This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/_pE_hOalVEr-7fiDiNyy-a5XwQo.roa
File:                     _pE_hOalVEr-7fiDiNyy-a5XwQo.roa (raw, json)
Hash identifier:          ML63qRfE7OxFAG5T2ussKnZCoMNAgc+mtevWP5FkA3g=
Subject key identifier:   FE:91:3F:84:E6:A5:54:4A:FE:ED:F8:83:88:DC:B2:F9:AE:57:C1:0A
Certificate issuer:       /CN=52ecb0e85d0b7feea4a82ac9448d47c3ec0af053
Certificate serial:       019B7C134588AC1C70BEA21985BC5E8E58DC
Authority key identifier: 52:EC:B0:E8:5D:0B:7F:EE:A4:A8:2A:C9:44:8D:47:C3:EC:0A:F0:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/_pE_hOalVEr-7fiDiNyy-a5XwQo.roa
Signing time:             Fri 02 Jan 2026 00:19:56 +0000
ROA not before:           Fri 02 Jan 2026 00:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60200
IP address blocks:        185.34.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:45:88:ac:1c:70:be:a2:19:85:bc:5e:8e:58:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52ecb0e85d0b7feea4a82ac9448d47c3ec0af053
        Validity
            Not Before: Jan  2 00:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe913f84e6a5544afeedf88388dcb2f9ae57c10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:65:f7:ec:81:92:af:3c:8b:55:b6:2e:9a:ec:
                    9c:f7:30:a3:6f:ef:f2:e6:59:fe:7b:7f:4c:7f:72:
                    ea:3b:00:14:75:97:26:68:da:23:a0:20:c4:ff:2e:
                    8c:fb:3f:17:fe:29:86:b4:99:1c:22:96:2d:46:5c:
                    8e:40:3e:cd:95:22:3c:06:af:0f:ae:08:0e:0f:00:
                    cf:97:0b:6d:48:3d:1c:b5:66:9b:df:94:5a:26:00:
                    86:5a:c7:80:f3:88:dd:32:6d:59:d6:8e:98:0d:c3:
                    b3:7b:03:e4:11:09:26:12:72:12:02:8c:fa:4f:50:
                    c2:e5:89:f8:69:a2:7d:7d:8c:2c:e5:b1:2e:bd:09:
                    c8:33:15:3b:e2:6d:4b:4e:34:38:e8:d1:4e:9c:28:
                    36:a3:b6:fb:73:33:e2:9e:70:27:7b:d9:58:f6:a5:
                    e5:ad:ed:40:cf:4c:80:26:10:3c:17:a3:19:b4:3b:
                    75:75:e8:a1:bb:aa:48:02:a8:01:75:87:a8:0a:51:
                    2f:f0:98:1d:43:76:dd:09:0d:9b:5a:07:b7:e1:4c:
                    5e:c7:2b:0a:72:93:28:b7:3e:72:51:ee:57:02:3d:
                    dd:f8:c5:1e:82:85:1c:5c:b6:e4:47:86:99:2e:fc:
                    9e:19:7e:c4:35:fe:b2:14:4c:3a:66:17:7a:9a:59:
                    94:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:91:3F:84:E6:A5:54:4A:FE:ED:F8:83:88:DC:B2:F9:AE:57:C1:0A
            X509v3 Authority Key Identifier:
                keyid:52:EC:B0:E8:5D:0B:7F:EE:A4:A8:2A:C9:44:8D:47:C3:EC:0A:F0:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/_pE_hOalVEr-7fiDiNyy-a5XwQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/db3e56-e832-491d-b530-ca4f66b09068/1/Uuyw6F0Lf-6kqCrJRI1Hw-wK8FM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:e9:89:7b:85:e9:a5:2c:b1:be:42:eb:10:fb:11:79:e9:63:
         41:ef:0a:3b:2d:3b:be:99:4c:fb:46:4f:69:ac:fb:9a:d9:f9:
         e8:a6:a7:a9:9d:f3:ea:71:53:5f:50:fe:3a:9f:02:22:bc:d3:
         16:7d:85:b3:6e:ea:9e:2d:f3:3d:e1:be:3a:a0:6e:94:94:6a:
         09:1c:fc:c9:e7:5d:af:4b:31:7d:8f:b1:5a:60:8a:53:00:bd:
         5b:ac:c2:27:3e:10:6f:d1:c0:5a:9f:86:66:10:4c:75:2a:fa:
         80:ae:f6:5b:e8:07:e3:65:ad:a7:d9:22:03:e1:6c:74:79:a1:
         d7:39:60:52:ab:17:3f:3b:0e:21:d0:f9:58:e8:1e:47:eb:08:
         50:5e:35:3d:ec:79:8e:52:b8:e7:b6:8a:b3:c2:5d:b0:d3:7a:
         56:b3:d7:05:05:5e:c9:31:e1:47:93:88:8b:e7:18:95:f4:2e:
         d6:0b:b2:3a:06:e3:7c:ca:48:9e:de:41:fe:c2:07:c3:15:d6:
         67:92:3c:23:24:e6:f5:c5:9f:11:16:13:a3:aa:0a:36:b1:36:
         d7:64:af:70:c4:3d:8d:3d:bc:da:5a:d5:61:0e:e3:70:12:10:
         3b:67:32:d3:87:b4:36:5c:61:68:93:79:50:63:ab:52:83:04:
         49:88:1d:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0WIrBxwvqIZhbxejljcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZWNiMGU4NWQwYjdmZWVhNGE4MmFjOTQ0OGQ0N2MzZWMw
YWYwNTMwHhcNMjYwMTAyMDAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTkxM2Y4NGU2YTU1NDRhZmVlZGY4ODM4OGRjYjJmOWFlNTdjMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2X37IGSrzyLVbYumuyc9zCjb+/y
5ln+e39Mf3LqOwAUdZcmaNojoCDE/y6M+z8X/imGtJkcIpYtRlyOQD7NlSI8Bq8P
rggODwDPlwttSD0ctWab35RaJgCGWseA84jdMm1Z1o6YDcOzewPkEQkmEnISAoz6
T1DC5Yn4aaJ9fYws5bEuvQnIMxU74m1LTjQ46NFOnCg2o7b7czPinnAne9lY9qXl
re1Az0yAJhA8F6MZtDt1deihu6pIAqgBdYeoClEv8JgdQ3bdCQ2bWge34UxexysK
cpMotz5yUe5XAj3d+MUegoUcXLbkR4aZLvyeGX7ENf6yFEw6Zhd6mlmUEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6RP4TmpVRK/u34g4jcsvmuV8EKMB8GA1UdIwQY
MBaAFFLssOhdC3/upKgqyUSNR8PsCvBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXV5dzZGMExmLTZrcUNySlJJMUh3LXdLOEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kYjNlNTYtZTgzMi00OTFkLWI1MzAt
Y2E0ZjY2YjA5MDY4LzEvX3BFX2hPYWxWRXItN2ZpRGlOeXktYTVYd1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kYjNlNTYtZTgzMi00OTFkLWI1MzAtY2E0ZjY2YjA5MDY4
LzEvVXV5dzZGMExmLTZrcUNySlJJMUh3LXdLOEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSKsMA0G
CSqGSIb3DQEBCwUAA4IBAQA46Yl7hemlLLG+QusQ+xF56WNB7wo7LTu+mUz7Rk9p
rPua2fnopqepnfPqcVNfUP46nwIivNMWfYWzbuqeLfM94b46oG6UlGoJHPzJ512v
SzF9j7FaYIpTAL1brMInPhBv0cBan4ZmEEx1KvqArvZb6AfjZa2n2SID4Wx0eaHX
OWBSqxc/Ow4h0PlY6B5H6whQXjU97HmOUrjntoqzwl2w03pWs9cFBV7JMeFHk4iL
5xiV9C7WC7I6BuN8ykie3kH+wgfDFdZnkjwjJOb1xZ8RFhOjqgo2sTbXZK9wxD2N
PbzaWtVhDuNwEhA7ZzLTh7Q2XGFok3lQY6tSgwRJiB3r
-----END CERTIFICATE-----