJGAFLpUgF+4In13jHS
M421R5erPKbmPz5a10XoUYIG0XBCv/m+TV6VniKqtQblpanSkSj0rjw35duhxdBn
dJcFtEcF9bvSpV1n2zFU5ONyjK5+Wbzpz6gD4BmNyUTtOMt0mpgD/XGhy/8F5a9Z
u9E/bh1Qktp7QDdHuDmYEbkNKogdJWT4UYUuiABmAwrjpdDSN/hLSshpHY/lh0Ml
ZX9DGCQjU+5GOEkS9sl5dAv8j51eEhe1YV/C3KOvL8A4DIMY8e+yzENdSDP/GeQ2
HxWiITEDfYC+gv11pqsA/yafwM1LoGs8a/HOQchTpVZ7
-----END CERTIFICATE-----