This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/apgFIZZ2kNrAvx4UT-WLtpzNCTA.roa
File:                     apgFIZZ2kNrAvx4UT-WLtpzNCTA.roa (raw, json)
Hash identifier:          Kr/qYxPomhktonhz5Ep98c+wnNlvv7s4Ib91hHUnMsw=
Subject key identifier:   6A:98:05:21:96:76:90:DA:C0:BF:1E:14:4F:E5:8B:B6:9C:CD:09:30
Certificate issuer:       /CN=267e595ab226cbfc53c0b89650f1b39670ff0b4e
Certificate serial:       019B76EB8795646144AE691083212A2D2BDA
Authority key identifier: 26:7E:59:5A:B2:26:CB:FC:53:C0:B8:96:50:F1:B3:96:70:FF:0B:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jn5ZWrImy_xTwLiWUPGzlnD_C04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/apgFIZZ2kNrAvx4UT-WLtpzNCTA.roa
Signing time:             Thu 01 Jan 2026 00:18:25 +0000
ROA not before:           Thu 01 Jan 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212778
IP address blocks:        145.87.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/Jn5ZWrImy_xTwLiWUPGzlnD_C04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/Jn5ZWrImy_xTwLiWUPGzlnD_C04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jn5ZWrImy_xTwLiWUPGzlnD_C04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:87:95:64:61:44:ae:69:10:83:21:2a:2d:2b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=267e595ab226cbfc53c0b89650f1b39670ff0b4e
        Validity
            Not Before: Jan  1 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a980521967690dac0bf1e144fe58bb69ccd0930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:39:1f:0b:6e:a2:00:12:40:c2:38:2e:65:5f:
                    92:74:78:49:7d:7f:c0:28:92:92:e8:9b:aa:cf:5b:
                    dd:2a:a1:45:8e:83:ce:5d:41:40:ce:e2:7c:31:29:
                    b5:3e:91:23:be:ee:81:83:da:18:12:45:48:d4:ad:
                    d0:53:61:07:64:02:02:bb:ca:ad:17:ad:92:fb:48:
                    f6:40:7e:dc:48:9a:7a:12:47:04:dd:d0:51:70:22:
                    aa:33:7b:05:55:bb:ca:1f:c9:fb:e6:51:3e:aa:6b:
                    19:6b:c5:13:f3:2c:07:53:f3:aa:1c:a9:ac:0c:83:
                    54:5d:62:73:ad:9d:46:72:b4:a7:3a:e3:c7:5d:21:
                    12:31:58:fa:81:40:34:e5:e6:73:3b:53:16:78:0b:
                    58:49:4f:9a:fb:85:6c:ad:e3:ed:89:82:6b:e4:7e:
                    a1:9f:e5:3b:02:a7:ba:93:0c:95:24:29:13:c4:fa:
                    93:a4:4a:aa:e7:ae:53:7f:22:ab:8c:6f:22:9f:8f:
                    e9:50:8c:06:28:2d:7b:5a:b7:44:0c:08:19:c4:08:
                    d0:c4:8a:33:92:59:22:55:bb:5c:1c:53:98:8b:e6:
                    b5:82:67:d5:01:aa:58:4a:d9:17:88:f3:25:33:0f:
                    27:37:94:ca:42:61:7a:20:21:39:0c:52:de:f6:19:
                    dc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:98:05:21:96:76:90:DA:C0:BF:1E:14:4F:E5:8B:B6:9C:CD:09:30
            X509v3 Authority Key Identifier:
                keyid:26:7E:59:5A:B2:26:CB:FC:53:C0:B8:96:50:F1:B3:96:70:FF:0B:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jn5ZWrImy_xTwLiWUPGzlnD_C04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/apgFIZZ2kNrAvx4UT-WLtpzNCTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e4e057-c698-4933-9d05-7c0a94ae1719/1/Jn5ZWrImy_xTwLiWUPGzlnD_C04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.87.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:a4:51:5b:d4:b2:25:db:2e:75:28:96:00:b2:5c:80:c6:44:
         d1:ca:01:4f:d1:88:c6:05:cc:ad:33:67:c0:46:cf:52:f8:0f:
         ac:a4:f3:cb:19:f6:55:78:af:7a:9d:69:d8:8d:11:77:b0:f9:
         9a:b8:df:d6:90:0c:d7:be:45:17:90:21:82:82:4a:de:ec:61:
         38:ae:0a:e3:cb:08:83:02:b1:c5:7c:ad:7c:8a:e0:48:58:b7:
         a1:c4:65:10:a6:7a:9e:62:9c:34:a9:18:ef:16:2a:8e:59:4a:
         2c:dd:0a:17:f1:39:ae:1b:38:d1:e0:eb:2c:c3:6a:3e:4d:dc:
         32:4f:ed:42:f7:5e:e8:51:3f:68:6a:02:9e:fb:9d:0b:f9:73:
         23:57:b9:ab:7c:aa:9d:4e:97:2e:4a:5e:dd:ad:84:52:81:91:
         26:7f:31:d4:d4:1c:12:70:a5:6e:c4:fe:60:5e:f9:25:06:b9:
         99:c6:6b:20:31:4c:b4:94:6b:db:4f:19:1b:95:cd:a9:aa:c2:
         ff:10:f6:3d:39:72:d1:a9:ab:0f:95:2d:bc:37:b5:af:52:29:
         48:cf:c4:d2:06:b1:88:6e:bd:48:63:b7:7b:ce:f7:31:5b:45:
         58:44:25:4a:3e:8b:e6:58:d0:72:69:f4:f7:4c:c3:8a:99:7f:
         8c:07:10:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264eVZGFErmkQgyEqLSvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2N2U1OTVhYjIyNmNiZmM1M2MwYjg5NjUwZjFiMzk2NzBm
ZjBiNGUwHhcNMjYwMTAxMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk4MDUyMTk2NzY5MGRhYzBiZjFlMTQ0ZmU1OGJiNjljY2QwOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTkfC26iABJAwjguZV+SdHhJfX/A
KJKS6Juqz1vdKqFFjoPOXUFAzuJ8MSm1PpEjvu6Bg9oYEkVI1K3QU2EHZAICu8qt
F62S+0j2QH7cSJp6EkcE3dBRcCKqM3sFVbvKH8n75lE+qmsZa8UT8ywHU/OqHKms
DINUXWJzrZ1GcrSnOuPHXSESMVj6gUA05eZzO1MWeAtYSU+a+4VsrePtiYJr5H6h
n+U7Aqe6kwyVJCkTxPqTpEqq565TfyKrjG8in4/pUIwGKC17WrdEDAgZxAjQxIoz
klkiVbtcHFOYi+a1gmfVAapYStkXiPMlMw8nN5TKQmF6ICE5DFLe9hncawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqYBSGWdpDawL8eFE/li7aczQkwMB8GA1UdIwQY
MBaAFCZ+WVqyJsv8U8C4llDxs5Zw/wtOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm41WldySW15X3hUd0xpV1VQR3psbkRfQzA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9lNGUwNTctYzY5OC00OTMzLTlkMDUt
N2MwYTk0YWUxNzE5LzEvYXBnRklaWjJrTnJBdng0VVQtV0x0cHpOQ1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9lNGUwNTctYzY5OC00OTMzLTlkMDUtN2MwYTk0YWUxNzE5
LzEvSm41WldySW15X3hUd0xpV1VQR3psbkRfQzA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkVcAMA0G
CSqGSIb3DQEBCwUAA4IBAQCIpFFb1LIl2y51KJYAslyAxkTRygFP0YjGBcytM2fA
Rs9S+A+spPPLGfZVeK96nWnYjRF3sPmauN/WkAzXvkUXkCGCgkre7GE4rgrjywiD
ArHFfK18iuBIWLehxGUQpnqeYpw0qRjvFiqOWUos3QoX8TmuGzjR4Ossw2o+Tdwy
T+1C917oUT9oagKe+50L+XMjV7mrfKqdTpcuSl7drYRSgZEmfzHU1BwScKVuxP5g
XvklBrmZxmsgMUy0lGvbTxkblc2pqsL/EPY9OXLRqasPlS28N7WvUilIz8TSBrGI
br1IY7d7zvcxW0VYRCVKPovmWNByafT3TMOKmX+MBxAt
-----END CERTIFICATE-----