This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/d2hV2NGuzvXofQO61hG5--pH-wk.roa
File:                     d2hV2NGuzvXofQO61hG5--pH-wk.roa (raw, json)
Hash identifier:          bbNWrPoG3uFsAF1ZVXOLfUIGyZrdmJbXdSb+jiXQ9zg=
Subject key identifier:   77:68:55:D8:D1:AE:CE:F5:E8:7D:03:BA:D6:11:B9:FB:EA:47:FB:09
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       019B7CECB70124CCCC716790F6CEFFAA7DE7
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/d2hV2NGuzvXofQO61hG5--pH-wk.roa
Signing time:             Fri 02 Jan 2026 04:17:26 +0000
ROA not before:           Fri 02 Jan 2026 04:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:b7:01:24:cc:cc:71:67:90:f6:ce:ff:aa:7d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Jan  2 04:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=776855d8d1aecef5e87d03bad611b9fbea47fb09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9b:af:3c:6e:41:2b:41:d3:20:77:38:a6:fb:
                    2c:59:1a:65:f0:d3:e5:47:0a:62:56:86:31:48:89:
                    96:1c:d4:3f:4b:98:f7:09:c8:8b:ac:62:fd:8f:cb:
                    98:9c:19:1a:3f:68:12:c4:02:3c:90:c7:f8:ed:eb:
                    be:7e:eb:d1:90:d9:c2:94:03:c0:6c:b7:30:54:22:
                    2b:47:e0:13:fd:ad:20:27:84:02:d0:f7:bc:82:6f:
                    ae:24:5a:e8:2a:bf:35:69:b0:d6:d4:57:0c:1b:dc:
                    7d:76:fd:4d:03:35:ad:39:c5:44:a4:9a:b6:0e:0e:
                    bf:c4:c2:89:1d:7a:20:df:a7:ef:ed:3a:73:e3:87:
                    c7:e0:75:f0:ef:ef:4e:06:af:b6:22:c0:ba:03:f1:
                    6f:92:ba:c2:be:b1:57:ce:99:b0:5d:cf:41:62:9f:
                    43:b4:2f:87:e4:ad:9b:f1:bc:5a:56:f0:86:1e:76:
                    99:ee:23:8f:7b:6f:f1:ce:ba:8f:f9:59:4a:b9:96:
                    3c:45:33:b3:b3:d2:b3:d4:ab:ee:73:31:2f:a7:3e:
                    ba:90:80:40:dc:3c:8b:bd:d1:3d:69:ef:77:d6:cf:
                    36:d8:a5:c5:cd:57:13:f0:a9:b1:a5:9a:b5:fc:ac:
                    39:cf:a9:5c:59:ce:8e:4c:e5:88:41:db:8a:24:9f:
                    5e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:68:55:D8:D1:AE:CE:F5:E8:7D:03:BA:D6:11:B9:FB:EA:47:FB:09
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/d2hV2NGuzvXofQO61hG5--pH-wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:7f:3b:0b:18:d6:46:52:08:25:ad:6a:9d:4c:30:38:d7:15:
         6f:17:43:fe:24:09:1e:58:52:af:d1:d3:2b:ee:a2:0a:ce:bf:
         43:ac:2c:24:04:6e:68:d7:9c:49:21:29:c3:e6:d6:9b:6c:93:
         8f:14:f7:a5:de:04:78:a3:bb:c6:e2:50:67:b2:ff:a2:b0:74:
         0c:03:b4:f4:0a:ce:31:ce:64:08:45:4f:3f:1d:03:2b:1b:b7:
         89:90:6d:ba:88:34:80:d1:63:5a:fc:3e:73:83:8d:42:21:20:
         ed:1e:9f:cb:b3:ff:9f:a9:95:d0:14:73:fb:18:ec:c0:ca:61:
         0e:52:8f:67:73:3d:3a:04:fe:a5:b0:41:1e:32:ef:01:9c:cf:
         c5:9a:26:ea:2a:2c:f3:6e:8a:b4:7f:38:33:c1:aa:3a:45:b9:
         8b:f8:f4:4d:84:38:92:9a:92:a5:3c:a4:df:cc:0a:f5:f1:29:
         e9:52:cc:a4:b7:d7:e1:27:4e:ff:86:f3:3a:d3:45:e8:93:af:
         22:73:c6:2c:40:fe:87:8b:ad:06:16:30:9c:e9:60:ef:67:27:
         92:18:0b:30:c8:dc:d1:6a:c1:4b:7d:e3:47:b4:bd:f9:05:a8:
         e9:e4:de:71:c2:94:04:2f:95:15:d0:d1:e9:95:54:df:1e:c9:
         d4:cd:84:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87LcBJMzMcWeQ9s7/qn3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjYwMTAyMDQxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY4NTVkOGQxYWVjZWY1ZTg3ZDAzYmFkNjExYjlmYmVhNDdmYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopuvPG5BK0HTIHc4pvssWRpl8NPl
RwpiVoYxSImWHNQ/S5j3CciLrGL9j8uYnBkaP2gSxAI8kMf47eu+fuvRkNnClAPA
bLcwVCIrR+AT/a0gJ4QC0Pe8gm+uJFroKr81abDW1FcMG9x9dv1NAzWtOcVEpJq2
Dg6/xMKJHXog36fv7Tpz44fH4HXw7+9OBq+2IsC6A/FvkrrCvrFXzpmwXc9BYp9D
tC+H5K2b8bxaVvCGHnaZ7iOPe2/xzrqP+VlKuZY8RTOzs9Kz1KvuczEvpz66kIBA
3DyLvdE9ae931s822KXFzVcT8KmxpZq1/Kw5z6lcWc6OTOWIQduKJJ9eCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdoVdjRrs716H0DutYRufvqR/sJMB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvZDJoVjJOR3V6dlhvZlFPNjFoRzUtLXBILXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUlMA0G
CSqGSIb3DQEBCwUAA4IBAQA1fzsLGNZGUgglrWqdTDA41xVvF0P+JAkeWFKv0dMr
7qIKzr9DrCwkBG5o15xJISnD5tabbJOPFPel3gR4o7vG4lBnsv+isHQMA7T0Cs4x
zmQIRU8/HQMrG7eJkG26iDSA0WNa/D5zg41CISDtHp/Ls/+fqZXQFHP7GOzAymEO
Uo9ncz06BP6lsEEeMu8BnM/FmibqKizzboq0fzgzwao6RbmL+PRNhDiSmpKlPKTf
zAr18SnpUsykt9fhJ07/hvM600Xok68ic8YsQP6Hi60GFjCc6WDvZyeSGAswyNzR
asFLfeNHtL35Bajp5N5xwpQEL5UV0NHplVTfHsnUzYRQ
-----END CERTIFICATE-----