This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/cBCyxlvufUfGOWDilS38ttT1uvY.roa
File:                     cBCyxlvufUfGOWDilS38ttT1uvY.roa (raw, json)
Hash identifier:          r7Dt5WSAAV3olhtKkx8/cVrUqstLuq8swjnGaqOS5no=
Subject key identifier:   70:10:B2:C6:5B:EE:7D:47:C6:39:60:E2:95:2D:FC:B6:D4:F5:BA:F6
Certificate issuer:       /CN=1d4c6078a5941c5cb157d5f2957cb314d7ed1bed
Certificate serial:       019B783531A35D2C1DD03AEE01FB7A40BB0B
Authority key identifier: 1D:4C:60:78:A5:94:1C:5C:B1:57:D5:F2:95:7C:B3:14:D7:ED:1B:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/cBCyxlvufUfGOWDilS38ttT1uvY.roa
Signing time:             Thu 01 Jan 2026 06:18:30 +0000
ROA not before:           Thu 01 Jan 2026 06:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210425
IP address blocks:        194.60.144.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:31:a3:5d:2c:1d:d0:3a:ee:01:fb:7a:40:bb:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4c6078a5941c5cb157d5f2957cb314d7ed1bed
        Validity
            Not Before: Jan  1 06:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7010b2c65bee7d47c63960e2952dfcb6d4f5baf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:75:2e:3c:a9:6a:8d:8b:b2:bd:35:d5:89:fa:
                    81:ff:db:72:82:ec:53:19:26:1c:8b:68:d0:d4:80:
                    13:6f:68:d2:02:cf:04:27:1e:e0:23:63:24:8c:50:
                    aa:02:ab:df:bf:97:a3:5e:33:32:80:18:21:e7:38:
                    32:eb:85:3b:6f:86:f6:5a:d6:c1:41:4d:d5:e8:99:
                    cb:09:4e:f1:0a:fe:95:91:b2:c9:f1:f6:ad:1f:10:
                    78:6d:a6:ae:46:37:6f:55:b0:64:55:c3:76:19:fb:
                    d2:ce:a4:63:19:e3:50:be:c2:c3:5e:03:c5:71:76:
                    50:3f:6e:57:33:d2:a8:36:dc:5b:c9:49:f0:93:b2:
                    ed:5f:42:91:f3:81:e2:f8:bc:95:bf:e1:4e:f0:85:
                    cd:da:b8:59:e7:b0:c1:95:3e:44:88:04:84:c2:a4:
                    d8:22:24:00:9c:16:67:1c:31:31:ba:e3:63:bf:4a:
                    6b:63:19:68:88:49:c2:c9:29:2f:41:5d:c3:61:83:
                    c3:11:58:21:a6:7c:40:42:ec:15:60:e6:52:6c:9b:
                    0b:b0:dc:ac:29:c9:f9:f0:7f:71:bd:62:46:ba:33:
                    15:b0:4b:2f:9c:a8:e5:77:31:63:d9:f2:a3:8c:ed:
                    4f:52:37:4d:0b:fb:42:a6:b1:46:13:1d:30:08:d9:
                    9e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:10:B2:C6:5B:EE:7D:47:C6:39:60:E2:95:2D:FC:B6:D4:F5:BA:F6
            X509v3 Authority Key Identifier:
                keyid:1D:4C:60:78:A5:94:1C:5C:B1:57:D5:F2:95:7C:B3:14:D7:ED:1B:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/cBCyxlvufUfGOWDilS38ttT1uvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:7d:76:78:71:34:ae:07:83:0b:db:31:57:1b:45:dc:12:34:
         12:f0:18:e7:21:a0:d8:81:55:55:c1:cc:e8:20:d7:44:5f:ed:
         d7:e6:e0:18:9f:9f:60:5d:ed:3c:e0:c1:70:37:85:24:f6:bb:
         18:ff:ea:09:40:bd:74:01:73:24:47:90:9c:36:5d:7d:5f:b6:
         36:2f:d0:8b:9e:c7:69:a0:27:ad:29:fa:09:aa:c2:aa:0d:8d:
         67:ce:fb:8f:dc:cd:60:6b:d2:b3:bc:f2:ec:3d:5b:34:14:b7:
         0a:d0:a0:c3:df:d8:6d:1f:2c:07:d5:87:28:e4:f5:36:7c:06:
         82:d3:13:5e:62:2d:13:1c:14:24:a9:7a:ab:7b:28:3a:28:cf:
         62:00:19:63:06:a6:15:6f:92:78:f0:ea:18:1c:cb:9e:11:f1:
         85:f1:98:25:c5:3e:17:93:c9:72:c3:29:58:5d:42:eb:56:f7:
         f4:e9:27:e3:09:c6:9b:9b:b4:69:a0:23:ef:07:6b:e3:25:b2:
         bd:c8:2c:a6:3e:97:f2:e7:b9:a0:e4:60:8d:2d:5a:0b:1e:a5:
         8d:92:47:c4:63:3f:94:4e:2e:d3:ed:30:c4:ea:fa:48:f3:24:
         98:95:17:6c:8b:f2:65:76:a0:fb:15:8f:ce:a6:6b:3b:da:49:
         1e:cb:05:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NTGjXSwd0DruAft6QLsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNGM2MDc4YTU5NDFjNWNiMTU3ZDVmMjk1N2NiMzE0ZDdl
ZDFiZWQwHhcNMjYwMTAxMDYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEwYjJjNjViZWU3ZDQ3YzYzOTYwZTI5NTJkZmNiNmQ0ZjViYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnUuPKlqjYuyvTXVifqB/9tyguxT
GSYci2jQ1IATb2jSAs8EJx7gI2MkjFCqAqvfv5ejXjMygBgh5zgy64U7b4b2WtbB
QU3V6JnLCU7xCv6VkbLJ8fatHxB4baauRjdvVbBkVcN2GfvSzqRjGeNQvsLDXgPF
cXZQP25XM9KoNtxbyUnwk7LtX0KR84Hi+LyVv+FO8IXN2rhZ57DBlT5EiASEwqTY
IiQAnBZnHDExuuNjv0prYxloiEnCySkvQV3DYYPDEVghpnxAQuwVYOZSbJsLsNys
Kcn58H9xvWJGujMVsEsvnKjldzFj2fKjjO1PUjdNC/tCprFGEx0wCNmesQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAQssZb7n1Hxjlg4pUt/LbU9br2MB8GA1UdIwQY
MBaAFB1MYHillBxcsVfV8pV8sxTX7RvtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFV4Z2VLV1VIRnl4VjlYeWxYeXpGTmZ0Ry0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZWYzODYtMDU3MS00NjBlLTg5OTEt
OTk2YTYyM2I2MzNlLzEvY0JDeXhsdnVmVWZHT1dEaWxTMzh0dFQxdXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZWYzODYtMDU3MS00NjBlLTg5OTEtOTk2YTYyM2I2MzNl
LzEvSFV4Z2VLV1VIRnl4VjlYeWxYeXpGTmZ0Ry0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwjyQMA0G
CSqGSIb3DQEBCwUAA4IBAQBQfXZ4cTSuB4ML2zFXG0XcEjQS8BjnIaDYgVVVwczo
INdEX+3X5uAYn59gXe084MFwN4Uk9rsY/+oJQL10AXMkR5CcNl19X7Y2L9CLnsdp
oCetKfoJqsKqDY1nzvuP3M1ga9KzvPLsPVs0FLcK0KDD39htHywH1Yco5PU2fAaC
0xNeYi0THBQkqXqreyg6KM9iABljBqYVb5J48OoYHMueEfGF8ZglxT4Xk8lywylY
XULrVvf06SfjCcabm7RpoCPvB2vjJbK9yCymPpfy57mg5GCNLVoLHqWNkkfEYz+U
Ti7T7TDE6vpI8ySYlRdsi/JldqD7FY/Opms72kkeywUO
-----END CERTIFICATE-----