This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/CuL1FtDvKUET0Va4MczyQRNitSg.roa
File:                     CuL1FtDvKUET0Va4MczyQRNitSg.roa (raw, json)
Hash identifier:          B1PuvgUekTJwx+aEl2KBPhFT8zf9S+xcyLzD5s+DNJ4=
Subject key identifier:   0A:E2:F5:16:D0:EF:29:41:13:D1:56:B8:31:CC:F2:41:13:62:B5:28
Certificate issuer:       /CN=acc48f7a59120588d4170ea2815e6ae51be6bcff
Certificate serial:       019B7EA722F95DBD4CD6FE0461DCFC649CBB
Authority key identifier: AC:C4:8F:7A:59:12:05:88:D4:17:0E:A2:81:5E:6A:E5:1B:E6:BC:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/CuL1FtDvKUET0Va4MczyQRNitSg.roa
Signing time:             Fri 02 Jan 2026 12:20:41 +0000
ROA not before:           Fri 02 Jan 2026 12:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15557
IP address blocks:        193.56.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:22:f9:5d:bd:4c:d6:fe:04:61:dc:fc:64:9c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acc48f7a59120588d4170ea2815e6ae51be6bcff
        Validity
            Not Before: Jan  2 12:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ae2f516d0ef294113d156b831ccf2411362b528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d5:36:f2:02:f7:e0:ef:90:ba:f3:fb:98:8c:
                    f5:d5:c0:29:45:fb:64:0d:21:72:37:eb:f8:46:58:
                    1c:23:ac:dd:d3:58:ea:29:9e:3f:23:0a:45:07:5d:
                    18:df:33:a8:85:b7:ae:3e:d0:ba:16:e2:1d:d3:3e:
                    2f:9f:7e:f6:6a:45:5e:9e:33:15:49:e9:46:17:2a:
                    74:a5:82:60:2c:39:61:a0:0f:fa:f8:67:93:59:0c:
                    80:ba:45:e7:05:df:f2:4f:bc:d5:5a:2d:d2:a9:6a:
                    d0:e6:6a:af:37:5e:ae:2d:72:f1:35:e8:f8:6a:e3:
                    82:80:00:e0:ff:51:4a:66:b1:46:53:25:55:a4:10:
                    51:e1:b2:c9:c9:3f:06:16:10:87:a7:1d:e9:ab:57:
                    13:47:7c:89:ca:85:e8:a5:be:45:ff:f8:02:84:ac:
                    77:e0:7b:2b:1b:5e:34:47:e3:53:79:35:78:1f:a8:
                    bd:b9:da:32:aa:7d:99:3c:ce:7c:5e:67:4d:07:a2:
                    e4:b5:fe:ed:24:62:d1:3b:e5:a2:a0:ab:b9:ed:50:
                    84:55:31:be:de:2c:83:4e:36:8f:c5:20:7d:4e:0d:
                    47:23:dc:f8:e7:88:80:37:34:90:cd:c3:53:b9:5f:
                    3a:75:f4:f5:d6:64:5e:4d:bc:f0:6d:ec:bc:f7:80:
                    8f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E2:F5:16:D0:EF:29:41:13:D1:56:B8:31:CC:F2:41:13:62:B5:28
            X509v3 Authority Key Identifier:
                keyid:AC:C4:8F:7A:59:12:05:88:D4:17:0E:A2:81:5E:6A:E5:1B:E6:BC:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/CuL1FtDvKUET0Va4MczyQRNitSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:81:6a:67:2c:ed:8a:42:5e:92:99:c5:54:5f:59:18:3e:48:
         37:fe:e7:e7:e0:eb:f0:3e:c6:16:0a:27:e8:cd:80:e6:04:9d:
         a8:75:79:b7:fe:4e:93:ad:d7:36:ca:9e:fa:ec:44:99:c5:1e:
         62:7e:e0:55:0f:9f:71:3b:1e:42:dd:52:e4:6a:19:de:4c:b0:
         96:3c:50:46:6d:a4:24:90:fc:59:e3:7a:70:38:29:03:d4:9b:
         94:08:53:17:ea:93:b5:29:dd:4d:ed:36:f3:f0:6f:d6:3b:1a:
         52:5b:29:40:30:c7:27:e9:fb:84:0b:2f:c5:2c:40:99:e2:6f:
         09:04:83:88:5a:f4:af:e8:65:6b:0a:3a:4e:6b:4f:3d:49:cb:
         d1:f0:da:b1:ec:6c:90:e8:9f:34:e7:9e:2f:c1:21:55:cb:77:
         6c:74:80:b0:69:2d:7a:c8:62:a7:93:b2:99:02:5d:98:df:c3:
         da:c1:dc:49:e1:d0:81:63:c9:77:81:02:45:7f:27:fb:b6:fa:
         7b:75:88:46:d4:4d:f0:3b:af:d5:3b:86:a3:1a:a9:e5:b0:8b:
         18:91:6c:26:1a:bd:4d:b8:8f:74:c5:56:a2:09:64:e4:a4:0c:
         2c:c9:9e:90:11:5a:2f:15:12:61:71:d6:dd:d2:b4:44:44:c3:
         f7:74:00:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pyL5Xb1M1v4EYdz8ZJy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYzQ4ZjdhNTkxMjA1ODhkNDE3MGVhMjgxNWU2YWU1MWJl
NmJjZmYwHhcNMjYwMTAyMTIyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWUyZjUxNmQwZWYyOTQxMTNkMTU2YjgzMWNjZjI0MTEzNjJiNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNU28gL34O+QuvP7mIz11cApRftk
DSFyN+v4RlgcI6zd01jqKZ4/IwpFB10Y3zOohbeuPtC6FuId0z4vn372akVenjMV
SelGFyp0pYJgLDlhoA/6+GeTWQyAukXnBd/yT7zVWi3SqWrQ5mqvN16uLXLxNej4
auOCgADg/1FKZrFGUyVVpBBR4bLJyT8GFhCHpx3pq1cTR3yJyoXopb5F//gChKx3
4HsrG140R+NTeTV4H6i9udoyqn2ZPM58XmdNB6Lktf7tJGLRO+WioKu57VCEVTG+
3iyDTjaPxSB9Tg1HI9z454iANzSQzcNTuV86dfT11mReTbzwbey894CPaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAri9RbQ7ylBE9FWuDHM8kETYrUoMB8GA1UdIwQY
MBaAFKzEj3pZEgWI1BcOooFeauUb5rz/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck1TUGVsa1NCWWpVRnc2aWdWNXE1UnZtdlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kODY3OWUtNDZiYi00NGY1LWJhNTIt
YjUyYjNhMjM2ZmE3LzEvQ3VMMUZ0RHZLVUVUMFZhNE1jenlRUk5pdFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kODY3OWUtNDZiYi00NGY1LWJhNTItYjUyYjNhMjM2ZmE3
LzEvck1TUGVsa1NCWWpVRnc2aWdWNXE1UnZtdlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTglMA0G
CSqGSIb3DQEBCwUAA4IBAQAhgWpnLO2KQl6SmcVUX1kYPkg3/ufn4OvwPsYWCifo
zYDmBJ2odXm3/k6Trdc2yp767ESZxR5ifuBVD59xOx5C3VLkahneTLCWPFBGbaQk
kPxZ43pwOCkD1JuUCFMX6pO1Kd1N7Tbz8G/WOxpSWylAMMcn6fuECy/FLECZ4m8J
BIOIWvSv6GVrCjpOa089ScvR8Nqx7GyQ6J80554vwSFVy3dsdICwaS16yGKnk7KZ
Al2Y38PawdxJ4dCBY8l3gQJFfyf7tvp7dYhG1E3wO6/VO4ajGqnlsIsYkWwmGr1N
uI90xVaiCWTkpAwsyZ6QEVovFRJhcdbd0rRERMP3dABp
-----END CERTIFICATE-----