This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/ge1P3cjgZbH4-jouGp8R37HnnnE.roa
File:                     ge1P3cjgZbH4-jouGp8R37HnnnE.roa (raw, json)
Hash identifier:          hfhuIjJchFi5PyEHA8i3bHdGQduKnEFh2SUQYTcUv+4=
Subject key identifier:   81:ED:4F:DD:C8:E0:65:B1:F8:FA:3A:2E:1A:9F:11:DF:B1:E7:9E:71
Certificate issuer:       /CN=e2e71749f8029253901f71d4641039e90f1a97fa
Certificate serial:       019BE6515E632499F289B98BE2EA0509D104
Authority key identifier: E2:E7:17:49:F8:02:92:53:90:1F:71:D4:64:10:39:E9:0F:1A:97:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ucXSfgCklOQH3HUZBA56Q8al_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/ge1P3cjgZbH4-jouGp8R37HnnnE.roa
Signing time:             Thu 22 Jan 2026 15:27:30 +0000
ROA not before:           Thu 22 Jan 2026 15:27:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15623
IP address blocks:        193.5.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/4ucXSfgCklOQH3HUZBA56Q8al_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/4ucXSfgCklOQH3HUZBA56Q8al_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ucXSfgCklOQH3HUZBA56Q8al_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e6:51:5e:63:24:99:f2:89:b9:8b:e2:ea:05:09:d1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e71749f8029253901f71d4641039e90f1a97fa
        Validity
            Not Before: Jan 22 15:27:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81ed4fddc8e065b1f8fa3a2e1a9f11dfb1e79e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:80:9e:b6:74:45:7c:90:01:68:9b:83:f6:a9:
                    b6:ed:bc:c7:20:a5:1c:5b:58:e9:3e:ce:10:d1:91:
                    b8:9b:17:d5:06:dc:1a:94:71:8a:f7:60:ee:be:44:
                    71:c8:e2:0b:fa:d9:c5:3c:b7:2e:1d:b1:0a:1e:ff:
                    99:4c:e6:39:1e:74:86:37:47:14:b9:0b:b1:b1:8c:
                    d3:66:8c:1e:21:6e:aa:66:ea:a4:e6:c2:2a:bb:f9:
                    7d:70:b8:96:07:c8:4a:6d:f1:3e:66:b8:a9:70:c8:
                    32:56:4d:fe:29:e7:f9:d6:74:5c:99:b2:62:a9:e7:
                    8f:d9:57:fb:91:95:b1:3f:f8:50:42:d3:ee:3c:4f:
                    b2:14:47:3d:c6:2b:6b:c3:64:be:7c:f4:43:c9:7e:
                    6f:2c:23:7a:c9:f2:81:8d:87:38:ec:06:c3:f1:c8:
                    4e:81:9e:56:03:53:7d:3c:35:f9:71:93:67:b4:e2:
                    12:77:86:76:4c:d5:5d:77:de:cb:0b:b6:95:49:b7:
                    fa:41:33:0c:90:fb:8a:fd:db:de:b4:d9:68:00:b7:
                    a8:dc:3e:ca:13:9b:a3:c9:6d:0e:1d:10:e3:77:e2:
                    eb:41:3d:3f:af:b8:82:f1:62:18:83:32:63:27:d4:
                    85:4f:ed:bb:27:15:7d:b3:16:20:14:dd:c6:ba:42:
                    a5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:ED:4F:DD:C8:E0:65:B1:F8:FA:3A:2E:1A:9F:11:DF:B1:E7:9E:71
            X509v3 Authority Key Identifier:
                keyid:E2:E7:17:49:F8:02:92:53:90:1F:71:D4:64:10:39:E9:0F:1A:97:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ucXSfgCklOQH3HUZBA56Q8al_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/ge1P3cjgZbH4-jouGp8R37HnnnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/33104a-a903-4278-bc60-8ad23018a5ad/1/4ucXSfgCklOQH3HUZBA56Q8al_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c9:7d:3d:41:4c:e2:34:18:1a:87:65:7d:c6:02:5e:7d:ba:
         55:be:30:24:23:c4:94:ee:51:e9:ca:18:87:17:c6:dc:99:30:
         4d:15:18:ea:87:48:65:bd:ce:4e:b0:fd:49:01:5a:7f:50:79:
         4f:1a:cc:21:44:d1:4f:d8:b8:e2:07:f3:f9:40:94:44:d4:63:
         b8:40:bb:a2:cc:17:5f:6a:ba:87:5c:a7:5c:b7:6b:05:f2:ce:
         f8:16:4d:d9:a2:72:03:be:00:fe:93:b2:01:50:38:96:b4:a9:
         0a:6a:7a:f1:92:2b:f9:18:7c:4a:7a:d3:65:25:4b:2d:90:0b:
         2b:98:52:75:4b:45:bd:49:5b:ea:20:88:a3:54:23:bd:6e:b9:
         7a:5c:62:c6:fa:f3:67:e7:be:31:62:7e:ae:36:34:18:66:89:
         e8:f6:82:76:df:f4:cc:8b:e4:28:2b:9f:49:ef:8e:21:aa:55:
         41:22:5a:ec:ad:34:2d:e2:91:0f:76:e0:7c:bf:36:e4:23:b4:
         51:d1:79:ce:f5:eb:24:d5:c8:ab:0b:35:b3:68:30:9b:63:2b:
         95:5b:f4:63:47:8a:dd:4d:30:19:b3:60:1f:aa:4b:f1:f4:9a:
         2a:73:73:6d:03:b6:c4:d6:31:98:19:08:8e:3c:eb:79:fa:e0:
         a4:24:6b:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvmUV5jJJnyibmL4uoFCdEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTcxNzQ5ZjgwMjkyNTM5MDFmNzFkNDY0MTAzOWU5MGYx
YTk3ZmEwHhcNMjYwMTIyMTUyNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVkNGZkZGM4ZTA2NWIxZjhmYTNhMmUxYTlmMTFkZmIxZTc5ZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoCetnRFfJABaJuD9qm27bzHIKUc
W1jpPs4Q0ZG4mxfVBtwalHGK92DuvkRxyOIL+tnFPLcuHbEKHv+ZTOY5HnSGN0cU
uQuxsYzTZoweIW6qZuqk5sIqu/l9cLiWB8hKbfE+ZripcMgyVk3+Kef51nRcmbJi
qeeP2Vf7kZWxP/hQQtPuPE+yFEc9xitrw2S+fPRDyX5vLCN6yfKBjYc47AbD8chO
gZ5WA1N9PDX5cZNntOISd4Z2TNVdd97LC7aVSbf6QTMMkPuK/dvetNloALeo3D7K
E5ujyW0OHRDjd+LrQT0/r7iC8WIYgzJjJ9SFT+27JxV9sxYgFN3GukKlnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHtT93I4GWx+Po6LhqfEd+x555xMB8GA1UdIwQY
MBaAFOLnF0n4ApJTkB9x1GQQOekPGpf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVjWFNmZ0NrbE9RSDNIVVpCQTU2UThhbF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8zMzEwNGEtYTkwMy00Mjc4LWJjNjAt
OGFkMjMwMThhNWFkLzEvZ2UxUDNjamdaYkg0LWpvdUdwOFIzN0hubm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8zMzEwNGEtYTkwMy00Mjc4LWJjNjAtOGFkMjMwMThhNWFk
LzEvNHVjWFNmZ0NrbE9RSDNIVVpCQTU2UThhbF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQV7MA0G
CSqGSIb3DQEBCwUAA4IBAQBSyX09QUziNBgah2V9xgJefbpVvjAkI8SU7lHpyhiH
F8bcmTBNFRjqh0hlvc5OsP1JAVp/UHlPGswhRNFP2LjiB/P5QJRE1GO4QLuizBdf
arqHXKdct2sF8s74Fk3ZonIDvgD+k7IBUDiWtKkKanrxkiv5GHxKetNlJUstkAsr
mFJ1S0W9SVvqIIijVCO9brl6XGLG+vNn574xYn6uNjQYZono9oJ23/TMi+QoK59J
744hqlVBIlrsrTQt4pEPduB8vzbkI7RR0XnO9esk1cirCzWzaDCbYyuVW/RjR4rd
TTAZs2Afqkvx9Joqc3NtA7bE1jGYGQiOPOt5+uCkJGuh
-----END CERTIFICATE-----