This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/wxMlSMWtQ0ndBMMV3tfXfzI4pMo.roa
File:                     wxMlSMWtQ0ndBMMV3tfXfzI4pMo.roa (raw, json)
Hash identifier:          Cum4Di2WX2Vf5OYvq7GxldvC9jsMY0qM5fo7QBzndMk=
Subject key identifier:   C3:13:25:48:C5:AD:43:49:DD:04:C3:15:DE:D7:D7:7F:32:38:A4:CA
Certificate issuer:       /CN=e1cc45e84b078d458adf8d867445c46f8c8d0fae
Certificate serial:       019B76EAFE510449305529EF963EF940CECE
Authority key identifier: E1:CC:45:E8:4B:07:8D:45:8A:DF:8D:86:74:45:C4:6F:8C:8D:0F:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/wxMlSMWtQ0ndBMMV3tfXfzI4pMo.roa
Signing time:             Thu 01 Jan 2026 00:17:50 +0000
ROA not before:           Thu 01 Jan 2026 00:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12297
IP address blocks:        194.1.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:fe:51:04:49:30:55:29:ef:96:3e:f9:40:ce:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cc45e84b078d458adf8d867445c46f8c8d0fae
        Validity
            Not Before: Jan  1 00:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3132548c5ad4349dd04c315ded7d77f3238a4ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3c:3b:88:76:83:ba:ff:27:13:99:fd:fe:42:
                    a0:d9:98:b0:eb:2e:60:44:d4:4e:76:36:a2:53:0d:
                    90:db:ea:ce:d5:4a:b5:a9:6c:97:2a:ea:61:47:c2:
                    7a:31:b8:66:91:dd:4e:2a:32:c9:74:06:7f:8a:cc:
                    3d:c3:d4:0b:32:9f:36:e1:a6:d1:33:1b:82:d2:42:
                    7c:bb:ef:bf:64:0a:b0:f8:b1:10:64:f0:da:31:8c:
                    7c:de:a6:84:9f:38:c6:f0:d7:b2:8f:4c:35:c3:80:
                    2c:10:aa:b9:c1:9a:a1:0e:a8:f7:f1:84:31:f1:eb:
                    ec:b2:b0:3d:3c:67:32:e7:24:6a:b1:26:89:fb:b9:
                    2f:d4:97:44:46:ff:2e:c2:7a:42:8c:e8:80:56:45:
                    2d:4a:90:d1:70:4a:0e:e5:f1:24:0b:3b:7a:96:29:
                    9a:ab:46:2c:46:06:f4:42:04:34:77:f3:c0:49:35:
                    5d:ad:58:4a:c3:8b:c5:72:b4:51:b4:9a:dc:a6:a7:
                    b8:d5:df:35:71:cf:7a:ac:2c:d9:86:5c:18:8b:a8:
                    0e:0f:4b:9d:cf:a5:8f:04:a5:99:77:23:52:4d:c1:
                    bb:b6:fa:2f:ef:cd:fd:8a:0f:75:93:3d:43:08:75:
                    3a:00:da:36:89:f3:a3:03:09:53:22:b9:ae:c4:01:
                    00:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:13:25:48:C5:AD:43:49:DD:04:C3:15:DE:D7:D7:7F:32:38:A4:CA
            X509v3 Authority Key Identifier:
                keyid:E1:CC:45:E8:4B:07:8D:45:8A:DF:8D:86:74:45:C4:6F:8C:8D:0F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4cxF6EsHjUWK342GdEXEb4yND64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/wxMlSMWtQ0ndBMMV3tfXfzI4pMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/08aba8-b756-4492-a7ed-6320c460a3f8/1/4cxF6EsHjUWK342GdEXEb4yND64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:26:77:b8:98:63:61:53:4e:29:48:77:dd:93:bd:42:c2:69:
         d1:28:b9:5c:e3:2c:db:ff:68:75:77:a3:5e:2a:61:f7:42:80:
         c1:22:a5:4d:a4:b3:1c:73:76:ad:d2:fc:27:39:59:1f:15:8f:
         a4:42:28:77:1d:a5:ce:9e:dc:19:a3:d6:1d:7d:d3:fc:b3:ed:
         3f:d3:e6:1a:52:d9:04:bd:90:a8:38:71:8f:b8:09:d0:d8:f6:
         2a:c7:85:a6:29:c8:3b:9d:bf:2f:a4:23:3c:87:fc:ad:e8:ab:
         79:11:02:5d:0c:f5:06:f6:96:38:19:c5:0e:2f:36:87:ab:c8:
         7b:a3:09:a5:a7:cb:55:84:c3:6b:90:07:b2:cf:52:3d:80:cd:
         0c:06:d5:6d:ba:e5:21:0d:44:6e:d7:32:38:59:fb:e9:4a:aa:
         a2:87:32:2c:45:6d:de:9a:eb:01:16:c9:62:15:5e:b5:e1:b2:
         3c:43:8a:ad:65:ec:2f:32:07:ac:b3:8e:a3:77:21:a0:aa:79:
         e4:98:f3:be:4d:d2:c2:67:9a:99:93:a8:2f:93:f5:b5:e2:ae:
         b2:9b:24:82:00:86:e6:76:e6:3b:f9:7c:b1:36:a0:1c:d7:71:
         ef:c4:d1:a5:32:3a:85:82:7c:9f:ba:78:d8:30:4a:88:ae:d7:
         13:91:13:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26v5RBEkwVSnvlj75QM7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2M0NWU4NGIwNzhkNDU4YWRmOGQ4Njc0NDVjNDZmOGM4
ZDBmYWUwHhcNMjYwMTAxMDAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzEzMjU0OGM1YWQ0MzQ5ZGQwNGMzMTVkZWQ3ZDc3ZjMyMzhhNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzw7iHaDuv8nE5n9/kKg2Ziw6y5g
RNROdjaiUw2Q2+rO1Uq1qWyXKuphR8J6Mbhmkd1OKjLJdAZ/isw9w9QLMp824abR
MxuC0kJ8u++/ZAqw+LEQZPDaMYx83qaEnzjG8Neyj0w1w4AsEKq5wZqhDqj38YQx
8evssrA9PGcy5yRqsSaJ+7kv1JdERv8uwnpCjOiAVkUtSpDRcEoO5fEkCzt6lima
q0YsRgb0QgQ0d/PASTVdrVhKw4vFcrRRtJrcpqe41d81cc96rCzZhlwYi6gOD0ud
z6WPBKWZdyNSTcG7tvov7839ig91kz1DCHU6ANo2ifOjAwlTIrmuxAEAMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMTJUjFrUNJ3QTDFd7X138yOKTKMB8GA1UdIwQY
MBaAFOHMRehLB41Fit+NhnRFxG+MjQ+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGN4RjZFc0hqVVdLMzQyR2RFWEViNHlORDY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wOGFiYTgtYjc1Ni00NDkyLWE3ZWQt
NjMyMGM0NjBhM2Y4LzEvd3hNbFNNV3RRMG5kQk1NVjN0Zlhmekk0cE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wOGFiYTgtYjc1Ni00NDkyLWE3ZWQtNjMyMGM0NjBhM2Y4
LzEvNGN4RjZFc0hqVVdLMzQyR2RFWEViNHlORDY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGYMA0G
CSqGSIb3DQEBCwUAA4IBAQAwJne4mGNhU04pSHfdk71CwmnRKLlc4yzb/2h1d6Ne
KmH3QoDBIqVNpLMcc3at0vwnOVkfFY+kQih3HaXOntwZo9YdfdP8s+0/0+YaUtkE
vZCoOHGPuAnQ2PYqx4WmKcg7nb8vpCM8h/yt6Kt5EQJdDPUG9pY4GcUOLzaHq8h7
owmlp8tVhMNrkAeyz1I9gM0MBtVtuuUhDURu1zI4WfvpSqqihzIsRW3emusBFsli
FV614bI8Q4qtZewvMgess46jdyGgqnnkmPO+TdLCZ5qZk6gvk/W14q6ymySCAIbm
duY7+XyxNqAc13HvxNGlMjqFgnyfunjYMEqIrtcTkRPr
-----END CERTIFICATE-----