This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/CVjpP5fbG6FZ2VuiKyMRFNqdUK8.roa
File:                     CVjpP5fbG6FZ2VuiKyMRFNqdUK8.roa (raw, json)
Hash identifier:          pUvsaqMuCpZ883OSrkl0sgOmVBTesmRkdym3KHIgbJc=
Subject key identifier:   09:58:E9:3F:97:DB:1B:A1:59:D9:5B:A2:2B:23:11:14:DA:9D:50:AF
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019B79EC47F31DFE3328CDDFB5BCDAAE6A0D
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/CVjpP5fbG6FZ2VuiKyMRFNqdUK8.roa
Signing time:             Thu 01 Jan 2026 14:18:06 +0000
ROA not before:           Thu 01 Jan 2026 14:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200441
IP address blocks:        185.76.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:47:f3:1d:fe:33:28:cd:df:b5:bc:da:ae:6a:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 14:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0958e93f97db1ba159d95ba22b231114da9d50af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:04:4c:76:ca:29:43:ff:a6:97:12:b3:c9:44:
                    28:23:60:c1:ff:ab:bd:fe:3c:74:97:2a:7d:ef:02:
                    82:29:f9:84:0c:1a:86:d3:c2:0d:97:e5:ea:95:9d:
                    e4:5e:d8:b5:41:33:98:1e:d0:6f:f7:e4:20:6e:5e:
                    ee:e4:64:73:af:70:89:eb:81:25:f7:e3:3f:07:82:
                    84:72:2c:cf:b9:d1:87:32:b5:e3:e1:3d:29:51:c9:
                    df:cf:ee:23:46:6b:19:ee:b0:b6:11:7f:6a:73:50:
                    05:e2:47:05:a9:ac:d0:da:d3:8e:f9:93:74:b0:90:
                    f2:d5:46:1d:6b:3e:17:a2:e6:5d:83:e2:ae:a5:2a:
                    7c:0c:08:06:ea:1b:21:ea:ae:ad:1a:05:45:25:63:
                    5a:75:b0:36:5d:2d:2b:fe:15:81:b0:9f:5c:1b:5c:
                    4a:47:28:7e:68:f8:59:d5:e9:64:25:ac:69:c5:b0:
                    96:b3:f3:70:84:cc:82:c2:4c:e8:28:24:f0:ec:06:
                    71:0d:37:08:c0:ba:32:ae:1f:4f:36:24:73:34:1e:
                    c7:72:8f:ba:43:72:89:a1:9d:1c:67:ee:1c:34:02:
                    fd:17:6e:d3:7b:06:38:49:32:b0:c8:d9:26:60:ef:
                    c6:a5:dc:06:90:8d:eb:b7:2c:98:42:75:86:6c:a1:
                    a4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:58:E9:3F:97:DB:1B:A1:59:D9:5B:A2:2B:23:11:14:DA:9D:50:AF
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/CVjpP5fbG6FZ2VuiKyMRFNqdUK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:55:51:4f:5a:d3:04:ae:46:48:ab:26:b3:0c:d2:94:ab:6c:
         7a:cb:1f:76:a0:af:c1:ac:21:20:bc:61:69:31:b1:15:5d:19:
         89:51:c4:dd:4b:48:bf:77:52:48:20:f2:88:e4:8c:aa:62:d2:
         aa:2c:ae:f8:fa:b4:8a:99:7f:a1:3e:73:e8:d7:ba:ba:94:14:
         3c:76:64:f1:1f:3a:75:62:ce:58:b4:e5:03:89:b0:ec:ea:86:
         31:c9:76:9b:07:df:2f:c3:b7:ff:d2:ef:89:7d:f2:26:c9:c7:
         1e:f0:8b:8e:5c:9e:df:6a:f0:0a:88:4f:b9:f8:ce:48:e3:9e:
         a9:6d:81:c3:f9:66:aa:81:30:9d:d8:25:6a:0b:19:ab:d6:80:
         10:6b:a9:5d:30:46:8e:e4:df:62:31:73:49:3a:f9:bb:b6:c7:
         65:ac:dc:dd:db:5f:80:79:68:2d:53:61:a1:c5:98:71:1a:23:
         68:fe:ff:e4:24:66:c0:44:94:7e:1c:cd:6e:0d:c8:39:b5:17:
         d8:ca:20:d7:e3:ee:30:23:33:f3:15:4a:ac:a9:f4:7b:22:5f:
         7b:c5:70:fd:ce:d3:5d:1c:57:e8:2f:15:4f:57:ee:62:b1:f9:
         11:00:6a:fa:95:40:e5:49:54:5d:a6:0a:00:fe:12:64:a6:4e:
         93:a1:d0:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57EfzHf4zKM3ftbzarmoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjYwMTAxMTQxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTU4ZTkzZjk3ZGIxYmExNTlkOTViYTIyYjIzMTExNGRhOWQ1MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgRMdsopQ/+mlxKzyUQoI2DB/6u9
/jx0lyp97wKCKfmEDBqG08INl+XqlZ3kXti1QTOYHtBv9+Qgbl7u5GRzr3CJ64El
9+M/B4KEcizPudGHMrXj4T0pUcnfz+4jRmsZ7rC2EX9qc1AF4kcFqazQ2tOO+ZN0
sJDy1UYdaz4XouZdg+KupSp8DAgG6hsh6q6tGgVFJWNadbA2XS0r/hWBsJ9cG1xK
Ryh+aPhZ1elkJaxpxbCWs/NwhMyCwkzoKCTw7AZxDTcIwLoyrh9PNiRzNB7Hco+6
Q3KJoZ0cZ+4cNAL9F27TewY4STKwyNkmYO/GpdwGkI3rtyyYQnWGbKGkVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlY6T+X2xuhWdlboisjERTanVCvMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvQ1ZqcFA1ZmJHNkZaMlZ1aUt5TVJGTnFkVUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUxRMA0G
CSqGSIb3DQEBCwUAA4IBAQCmVVFPWtMErkZIqyazDNKUq2x6yx92oK/BrCEgvGFp
MbEVXRmJUcTdS0i/d1JIIPKI5IyqYtKqLK74+rSKmX+hPnPo17q6lBQ8dmTxHzp1
Ys5YtOUDibDs6oYxyXabB98vw7f/0u+JffImycce8IuOXJ7favAKiE+5+M5I456p
bYHD+WaqgTCd2CVqCxmr1oAQa6ldMEaO5N9iMXNJOvm7tsdlrNzd21+AeWgtU2Gh
xZhxGiNo/v/kJGbARJR+HM1uDcg5tRfYyiDX4+4wIzPzFUqsqfR7Il97xXD9ztNd
HFfoLxVPV+5isfkRAGr6lUDlSVRdpgoA/hJkpk6TodCO
-----END CERTIFICATE-----