This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/Rc1JKlzBWJzMspxz5Sz8_wKGjSQ.roa
File:                     Rc1JKlzBWJzMspxz5Sz8_wKGjSQ.roa (raw, json)
Hash identifier:          YXV2SDD7Lq/HvpspFTkxAD7KLYHXbsXZfXUiY1m7rzI=
Subject key identifier:   45:CD:49:2A:5C:C1:58:9C:CC:B2:9C:73:E5:2C:FC:FF:02:86:8D:24
Certificate issuer:       /CN=3ea554098c7a88aa34264b92d8bf2257ec0bcda4
Certificate serial:       019B797F31A9F420E06693E6D526997C28A6
Authority key identifier: 3E:A5:54:09:8C:7A:88:AA:34:26:4B:92:D8:BF:22:57:EC:0B:CD:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/Rc1JKlzBWJzMspxz5Sz8_wKGjSQ.roa
Signing time:             Thu 01 Jan 2026 12:18:57 +0000
ROA not before:           Thu 01 Jan 2026 12:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60849
IP address blocks:        185.40.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:31:a9:f4:20:e0:66:93:e6:d5:26:99:7c:28:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ea554098c7a88aa34264b92d8bf2257ec0bcda4
        Validity
            Not Before: Jan  1 12:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45cd492a5cc1589cccb29c73e52cfcff02868d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:73:26:f6:95:fa:26:e1:8f:e0:4f:81:a3:d8:
                    6a:ac:88:3c:c5:02:80:01:18:df:10:78:3a:11:a9:
                    47:e7:10:e3:e2:f2:98:d7:c5:ba:ec:a2:cd:45:f7:
                    b6:67:02:a2:82:e2:89:6c:ee:88:6b:e1:28:30:90:
                    2a:15:10:26:18:5a:a2:7d:f0:01:dd:0c:ed:b5:18:
                    ab:ae:b1:e6:65:74:b4:42:18:94:2a:51:2f:60:ac:
                    3d:7d:36:64:d6:fc:a8:09:d4:d2:8e:af:5b:41:91:
                    10:64:ca:c4:0b:3d:97:a0:c8:1f:bd:60:1b:70:18:
                    01:1e:42:12:79:f0:3f:98:9e:7e:52:9d:c1:b9:26:
                    10:d7:f9:d1:86:4f:c7:80:08:d0:5f:d3:8f:55:05:
                    b1:80:53:4e:1d:30:a9:d6:1e:e4:23:af:59:00:5e:
                    c9:1b:89:af:14:d3:04:23:35:bf:26:62:6d:e1:db:
                    9f:bd:d5:78:4b:e2:5b:fe:99:a5:67:0c:d1:36:da:
                    83:11:23:65:ac:2e:e3:b2:63:87:24:3c:1d:f2:82:
                    1e:50:db:d3:69:d5:82:3e:f8:e2:7e:92:88:b3:d8:
                    90:d9:20:8a:9a:88:12:09:87:08:40:ff:46:b9:26:
                    3e:ca:64:df:bf:4b:f8:3e:61:2e:a9:17:1a:db:19:
                    ce:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:CD:49:2A:5C:C1:58:9C:CC:B2:9C:73:E5:2C:FC:FF:02:86:8D:24
            X509v3 Authority Key Identifier:
                keyid:3E:A5:54:09:8C:7A:88:AA:34:26:4B:92:D8:BF:22:57:EC:0B:CD:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/Rc1JKlzBWJzMspxz5Sz8_wKGjSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4767ce-4448-436b-a910-66de9865dbac/1/PqVUCYx6iKo0JkuS2L8iV-wLzaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6f:74:bc:8e:30:3c:db:3b:6f:ca:f7:53:16:a6:fc:6c:d2:
         e4:06:a2:69:ef:15:cb:8e:83:3b:84:b3:91:38:77:85:64:53:
         cb:29:60:a9:5b:71:14:31:8b:a8:7f:fa:c7:b2:fe:bc:1a:05:
         bc:21:3b:c4:a0:8e:d4:18:6c:f4:bf:6d:6b:48:bb:e6:5e:0e:
         fd:1f:1c:be:df:86:ed:98:32:18:c8:90:98:31:65:c9:37:47:
         0b:e9:a6:8a:ea:a5:77:39:31:4b:29:92:45:76:6d:a8:24:0b:
         2b:3e:da:41:60:f8:5a:7f:e4:ea:c1:13:53:e5:eb:05:6e:98:
         bd:c1:1e:93:35:49:73:24:36:49:08:60:5f:9a:b3:86:ea:06:
         84:e4:95:06:62:b0:1d:74:88:b8:d1:6a:c5:0d:49:8a:5c:31:
         5a:39:c0:c5:2d:83:f9:3a:b2:79:61:36:1e:5e:47:aa:be:49:
         8f:a2:df:07:24:bd:38:0e:a2:a1:63:b5:5b:6a:ef:80:25:21:
         41:e6:c2:1a:de:ac:df:08:a6:03:c2:73:4c:6a:83:e6:c1:a7:
         51:9b:10:c2:d2:b1:ee:4e:22:7e:fe:54:6f:87:04:95:6d:41:
         27:f5:e0:80:ee:91:03:c4:a4:4c:3a:27:51:fc:1b:47:de:ba:
         78:a2:d6:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fzGp9CDgZpPm1SaZfCimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYTU1NDA5OGM3YTg4YWEzNDI2NGI5MmQ4YmYyMjU3ZWMw
YmNkYTQwHhcNMjYwMTAxMTIxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWNkNDkyYTVjYzE1ODljY2NiMjljNzNlNTJjZmNmZjAyODY4ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHMm9pX6JuGP4E+Bo9hqrIg8xQKA
ARjfEHg6EalH5xDj4vKY18W67KLNRfe2ZwKiguKJbO6Ia+EoMJAqFRAmGFqiffAB
3QzttRirrrHmZXS0QhiUKlEvYKw9fTZk1vyoCdTSjq9bQZEQZMrECz2XoMgfvWAb
cBgBHkISefA/mJ5+Up3BuSYQ1/nRhk/HgAjQX9OPVQWxgFNOHTCp1h7kI69ZAF7J
G4mvFNMEIzW/JmJt4dufvdV4S+Jb/pmlZwzRNtqDESNlrC7jsmOHJDwd8oIeUNvT
adWCPvjifpKIs9iQ2SCKmogSCYcIQP9GuSY+ymTfv0v4PmEuqRca2xnOtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXNSSpcwViczLKcc+Us/P8Cho0kMB8GA1UdIwQY
MBaAFD6lVAmMeoiqNCZLkti/IlfsC82kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHFWVUNZeDZpS28wSmt1UzJMOGlWLXdMemFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy80NzY3Y2UtNDQ0OC00MzZiLWE5MTAt
NjZkZTk4NjVkYmFjLzEvUmMxSktsekJXSnpNc3B4ejVTejhfd0tHalNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy80NzY3Y2UtNDQ0OC00MzZiLWE5MTAtNjZkZTk4NjVkYmFj
LzEvUHFWVUNZeDZpS28wSmt1UzJMOGlWLXdMemFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSgTMA0G
CSqGSIb3DQEBCwUAA4IBAQAAb3S8jjA82ztvyvdTFqb8bNLkBqJp7xXLjoM7hLOR
OHeFZFPLKWCpW3EUMYuof/rHsv68GgW8ITvEoI7UGGz0v21rSLvmXg79Hxy+34bt
mDIYyJCYMWXJN0cL6aaK6qV3OTFLKZJFdm2oJAsrPtpBYPhaf+TqwRNT5esFbpi9
wR6TNUlzJDZJCGBfmrOG6gaE5JUGYrAddIi40WrFDUmKXDFaOcDFLYP5OrJ5YTYe
XkeqvkmPot8HJL04DqKhY7Vbau+AJSFB5sIa3qzfCKYDwnNMaoPmwadRmxDC0rHu
TiJ+/lRvhwSVbUEn9eCA7pEDxKRMOidR/BtH3rp4otZ6
-----END CERTIFICATE-----