This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/SGnXZI2wBGGgOMoFkCn0KEhQOhY.roa
File:                     SGnXZI2wBGGgOMoFkCn0KEhQOhY.roa (raw, json)
Hash identifier:          mbdEWIWJGZgetI2dmxbnmVMbh+ZiM0nKtH+zd0JUeVI=
Subject key identifier:   48:69:D7:64:8D:B0:04:61:A0:38:CA:05:90:29:F4:28:48:50:3A:16
Certificate issuer:       /CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
Certificate serial:       019B77C6C6448936F43D1630FF5988B7FF9B
Authority key identifier: 1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/SGnXZI2wBGGgOMoFkCn0KEhQOhY.roa
Signing time:             Thu 01 Jan 2026 04:17:54 +0000
ROA not before:           Thu 01 Jan 2026 04:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2200
IP address blocks:        164.81.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:c6:44:89:36:f4:3d:16:30:ff:59:88:b7:ff:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
        Validity
            Not Before: Jan  1 04:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4869d7648db00461a038ca059029f42848503a16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2e:22:b9:86:40:03:cd:16:67:ea:81:68:0c:
                    e1:49:33:4b:9a:49:3c:34:26:0d:35:0c:3a:14:a8:
                    b2:f6:ab:22:86:30:ca:63:ed:d7:8f:1f:d6:82:7a:
                    64:08:aa:19:9a:0e:a0:ad:9e:fc:5f:0d:19:90:46:
                    d4:e4:6f:28:1b:28:d4:32:84:14:c0:c6:f4:e2:ae:
                    ce:cd:e3:8d:87:47:f5:1a:cf:f7:c0:d3:7a:5c:b7:
                    21:5a:71:35:b2:19:12:32:c7:17:bd:31:95:ec:a4:
                    b6:ef:62:8f:63:3e:3f:1e:f5:f2:35:68:a8:6e:47:
                    9e:95:01:10:e0:25:7a:51:24:f6:d9:7a:e6:cc:43:
                    99:02:58:b9:62:02:49:c5:a0:5e:ff:1f:72:e4:05:
                    b0:f9:58:68:1f:23:07:9b:be:7f:33:6b:d0:bb:f6:
                    50:ae:98:c7:5c:8b:e8:88:2d:eb:1d:48:6d:55:b1:
                    bd:21:da:54:26:ed:28:bf:97:0b:75:54:bf:86:15:
                    25:3e:ff:28:70:0a:c9:1f:23:2a:f0:85:0e:f6:d7:
                    8a:fd:e1:f4:3e:e0:a1:56:60:9e:c2:29:c0:d3:b9:
                    65:2e:5a:98:b2:e0:76:e0:46:a4:1d:07:ff:7b:c5:
                    e8:cb:d4:a1:1a:8c:89:96:55:64:de:68:87:88:0f:
                    e6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:69:D7:64:8D:B0:04:61:A0:38:CA:05:90:29:F4:28:48:50:3A:16
            X509v3 Authority Key Identifier:
                keyid:1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/SGnXZI2wBGGgOMoFkCn0KEhQOhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:12:17:23:dc:9f:35:ef:7c:10:d1:16:ac:fd:70:bb:fd:7d:
         95:d3:07:04:3c:23:cd:d3:9a:99:5d:21:96:ca:4e:72:79:b6:
         57:9f:e2:ba:72:a9:6a:d6:da:eb:a8:75:bd:83:93:9b:d2:c9:
         b1:bc:3a:1e:29:36:f4:6c:12:75:f8:9d:2d:5d:9b:dd:8b:f1:
         66:b0:be:2a:b4:ef:b8:50:d6:b3:3f:41:c4:1c:b2:1d:86:21:
         c3:cb:7c:4c:e8:f8:99:62:ca:24:66:77:17:61:e6:35:e0:4b:
         2d:9f:84:31:fe:18:e3:26:77:ec:a3:08:38:2a:4f:fb:b8:ce:
         c1:10:34:f9:1d:51:bb:be:49:cb:64:eb:aa:e3:65:c7:dd:65:
         f2:aa:85:91:67:8a:7b:41:c8:b8:32:64:bf:ac:83:80:ef:ec:
         35:bf:11:6d:82:02:38:2d:e9:9a:57:67:81:42:de:ca:66:ab:
         d0:a7:a8:3c:89:39:61:44:92:6b:11:22:2a:20:07:eb:aa:ba:
         1d:48:7a:47:e5:99:90:52:d0:6c:d8:9d:a0:ca:99:27:2e:31:
         29:50:72:4c:c9:c2:99:66:b2:f6:9b:c1:74:69:7b:c4:e5:d5:
         11:5b:3e:fe:0e:68:04:2e:64:d2:da:93:21:ff:b2:23:8a:84:
         29:75:38:8a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt3xsZEiTb0PRYw/1mIt/+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmJmYTQ5ODc3YmM1ZDllNGNmNDQ2OTUwZmQxNDI3OTky
OWY0OWEwHhcNMjYwMTAxMDQxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY5ZDc2NDhkYjAwNDYxYTAzOGNhMDU5MDI5ZjQyODQ4NTAzYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy4iuYZAA80WZ+qBaAzhSTNLmkk8
NCYNNQw6FKiy9qsihjDKY+3Xjx/WgnpkCKoZmg6grZ78Xw0ZkEbU5G8oGyjUMoQU
wMb04q7OzeONh0f1Gs/3wNN6XLchWnE1shkSMscXvTGV7KS272KPYz4/HvXyNWio
bkeelQEQ4CV6UST22XrmzEOZAli5YgJJxaBe/x9y5AWw+VhoHyMHm75/M2vQu/ZQ
rpjHXIvoiC3rHUhtVbG9IdpUJu0ov5cLdVS/hhUlPv8ocArJHyMq8IUO9teK/eH0
PuChVmCewinA07llLlqYsuB24EakHQf/e8Xoy9ShGoyJllVk3miHiA/mVwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEhp12SNsARhoDjKBZAp9ChIUDoWMB8GA1UdIwQY
MBaAFBy7+kmHe8XZ5M9EaVD9FCeZKfSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYt
NDZiZjc2MjYxOGU3LzEvU0duWFpJMndCR0dnT01vRmtDbjBLRWhRT2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYtNDZiZjc2MjYxOGU3
LzEvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMApFEwDQYJ
KoZIhvcNAQELBQADggEBAD4SFyPcnzXvfBDRFqz9cLv9fZXTBwQ8I83TmpldIZbK
TnJ5tlef4rpyqWrW2uuodb2Dk5vSybG8Oh4pNvRsEnX4nS1dm92L8Wawviq077hQ
1rM/QcQcsh2GIcPLfEzo+JliyiRmdxdh5jXgSy2fhDH+GOMmd+yjCDgqT/u4zsEQ
NPkdUbu+Sctk66rjZcfdZfKqhZFnintByLgyZL+sg4Dv7DW/EW2CAjgt6ZpXZ4FC
3spmq9CnqDyJOWFEkmsRIiogB+uquh1IekflmZBS0GzYnaDKmScuMSlQckzJwplm
svabwXRpe8Tl1RFbPv4OaAQuZNLakyH/siOKhCl1OIo=
-----END CERTIFICATE-----