This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Aqh0ndZrmS5tdROJ3Ca1FoTbTdQ.roa
File:                     Aqh0ndZrmS5tdROJ3Ca1FoTbTdQ.roa (raw, json)
Hash identifier:          E2ej1l39B0dD50OS9LfSdh0tE0k8aSuVupeluwOvEMA=
Subject key identifier:   02:A8:74:9D:D6:6B:99:2E:6D:75:13:89:DC:26:B5:16:84:DB:4D:D4
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E382970946AB2374E647225652B0D50
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Aqh0ndZrmS5tdROJ3Ca1FoTbTdQ.roa
Signing time:             Fri 02 Jan 2026 10:19:28 +0000
ROA not before:           Fri 02 Jan 2026 10:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57010
IP address blocks:        37.139.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:29:70:94:6a:b2:37:4e:64:72:25:65:2b:0d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02a8749dd66b992e6d751389dc26b51684db4dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0e:57:21:ed:55:5f:04:ad:91:96:f2:9a:e0:
                    d1:25:77:4d:98:83:41:fc:3f:ae:42:06:34:71:8b:
                    ef:ba:02:b4:6b:5d:e4:83:82:ba:ff:a4:35:98:78:
                    49:9a:73:aa:11:b0:21:d9:14:e0:6e:48:5e:27:ec:
                    82:39:5e:c3:89:af:aa:21:44:46:50:a1:35:0f:cb:
                    b8:80:1c:47:2c:ed:ab:41:45:29:c3:1e:1e:11:4d:
                    97:4b:b4:41:a7:e9:fb:99:7f:53:08:ef:03:37:93:
                    d6:a2:53:9d:a5:cd:e6:c1:6c:67:4f:9c:8f:26:72:
                    57:52:12:3e:a7:71:00:60:ce:bd:cb:16:fb:2e:87:
                    83:9c:68:f9:5f:da:ba:79:c4:81:39:07:f1:92:14:
                    2e:22:5a:9b:7c:82:e2:90:69:c9:61:ff:21:7a:77:
                    3f:ee:3e:fb:4d:5a:57:31:0c:50:d0:ad:df:36:f2:
                    89:c7:2f:48:42:83:e6:57:08:27:58:31:58:bd:33:
                    02:13:75:73:6f:54:56:aa:b9:53:45:7a:e8:18:8a:
                    d8:17:e8:14:8f:d7:19:4a:98:f9:56:b1:a3:bd:42:
                    82:99:19:5c:5e:82:9b:b1:e2:b2:a5:52:ac:63:25:
                    3a:74:4b:d4:f0:d2:96:37:aa:97:cf:70:f0:4e:6f:
                    7a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A8:74:9D:D6:6B:99:2E:6D:75:13:89:DC:26:B5:16:84:DB:4D:D4
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Aqh0ndZrmS5tdROJ3Ca1FoTbTdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:8b:b8:5b:6c:72:bf:c0:4b:4b:cc:aa:9f:60:34:db:ff:dc:
         1d:65:0b:0e:bc:29:dc:8b:0f:fc:12:54:9f:70:3a:14:c6:75:
         ef:6b:56:bc:60:4f:59:fa:cf:8a:bb:78:13:69:0b:04:84:c4:
         24:96:5f:3f:08:79:a8:3e:9e:46:f6:08:b6:02:a1:13:0e:72:
         21:73:c4:dd:94:e3:1e:8e:9e:51:07:cb:79:b9:f0:82:a8:0c:
         b3:ab:0f:de:29:4b:90:7a:66:e1:97:bd:34:2d:ba:93:64:12:
         e2:a8:41:44:80:db:fd:f5:32:68:30:2f:2c:c9:94:e7:67:00:
         92:5b:73:ad:1b:cc:84:dd:6b:23:b7:63:43:b2:41:2f:f8:1d:
         85:7e:4f:e0:26:bd:e7:68:9d:a7:5d:4e:ef:dc:17:77:cd:0a:
         51:21:af:76:08:65:0d:40:20:fe:80:1a:a5:cf:d3:10:9b:7b:
         b6:31:8c:b2:ca:dc:e8:af:49:0d:a5:1b:45:5d:c0:45:fa:e5:
         87:df:16:f5:74:3b:ea:75:be:4f:06:e4:07:99:48:20:ff:ac:
         e2:2b:27:c0:bb:22:04:4f:38:bb:b2:eb:ec:86:fd:64:b3:f6:
         63:1f:b4:7e:46:74:59:9d:ef:45:61:28:6f:bc:83:1d:39:37:
         61:61:5b:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OClwlGqyN05kciVlKw1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE4NzQ5ZGQ2NmI5OTJlNmQ3NTEzODlkYzI2YjUxNjg0ZGI0ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g5XIe1VXwStkZbymuDRJXdNmINB
/D+uQgY0cYvvugK0a13kg4K6/6Q1mHhJmnOqEbAh2RTgbkheJ+yCOV7Dia+qIURG
UKE1D8u4gBxHLO2rQUUpwx4eEU2XS7RBp+n7mX9TCO8DN5PWolOdpc3mwWxnT5yP
JnJXUhI+p3EAYM69yxb7LoeDnGj5X9q6ecSBOQfxkhQuIlqbfILikGnJYf8henc/
7j77TVpXMQxQ0K3fNvKJxy9IQoPmVwgnWDFYvTMCE3Vzb1RWqrlTRXroGIrYF+gU
j9cZSpj5VrGjvUKCmRlcXoKbseKypVKsYyU6dEvU8NKWN6qXz3DwTm96+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKodJ3Wa5kubXUTidwmtRaE203UMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvQXFoMG5kWnJtUzV0ZFJPSjNDYTFGb1RiVGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYsvMA0G
CSqGSIb3DQEBCwUAA4IBAQBVi7hbbHK/wEtLzKqfYDTb/9wdZQsOvCnciw/8ElSf
cDoUxnXva1a8YE9Z+s+Ku3gTaQsEhMQkll8/CHmoPp5G9gi2AqETDnIhc8TdlOMe
jp5RB8t5ufCCqAyzqw/eKUuQembhl700LbqTZBLiqEFEgNv99TJoMC8syZTnZwCS
W3OtG8yE3Wsjt2NDskEv+B2Ffk/gJr3naJ2nXU7v3Bd3zQpRIa92CGUNQCD+gBql
z9MQm3u2MYyyytzor0kNpRtFXcBF+uWH3xb1dDvqdb5PBuQHmUgg/6ziKyfAuyIE
Tzi7suvshv1ks/ZjH7R+RnRZne9FYShvvIMdOTdhYVuP
-----END CERTIFICATE-----