This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1rHgFnuXqZ646k0lxHTx0ilSE4E.roa
File:                     1rHgFnuXqZ646k0lxHTx0ilSE4E.roa (raw, json)
Hash identifier:          Ab2e2WNhm+i35sLX0uYVu/7wrYK5sHW59AcXcUoS27A=
Subject key identifier:   D6:B1:E0:16:7B:97:A9:9E:B8:EA:4D:25:C4:74:F1:D2:29:52:13:81
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019AFF8138806BD5C0A1F362E133727E8A76
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1rHgFnuXqZ646k0lxHTx0ilSE4E.roa
Signing time:             Mon 08 Dec 2025 19:47:29 +0000
ROA not before:           Mon 08 Dec 2025 19:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200195
IP address blocks:        193.233.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ff:81:38:80:6b:d5:c0:a1:f3:62:e1:33:72:7e:8a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Dec  8 19:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6b1e0167b97a99eb8ea4d25c474f1d229521381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:15:c6:91:9c:eb:1a:89:be:e3:f5:60:20:
                    04:1c:06:8a:9b:08:f4:05:85:63:00:76:34:05:33:
                    f3:ae:f8:c2:e9:3e:00:11:78:14:92:48:c9:df:ae:
                    b9:66:42:e9:00:a5:cb:df:37:1e:ea:a2:93:ac:83:
                    e5:a2:78:72:c8:0c:ef:a8:bb:ab:ea:45:0a:18:70:
                    0c:cb:ae:d7:8d:84:74:77:96:6d:64:dd:dd:7d:d4:
                    fe:03:e4:2c:69:b9:e2:48:56:6a:5e:30:b1:66:1e:
                    e7:6e:e7:93:b8:e4:e1:85:8b:f4:14:47:59:a4:33:
                    9f:a5:2e:00:6c:13:ad:65:24:88:aa:e6:65:63:9c:
                    3b:cc:e1:85:ba:54:e3:91:18:36:0d:56:9c:e6:ff:
                    81:08:57:00:bf:da:40:db:d7:70:52:a2:8b:7c:c0:
                    13:13:04:4f:74:ae:e2:6d:ef:4e:df:1f:c1:9a:6d:
                    af:6f:94:9f:d3:84:bd:b1:16:04:52:36:96:af:be:
                    e7:a4:d2:e0:85:17:66:f0:c3:e5:14:71:ce:b2:76:
                    5e:0c:b9:b9:c4:e0:ed:72:1c:af:96:1d:e4:85:4d:
                    2f:7b:6d:4b:dc:b5:03:48:58:81:67:02:30:23:38:
                    81:04:4b:91:25:56:e4:e9:10:25:6c:83:fc:18:30:
                    cd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B1:E0:16:7B:97:A9:9E:B8:EA:4D:25:C4:74:F1:D2:29:52:13:81
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1rHgFnuXqZ646k0lxHTx0ilSE4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:72:50:f6:e3:e7:23:bd:b6:de:3d:8c:67:46:77:51:04:32:
         7d:f0:ec:0b:3c:9a:cc:f4:1b:28:7f:97:3f:5b:68:97:ab:34:
         b1:9e:30:28:ea:17:60:5b:4f:a9:f2:95:b7:bc:b3:03:a0:17:
         e1:80:ac:3c:b1:bb:ca:58:07:ca:7c:9b:86:07:97:0b:45:2e:
         8c:a2:c1:67:d2:aa:4c:a2:f5:58:ab:30:3b:36:a5:cf:56:5b:
         31:e6:2e:de:d4:19:af:6c:77:d0:9f:1f:c1:9b:9e:c5:41:c6:
         a1:4f:f7:a9:28:67:f0:fc:76:3c:4f:aa:ae:46:8b:0d:00:32:
         64:7a:ae:a8:13:40:6c:69:da:26:00:55:31:20:27:7d:bb:8a:
         e4:25:e9:60:ba:b0:03:c4:66:1d:f5:a5:80:9f:89:46:42:43:
         8d:c9:48:12:7a:e8:ff:e3:55:62:29:16:d8:71:17:84:0f:ec:
         5d:b2:6a:6b:3d:9d:2d:e1:13:24:90:e0:bd:2a:f5:54:b5:bd:
         30:54:70:7d:09:32:f7:0a:97:12:e5:36:24:80:67:b5:3f:8e:
         88:e3:9f:3a:c7:67:04:12:12:11:eb:f4:2d:ed:ec:d1:59:13:
         93:41:00:94:c4:6a:9b:1b:7f:41:db:13:a0:96:76:50:5a:af:
         97:d5:37:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZr/gTiAa9XAofNi4TNyfop2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMjA4MTk0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmIxZTAxNjdiOTdhOTllYjhlYTRkMjVjNDc0ZjFkMjI5NTIxMzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH4VxpGc6xqJvuP1YCAEHAaKmwj0
BYVjAHY0BTPzrvjC6T4AEXgUkkjJ3665ZkLpAKXL3zce6qKTrIPlonhyyAzvqLur
6kUKGHAMy67XjYR0d5ZtZN3dfdT+A+QsabniSFZqXjCxZh7nbueTuOThhYv0FEdZ
pDOfpS4AbBOtZSSIquZlY5w7zOGFulTjkRg2DVac5v+BCFcAv9pA29dwUqKLfMAT
EwRPdK7ibe9O3x/Bmm2vb5Sf04S9sRYEUjaWr77npNLghRdm8MPlFHHOsnZeDLm5
xODtchyvlh3khU0ve21L3LUDSFiBZwIwIziBBEuRJVbk6RAlbIP8GDDNkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNax4BZ7l6meuOpNJcR08dIpUhOBMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMXJIZ0ZudVhxWjY0NmswbHhIVHgwaWxTRTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemHMA0G
CSqGSIb3DQEBCwUAA4IBAQAZclD24+cjvbbePYxnRndRBDJ98OwLPJrM9Bsof5c/
W2iXqzSxnjAo6hdgW0+p8pW3vLMDoBfhgKw8sbvKWAfKfJuGB5cLRS6MosFn0qpM
ovVYqzA7NqXPVlsx5i7e1BmvbHfQnx/Bm57FQcahT/epKGfw/HY8T6quRosNADJk
eq6oE0BsadomAFUxICd9u4rkJelgurADxGYd9aWAn4lGQkONyUgSeuj/41ViKRbY
cReED+xdsmprPZ0t4RMkkOC9KvVUtb0wVHB9CTL3CpcS5TYkgGe1P46I4586x2cE
EhIR6/Qt7ezRWROTQQCUxGqbG39B2xOglnZQWq+X1TeC
-----END CERTIFICATE-----