This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/EvhdgJldzrTyPRhTwu7_R0oOsRk.roa
File:                     EvhdgJldzrTyPRhTwu7_R0oOsRk.roa (raw, json)
Hash identifier:          jp9wh8X1nWQb/EKe4T8unvTtIOObggs6fceKYXSVd0M=
Subject key identifier:   12:F8:5D:80:99:5D:CE:B4:F2:3D:18:53:C2:EE:FF:47:4A:0E:B1:19
Certificate issuer:       /CN=aa7b6137f5af3c22c85a1908d40b2941ee2c06f4
Certificate serial:       019B7CEE43FEC1DE833500275A627CD8CCAB
Authority key identifier: AA:7B:61:37:F5:AF:3C:22:C8:5A:19:08:D4:0B:29:41:EE:2C:06:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/EvhdgJldzrTyPRhTwu7_R0oOsRk.roa
Signing time:             Fri 02 Jan 2026 04:19:08 +0000
ROA not before:           Fri 02 Jan 2026 04:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39704
IP address blocks:        185.168.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:43:fe:c1:de:83:35:00:27:5a:62:7c:d8:cc:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa7b6137f5af3c22c85a1908d40b2941ee2c06f4
        Validity
            Not Before: Jan  2 04:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12f85d80995dceb4f23d1853c2eeff474a0eb119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4c:c1:59:ab:15:2a:07:29:4d:a8:b1:90:74:
                    f6:a4:0f:16:4f:26:3f:ac:26:f2:34:07:6c:e2:6b:
                    97:d6:55:27:35:6b:9c:10:9e:49:9a:3d:0e:27:40:
                    2a:57:87:92:0c:0a:dd:7d:35:3c:45:31:c9:78:44:
                    e6:40:34:05:ad:7e:e1:11:55:a9:28:11:6d:2f:c1:
                    46:12:b5:22:84:ad:32:d1:7b:9b:a1:41:ca:89:47:
                    e1:7e:b5:e3:fc:25:51:a2:0d:b1:57:86:c2:b7:23:
                    64:c7:14:35:58:b3:c3:60:3f:58:01:c6:1f:a6:d1:
                    15:fd:9a:ba:4e:e5:ae:84:72:37:6d:a2:80:fb:94:
                    4c:bb:40:78:6c:b6:ee:4c:0b:8a:ba:56:78:90:b9:
                    be:f6:02:84:ee:bb:46:73:4e:76:45:0a:11:5e:97:
                    c2:af:c4:ba:2c:16:0e:f3:e3:34:59:32:24:d8:83:
                    6b:e0:1d:41:b7:8d:37:c7:2f:c5:85:54:9b:9b:05:
                    f2:6e:f0:2d:46:50:e0:15:59:55:b1:d3:0a:9a:52:
                    bd:d1:1e:1b:30:41:11:f5:b1:07:75:f5:53:ff:36:
                    cb:b6:a2:50:13:b0:b4:75:1e:7c:ba:b6:e5:79:4f:
                    e1:f9:d4:62:d0:e0:1d:59:05:26:87:0c:6d:55:29:
                    90:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:F8:5D:80:99:5D:CE:B4:F2:3D:18:53:C2:EE:FF:47:4A:0E:B1:19
            X509v3 Authority Key Identifier:
                keyid:AA:7B:61:37:F5:AF:3C:22:C8:5A:19:08:D4:0B:29:41:EE:2C:06:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnthN_WvPCLIWhkI1AspQe4sBvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/EvhdgJldzrTyPRhTwu7_R0oOsRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5e06fa-37f9-4a1c-811a-d6a305cbf46c/1/qnthN_WvPCLIWhkI1AspQe4sBvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:80:b7:7d:36:b8:8f:fb:36:58:80:6e:b9:7e:f4:ac:4a:81:
         be:5e:db:19:d4:c1:d4:b6:6b:39:39:ee:83:a8:75:04:c5:9f:
         f0:30:c1:ee:6e:7c:18:14:1b:1f:19:0e:8e:f3:ec:4b:8c:fe:
         6a:71:fd:69:3d:1c:b1:71:f1:33:12:88:d3:8a:db:83:9f:7c:
         5c:0c:56:47:0e:ee:b9:a8:8c:52:f7:55:f8:4c:62:73:8a:bc:
         39:46:92:24:c6:6d:23:1a:81:35:d4:9b:70:1d:cd:00:ad:ca:
         1b:52:8b:ef:cc:be:c1:e6:dd:77:c7:9a:7a:a2:2e:d8:72:12:
         07:93:8f:50:c7:ce:68:73:02:fe:a9:2e:df:59:8b:59:f3:6c:
         1d:49:3a:3a:f8:32:23:fa:e6:2d:94:9b:ec:bf:15:31:2d:88:
         c4:a2:c6:ed:f5:c1:b5:64:c4:67:2a:4f:10:f8:97:d5:dc:9c:
         f0:e1:39:c6:20:43:b6:db:75:18:69:95:2d:7e:d8:a5:0a:31:
         97:4a:f4:91:77:2c:b0:bf:4b:ca:90:26:60:6d:de:af:87:e5:
         b9:96:6f:3f:30:d4:3e:c6:ec:4d:84:8c:40:08:c6:88:85:2b:
         a5:0b:ad:af:7a:5d:07:84:dd:0d:a2:49:06:87:33:ab:eb:c7:
         df:11:50:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87kP+wd6DNQAnWmJ82MyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhN2I2MTM3ZjVhZjNjMjJjODVhMTkwOGQ0MGIyOTQxZWUy
YzA2ZjQwHhcNMjYwMTAyMDQxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmY4NWQ4MDk5NWRjZWI0ZjIzZDE4NTNjMmVlZmY0NzRhMGViMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UzBWasVKgcpTaixkHT2pA8WTyY/
rCbyNAds4muX1lUnNWucEJ5Jmj0OJ0AqV4eSDArdfTU8RTHJeETmQDQFrX7hEVWp
KBFtL8FGErUihK0y0XuboUHKiUfhfrXj/CVRog2xV4bCtyNkxxQ1WLPDYD9YAcYf
ptEV/Zq6TuWuhHI3baKA+5RMu0B4bLbuTAuKulZ4kLm+9gKE7rtGc052RQoRXpfC
r8S6LBYO8+M0WTIk2INr4B1Bt403xy/FhVSbmwXybvAtRlDgFVlVsdMKmlK90R4b
MEER9bEHdfVT/zbLtqJQE7C0dR58urbleU/h+dRi0OAdWQUmhwxtVSmQUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBL4XYCZXc608j0YU8Lu/0dKDrEZMB8GA1UdIwQY
MBaAFKp7YTf1rzwiyFoZCNQLKUHuLAb0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW50aE5fV3ZQQ0xJV2hrSTFBc3BRZTRzQnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81ZTA2ZmEtMzdmOS00YTFjLTgxMWEt
ZDZhMzA1Y2JmNDZjLzEvRXZoZGdKbGR6clR5UFJoVHd1N19SMG9Pc1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81ZTA2ZmEtMzdmOS00YTFjLTgxMWEtZDZhMzA1Y2JmNDZj
LzEvcW50aE5fV3ZQQ0xJV2hrSTFBc3BRZTRzQnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagEMA0G
CSqGSIb3DQEBCwUAA4IBAQAngLd9NriP+zZYgG65fvSsSoG+XtsZ1MHUtms5Oe6D
qHUExZ/wMMHubnwYFBsfGQ6O8+xLjP5qcf1pPRyxcfEzEojTituDn3xcDFZHDu65
qIxS91X4TGJzirw5RpIkxm0jGoE11JtwHc0ArcobUovvzL7B5t13x5p6oi7YchIH
k49Qx85ocwL+qS7fWYtZ82wdSTo6+DIj+uYtlJvsvxUxLYjEosbt9cG1ZMRnKk8Q
+JfV3Jzw4TnGIEO223UYaZUtftilCjGXSvSRdyywv0vKkCZgbd6vh+W5lm8/MNQ+
xuxNhIxACMaIhSulC62vel0HhN0NokkGhzOr68ffEVCx
-----END CERTIFICATE-----