This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X7f5lb_FqlC3e8K6DNApv_9_rB4.roa
File:                     X7f5lb_FqlC3e8K6DNApv_9_rB4.roa (raw, json)
Hash identifier:          00tS5oI4SK6g92A1nvyuHBFq4K/D5oZmIB2/ZlxYIBQ=
Subject key identifier:   5F:B7:F9:95:BF:C5:AA:50:B7:7B:C2:BA:0C:D0:29:BF:FF:7F:AC:1E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F85427C0A6E7A73349B0EBEDB537DC1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X7f5lb_FqlC3e8K6DNApv_9_rB4.roa
Signing time:             Fri 02 Jan 2026 16:23:18 +0000
ROA not before:           Fri 02 Jan 2026 16:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10010
IP address blocks:        194.87.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:42:7c:0a:6e:7a:73:34:9b:0e:be:db:53:7d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fb7f995bfc5aa50b77bc2ba0cd029bfff7fac1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:34:9a:1d:1e:c3:5f:86:27:0e:de:7c:1c:f9:
                    3d:c3:df:61:ac:80:61:86:07:5a:cd:30:da:dd:27:
                    92:cb:d4:47:92:b9:bd:e8:dd:58:40:cf:aa:f6:b6:
                    42:5b:47:55:dc:59:0b:5d:61:6f:32:84:41:1c:93:
                    66:3e:b1:a6:c1:21:a2:cf:da:50:b8:ba:94:8f:28:
                    0e:bf:02:88:9f:b7:4e:25:a8:b4:28:a6:81:05:c7:
                    ad:9c:8d:6f:81:54:0b:fe:24:7e:ab:8e:f5:84:96:
                    61:2e:16:55:39:8a:e6:c1:35:00:28:06:7e:8e:83:
                    77:48:ac:5a:1d:df:53:cd:e6:e6:18:57:e9:fd:8d:
                    9f:9f:59:ff:4a:33:ea:9f:69:ce:6e:a4:0f:15:bf:
                    a8:16:1b:30:01:d6:5a:4b:f0:84:18:58:76:a2:83:
                    8b:e9:13:fb:57:4d:51:25:7d:fc:95:5c:90:d1:3e:
                    ca:53:ab:af:a3:5d:d0:e7:f7:83:f7:5c:d1:a0:d4:
                    86:44:ee:b9:df:e8:44:36:b6:69:60:8f:87:fa:7f:
                    98:60:a6:81:67:2b:8c:43:fa:a4:02:ba:d9:76:76:
                    b8:2e:af:56:47:f3:3e:b3:ae:d0:10:0d:55:ac:80:
                    57:09:02:0b:ba:20:cc:09:cf:25:98:17:0e:78:f8:
                    da:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B7:F9:95:BF:C5:AA:50:B7:7B:C2:BA:0C:D0:29:BF:FF:7F:AC:1E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X7f5lb_FqlC3e8K6DNApv_9_rB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e3:ff:9a:82:29:0d:74:3d:88:6f:79:9d:cb:15:e4:92:16:
         49:c7:31:45:fc:9d:fd:51:ca:06:d5:92:f6:cd:37:fb:8b:de:
         9b:2f:b7:be:27:9d:0c:20:23:d4:1d:bc:75:ca:76:d1:70:b7:
         65:ee:d9:47:08:7c:c3:98:25:6d:b6:a4:8d:9d:ef:79:12:22:
         ee:3e:0d:02:0e:a0:88:c9:8a:93:bc:4f:73:8e:c4:7f:11:26:
         ba:11:ff:2e:57:e6:eb:55:72:d6:1b:94:bb:11:4d:5c:89:82:
         5d:41:19:46:c3:9b:22:9f:0c:89:1e:c6:1d:d9:bf:02:26:7f:
         84:b7:c8:b0:63:88:ad:a1:b4:ed:bf:d0:7d:c7:03:57:4c:c3:
         b6:cf:cf:90:76:71:e2:3f:f8:0c:3c:df:58:4c:01:09:66:50:
         e3:9a:5f:67:2e:80:31:73:bb:d4:e1:99:17:21:bb:98:a9:51:
         3d:b2:4b:a1:51:f7:1a:96:fd:1f:ea:ad:35:55:bc:d2:24:55:
         a7:1f:66:85:e3:99:dd:fd:ec:25:71:8a:89:a4:8a:1f:d2:c9:
         78:2d:2a:e2:86:e7:45:95:c0:9f:66:cc:60:d5:d2:bf:88:2c:
         2b:05:ae:59:9e:9f:73:8b:84:25:7f:b9:43:fb:4b:03:38:63:
         c7:d3:c0:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUJ8Cm56czSbDr7bU33BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI3Zjk5NWJmYzVhYTUwYjc3YmMyYmEwY2QwMjliZmZmN2ZhYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjSaHR7DX4YnDt58HPk9w99hrIBh
hgdazTDa3SeSy9RHkrm96N1YQM+q9rZCW0dV3FkLXWFvMoRBHJNmPrGmwSGiz9pQ
uLqUjygOvwKIn7dOJai0KKaBBcetnI1vgVQL/iR+q471hJZhLhZVOYrmwTUAKAZ+
joN3SKxaHd9TzebmGFfp/Y2fn1n/SjPqn2nObqQPFb+oFhswAdZaS/CEGFh2ooOL
6RP7V01RJX38lVyQ0T7KU6uvo13Q5/eD91zRoNSGRO653+hENrZpYI+H+n+YYKaB
ZyuMQ/qkArrZdna4Lq9WR/M+s67QEA1VrIBXCQILuiDMCc8lmBcOePjaLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+3+ZW/xapQt3vCugzQKb//f6weMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWDdmNWxiX0ZxbEMzZThLNkROQXB2XzlfckI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfhMA0G
CSqGSIb3DQEBCwUAA4IBAQCR4/+agikNdD2Ib3mdyxXkkhZJxzFF/J39UcoG1ZL2
zTf7i96bL7e+J50MICPUHbx1ynbRcLdl7tlHCHzDmCVttqSNne95EiLuPg0CDqCI
yYqTvE9zjsR/ESa6Ef8uV+brVXLWG5S7EU1ciYJdQRlGw5sinwyJHsYd2b8CJn+E
t8iwY4itobTtv9B9xwNXTMO2z8+QdnHiP/gMPN9YTAEJZlDjml9nLoAxc7vU4ZkX
IbuYqVE9skuhUfcalv0f6q01VbzSJFWnH2aF45nd/ewlcYqJpIof0sl4LSrihudF
lcCfZsxg1dK/iCwrBa5Znp9zi4Qlf7lD+0sDOGPH08CZ
-----END CERTIFICATE-----