This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/21Yf12X5Xts3sbdn2jGlU_TfEv4.roa
File:                     21Yf12X5Xts3sbdn2jGlU_TfEv4.roa (raw, json)
Hash identifier:          Uc+vkMAdsrzPjHQ3cBJ8s1GbQwnyrG3dngRrn0NPypc=
Subject key identifier:   DB:56:1F:D7:65:F9:5E:DB:37:B1:B7:67:DA:31:A5:53:F4:DF:12:FE
Certificate issuer:       /CN=a8a251140114c8fd8ad5fb45b7189aba7bc5048f
Certificate serial:       019B77C72F0E4B459F199942B04D42E7DD10
Authority key identifier: A8:A2:51:14:01:14:C8:FD:8A:D5:FB:45:B7:18:9A:BA:7B:C5:04:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/21Yf12X5Xts3sbdn2jGlU_TfEv4.roa
Signing time:             Thu 01 Jan 2026 04:18:20 +0000
ROA not before:           Thu 01 Jan 2026 04:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198567
IP address blocks:        194.153.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:2f:0e:4b:45:9f:19:99:42:b0:4d:42:e7:dd:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8a251140114c8fd8ad5fb45b7189aba7bc5048f
        Validity
            Not Before: Jan  1 04:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db561fd765f95edb37b1b767da31a553f4df12fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4a:39:70:e6:37:10:a2:2f:10:83:d7:fb:62:
                    25:37:ad:a4:01:66:0b:c1:99:da:30:01:74:aa:05:
                    6f:e4:0d:50:b0:f9:92:5d:26:17:74:ea:87:85:f4:
                    9c:08:ba:14:8c:cd:8d:34:81:4f:eb:56:dc:84:04:
                    77:7d:fa:60:e3:c0:85:46:83:4a:03:4a:6f:2f:06:
                    b2:11:b9:cf:91:89:20:4d:7e:15:b8:f4:58:ee:3f:
                    62:17:e0:c7:0d:08:a4:e4:41:24:b1:3b:99:c3:fb:
                    1b:a4:d9:0a:24:87:a9:a9:94:af:80:7a:41:80:bb:
                    a0:4e:1f:c7:5b:1b:69:0a:06:de:96:7f:08:18:ce:
                    f7:ad:22:62:22:58:cd:21:49:d5:66:ac:7b:73:43:
                    69:1c:b3:f4:e7:7d:e6:65:6c:46:bd:d9:fe:96:1d:
                    03:1e:c5:fb:98:22:85:d7:ad:d7:b0:8a:f8:7d:57:
                    0a:06:03:b0:32:0c:50:cf:1a:71:a1:1f:89:12:74:
                    c3:50:28:30:a3:70:52:63:e1:e9:aa:2c:50:6f:2e:
                    a6:c0:dd:a9:74:fd:02:57:4a:41:3a:e5:10:d2:a4:
                    ec:d3:07:1b:4c:81:1a:3e:2f:e8:7b:e5:4e:88:ec:
                    f5:1d:b9:ee:9a:1b:8b:bc:4a:3b:b5:61:27:1a:51:
                    5b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:56:1F:D7:65:F9:5E:DB:37:B1:B7:67:DA:31:A5:53:F4:DF:12:FE
            X509v3 Authority Key Identifier:
                keyid:A8:A2:51:14:01:14:C8:FD:8A:D5:FB:45:B7:18:9A:BA:7B:C5:04:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qKJRFAEUyP2K1ftFtxiaunvFBI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/21Yf12X5Xts3sbdn2jGlU_TfEv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ee4a56-d5c9-4652-9cf1-f09462c12da4/1/qKJRFAEUyP2K1ftFtxiaunvFBI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a1:7f:2b:5c:22:ab:03:b6:97:b0:05:fb:0e:a7:41:7c:be:
         6a:79:f6:62:10:22:e5:65:da:ee:32:9b:0f:23:8d:c0:34:32:
         b6:da:7f:a7:c6:88:3b:5a:e3:e4:06:1d:7d:84:8f:62:d4:61:
         92:95:9d:8c:a5:30:46:6d:c7:19:bd:df:ec:1b:13:f1:d7:85:
         72:4d:fd:39:a4:63:b8:63:12:a8:41:32:5f:02:2a:bb:6c:23:
         fe:c5:3a:dc:64:8c:73:54:24:da:78:88:1c:42:85:08:f0:61:
         06:9d:c0:7f:b1:69:1d:b6:33:36:f8:d0:7d:37:4d:39:4d:92:
         05:81:dd:1f:ad:3c:b2:13:8c:eb:46:a1:61:9c:fd:22:35:72:
         79:74:91:16:80:8e:63:70:05:09:f3:9c:79:2a:cd:44:cd:f6:
         82:a5:10:db:97:11:f7:82:9a:75:4f:22:c9:9e:6b:13:0c:bb:
         6d:9d:0b:f8:eb:1d:ee:ed:0f:13:90:82:6b:8a:59:c4:75:5a:
         aa:d1:01:02:d8:11:e7:29:27:c4:af:22:a4:72:d1:69:0e:ab:
         4f:a9:7c:a2:57:82:71:61:da:7d:e6:f2:7f:7e:63:b4:3d:77:
         13:79:e0:d2:f7:fd:93:59:18:5e:0c:7f:78:fe:19:9a:6a:dd:
         61:d4:00:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xy8OS0WfGZlCsE1C590QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YTI1MTE0MDExNGM4ZmQ4YWQ1ZmI0NWI3MTg5YWJhN2Jj
NTA0OGYwHhcNMjYwMTAxMDQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU2MWZkNzY1Zjk1ZWRiMzdiMWI3NjdkYTMxYTU1M2Y0ZGYxMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUo5cOY3EKIvEIPX+2IlN62kAWYL
wZnaMAF0qgVv5A1QsPmSXSYXdOqHhfScCLoUjM2NNIFP61bchAR3ffpg48CFRoNK
A0pvLwayEbnPkYkgTX4VuPRY7j9iF+DHDQik5EEksTuZw/sbpNkKJIepqZSvgHpB
gLugTh/HWxtpCgbeln8IGM73rSJiIljNIUnVZqx7c0NpHLP0533mZWxGvdn+lh0D
HsX7mCKF163XsIr4fVcKBgOwMgxQzxpxoR+JEnTDUCgwo3BSY+HpqixQby6mwN2p
dP0CV0pBOuUQ0qTs0wcbTIEaPi/oe+VOiOz1HbnumhuLvEo7tWEnGlFb1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtWH9dl+V7bN7G3Z9oxpVP03xL+MB8GA1UdIwQY
MBaAFKiiURQBFMj9itX7RbcYmrp7xQSPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUtKUkZBRVV5UDJLMWZ0RnR4aWF1bnZGQkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lZTRhNTYtZDVjOS00NjUyLTljZjEt
ZjA5NDYyYzEyZGE0LzEvMjFZZjEyWDVYdHMzc2JkbjJqR2xVX1RmRXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lZTRhNTYtZDVjOS00NjUyLTljZjEtZjA5NDYyYzEyZGE0
LzEvcUtKUkZBRVV5UDJLMWZ0RnR4aWF1bnZGQkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpm4MA0G
CSqGSIb3DQEBCwUAA4IBAQBAoX8rXCKrA7aXsAX7DqdBfL5qefZiECLlZdruMpsP
I43ANDK22n+nxog7WuPkBh19hI9i1GGSlZ2MpTBGbccZvd/sGxPx14VyTf05pGO4
YxKoQTJfAiq7bCP+xTrcZIxzVCTaeIgcQoUI8GEGncB/sWkdtjM2+NB9N005TZIF
gd0frTyyE4zrRqFhnP0iNXJ5dJEWgI5jcAUJ85x5Ks1EzfaCpRDblxH3gpp1TyLJ
nmsTDLttnQv46x3u7Q8TkIJrilnEdVqq0QEC2BHnKSfEryKkctFpDqtPqXyiV4Jx
Ydp95vJ/fmO0PXcTeeDS9/2TWRheDH94/hmaat1h1ABd
-----END CERTIFICATE-----