This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cpt5RAgtzGqSe2tQZjdg4D2WA0E.roa
File:                     cpt5RAgtzGqSe2tQZjdg4D2WA0E.roa (raw, json)
Hash identifier:          8jg9MlATBiiFNT9Izoww+SGRXHn9l5TlN9GgD/T3YlI=
Subject key identifier:   72:9B:79:44:08:2D:CC:6A:92:7B:6B:50:66:37:60:E0:3D:96:03:41
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       019B791081587E7BFBA5A6A3EC1969CF24F3
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cpt5RAgtzGqSe2tQZjdg4D2WA0E.roa
Signing time:             Thu 01 Jan 2026 10:18:03 +0000
ROA not before:           Thu 01 Jan 2026 10:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4648
IP address blocks:        195.252.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:81:58:7e:7b:fb:a5:a6:a3:ec:19:69:cf:24:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  1 10:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=729b7944082dcc6a927b6b50663760e03d960341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:32:05:b8:f8:66:d7:fe:bc:10:24:21:be:72:
                    8b:83:2a:f9:40:78:ae:1d:fd:87:d8:97:f3:8b:38:
                    d2:1e:18:e3:a4:07:26:73:ff:2e:24:da:02:d3:1c:
                    4a:68:55:8e:20:9a:6f:f9:b9:f9:22:ea:65:b1:d0:
                    5a:e7:d0:f7:97:fb:04:9b:69:89:9b:57:d9:9a:8b:
                    3c:ec:a3:92:64:86:67:b4:a0:4c:8c:86:21:10:76:
                    82:98:a8:4a:4f:ac:ee:dc:25:9b:c9:55:ca:d3:66:
                    52:18:dc:dc:4e:00:50:79:75:e0:4a:4c:88:03:bb:
                    f3:f1:48:b0:21:3f:53:ad:b8:f2:81:18:69:27:93:
                    f5:29:5a:2b:82:7d:91:72:f0:06:ce:0e:90:3e:c6:
                    e8:1f:2f:f2:f7:88:26:9a:48:ff:74:16:d9:8e:c4:
                    08:90:10:ca:1c:36:11:2c:e9:c3:3b:32:8f:04:05:
                    30:48:f0:88:50:e1:9d:1d:16:fb:de:71:6e:a4:4d:
                    a5:aa:da:62:7c:77:06:f2:10:c7:7c:e1:9d:24:8a:
                    c0:9f:81:7b:94:c6:fa:b4:2c:1f:2e:bf:ff:9e:54:
                    03:4a:29:aa:41:7c:d6:89:05:34:63:23:ea:59:ea:
                    ab:c3:b9:a3:3b:65:33:bd:82:56:5f:b2:00:97:e1:
                    a6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9B:79:44:08:2D:CC:6A:92:7B:6B:50:66:37:60:E0:3D:96:03:41
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/cpt5RAgtzGqSe2tQZjdg4D2WA0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.252.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:58:b0:aa:b0:36:39:94:2f:15:b5:b3:a4:37:23:07:f9:e8:
         3e:7c:d0:d2:c5:d1:f2:ce:60:0c:b9:35:3a:4d:48:c8:24:e0:
         41:42:5b:90:f4:16:9c:7c:68:0b:80:4c:7a:34:d9:ff:f5:5f:
         61:38:1d:5e:4e:5b:8e:d2:a5:2a:ae:fe:c7:b2:6e:e4:82:a2:
         69:e7:ab:1a:5a:b6:18:08:a6:6c:80:a5:c8:4d:49:a7:72:c9:
         34:2b:1c:00:34:e4:a4:01:06:52:50:1e:a5:f5:51:a2:9c:2e:
         1a:eb:c4:5f:89:27:86:00:f9:df:66:2a:3d:68:2d:49:c4:11:
         7b:ab:77:6c:6b:4f:97:d2:d1:09:8e:cd:8d:0d:1d:fb:bb:20:
         ae:f6:59:39:b1:ce:98:db:f7:61:47:b0:76:70:e1:2c:05:a7:
         e6:b9:86:df:02:7b:92:0b:5e:84:93:bd:ee:74:8e:f2:32:e7:
         b7:01:32:de:ab:74:6e:07:0e:9e:8d:0a:7f:52:29:43:36:19:
         3a:65:01:c4:8f:6e:a1:73:59:8f:5b:17:fc:05:27:de:e5:fb:
         da:3f:0c:fe:51:a5:11:9f:10:3e:0f:6e:36:a1:6b:db:fc:2f:
         c6:3a:7b:38:de:bc:00:52:50:57:23:94:a6:17:e0:ce:7b:09:
         45:20:57:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIFYfnv7paaj7BlpzyTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjYwMTAxMTAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjliNzk0NDA4MmRjYzZhOTI3YjZiNTA2NjM3NjBlMDNkOTYwMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTIFuPhm1/68ECQhvnKLgyr5QHiu
Hf2H2JfzizjSHhjjpAcmc/8uJNoC0xxKaFWOIJpv+bn5IuplsdBa59D3l/sEm2mJ
m1fZmos87KOSZIZntKBMjIYhEHaCmKhKT6zu3CWbyVXK02ZSGNzcTgBQeXXgSkyI
A7vz8UiwIT9TrbjygRhpJ5P1KVorgn2RcvAGzg6QPsboHy/y94gmmkj/dBbZjsQI
kBDKHDYRLOnDOzKPBAUwSPCIUOGdHRb73nFupE2lqtpifHcG8hDHfOGdJIrAn4F7
lMb6tCwfLr//nlQDSimqQXzWiQU0YyPqWeqrw7mjO2UzvYJWX7IAl+GmgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKbeUQILcxqkntrUGY3YOA9lgNBMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvY3B0NVJBZ3R6R3FTZTJ0UVpqZGc0RDJXQTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw/yoMA0G
CSqGSIb3DQEBCwUAA4IBAQALWLCqsDY5lC8VtbOkNyMH+eg+fNDSxdHyzmAMuTU6
TUjIJOBBQluQ9BacfGgLgEx6NNn/9V9hOB1eTluO0qUqrv7Hsm7kgqJp56saWrYY
CKZsgKXITUmncsk0KxwANOSkAQZSUB6l9VGinC4a68RfiSeGAPnfZio9aC1JxBF7
q3dsa0+X0tEJjs2NDR37uyCu9lk5sc6Y2/dhR7B2cOEsBafmuYbfAnuSC16Ek73u
dI7yMue3ATLeq3RuBw6ejQp/UilDNhk6ZQHEj26hc1mPWxf8BSfe5fvaPwz+UaUR
nxA+D242oWvb/C/GOns43rwAUlBXI5SmF+DOewlFIFcm
-----END CERTIFICATE-----