This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/qRvOBOttCCifdXKg-Zoy28a2Djg.roa
File:                     qRvOBOttCCifdXKg-Zoy28a2Djg.roa (raw, json)
Hash identifier:          5kgQNG99oZ4RgWldWg89plnXeCTFfBF0bfhCfheFwpc=
Subject key identifier:   A9:1B:CE:04:EB:6D:08:28:9F:75:72:A0:F9:9A:32:DB:C6:B6:0E:38
Certificate issuer:       /CN=74e133ea1e40fc13e074e327710a5344a960b5c0
Certificate serial:       019B7F15623C50F331743F6F85710262E87B
Authority key identifier: 74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/qRvOBOttCCifdXKg-Zoy28a2Djg.roa
Signing time:             Fri 02 Jan 2026 14:21:06 +0000
ROA not before:           Fri 02 Jan 2026 14:21:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15924
IP address blocks:        194.1.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:62:3c:50:f3:31:74:3f:6f:85:71:02:62:e8:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e133ea1e40fc13e074e327710a5344a960b5c0
        Validity
            Not Before: Jan  2 14:21:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a91bce04eb6d08289f7572a0f99a32dbc6b60e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a6:6e:44:ff:37:50:ff:91:8b:cf:c3:28:89:
                    31:e4:84:02:81:e0:59:e6:e6:4c:8e:77:20:7c:02:
                    f0:37:21:f4:52:3f:bf:66:71:e0:ff:85:04:ad:a2:
                    4b:a5:ec:63:29:29:e4:31:5d:c6:47:a8:e8:70:46:
                    76:f6:09:28:ba:c9:09:33:c7:41:08:6d:c6:14:a1:
                    56:40:02:f9:c1:c3:c3:88:44:64:97:7f:8c:13:65:
                    28:ec:3d:fb:bb:b2:7e:6e:4d:97:7b:3f:d7:be:79:
                    56:3d:93:5a:74:41:a0:22:7b:95:3f:23:77:dd:85:
                    7c:2a:91:c4:2b:53:90:3f:c9:76:90:0d:56:82:a7:
                    de:b3:9f:b5:c0:47:f1:c3:9d:fd:c0:cd:5f:92:e7:
                    8e:82:6c:82:1f:22:e8:b7:55:8f:3e:d1:39:9a:e4:
                    de:3c:b6:f5:4c:5d:68:86:cc:de:2c:ec:64:6a:bd:
                    80:69:36:95:90:52:16:fd:26:94:7a:1b:41:3c:07:
                    f1:c6:56:cd:1e:5d:02:b6:20:fb:c0:a2:7e:a4:67:
                    8b:f6:9f:0e:f3:fb:a8:38:68:e2:19:13:d1:e7:77:
                    46:56:5e:58:0e:0e:40:2e:46:57:20:81:da:fd:2e:
                    dd:6a:fc:5c:cb:76:7e:57:93:ab:bb:01:51:01:ca:
                    4e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1B:CE:04:EB:6D:08:28:9F:75:72:A0:F9:9A:32:DB:C6:B6:0E:38
            X509v3 Authority Key Identifier:
                keyid:74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/qRvOBOttCCifdXKg-Zoy28a2Djg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:f2:3e:b5:03:9c:58:55:67:ad:b1:c4:a4:58:92:34:78:1a:
         44:e0:f2:a4:2b:a6:47:cb:9d:e3:4a:d8:77:68:bf:da:b3:08:
         66:3a:ea:68:ca:8a:d2:ea:68:7e:ea:74:04:85:89:71:80:09:
         75:e1:46:bb:94:10:01:a4:5e:36:2d:44:ee:d5:a6:b4:97:22:
         db:55:bc:c8:da:74:b1:13:7b:82:70:4f:17:f9:b4:4e:ef:75:
         cf:0b:f4:9c:34:85:68:30:46:dc:ca:26:ea:79:0c:ca:c8:20:
         8a:3c:52:9a:37:fb:9b:ba:49:d7:6b:70:c5:d8:52:46:a6:f1:
         78:35:87:c1:7c:90:dd:fa:ac:a4:ff:d1:63:df:28:d7:bd:ea:
         4a:a9:9d:5d:97:f0:71:1f:94:04:04:4b:98:51:47:0d:5a:8d:
         b3:ff:ae:8f:24:ae:79:c6:45:c4:31:bf:67:0a:29:ce:08:28:
         75:d7:c3:ba:fd:a0:06:1a:68:59:23:f4:6b:33:09:68:9c:41:
         c3:31:6c:fb:20:88:ce:66:d1:30:b4:d2:ab:21:b3:ee:2d:9f:
         aa:70:ae:4e:0c:89:53:cf:dd:a5:9a:e2:6e:d9:e0:fc:7a:26:
         49:a2:24:2e:84:4e:d7:a9:10:60:b9:78:bc:10:b2:03:83:86:
         60:14:88:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWI8UPMxdD9vhXECYuh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTEzM2VhMWU0MGZjMTNlMDc0ZTMyNzcxMGE1MzQ0YTk2
MGI1YzAwHhcNMjYwMTAyMTQyMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTFiY2UwNGViNmQwODI4OWY3NTcyYTBmOTlhMzJkYmM2YjYwZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKZuRP83UP+Ri8/DKIkx5IQCgeBZ
5uZMjncgfALwNyH0Uj+/ZnHg/4UEraJLpexjKSnkMV3GR6jocEZ29gkouskJM8dB
CG3GFKFWQAL5wcPDiERkl3+ME2Uo7D37u7J+bk2Xez/XvnlWPZNadEGgInuVPyN3
3YV8KpHEK1OQP8l2kA1Wgqfes5+1wEfxw539wM1fkueOgmyCHyLot1WPPtE5muTe
PLb1TF1ohszeLOxkar2AaTaVkFIW/SaUehtBPAfxxlbNHl0CtiD7wKJ+pGeL9p8O
8/uoOGjiGRPR53dGVl5YDg5ALkZXIIHa/S7davxcy3Z+V5OruwFRAcpOwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkbzgTrbQgon3VyoPmaMtvGtg44MB8GA1UdIwQY
MBaAFHThM+oeQPwT4HTjJ3EKU0SpYLXAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMt
MmNiOWUyMTcyZjk3LzEvcVJ2T0JPdHRDQ2lmZFhLZy1ab3kyOGEyRGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMtMmNiOWUyMTcyZjk3
LzEvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgHQMA0G
CSqGSIb3DQEBCwUAA4IBAQC58j61A5xYVWetscSkWJI0eBpE4PKkK6ZHy53jSth3
aL/aswhmOupoyorS6mh+6nQEhYlxgAl14Ua7lBABpF42LUTu1aa0lyLbVbzI2nSx
E3uCcE8X+bRO73XPC/ScNIVoMEbcyibqeQzKyCCKPFKaN/ubuknXa3DF2FJGpvF4
NYfBfJDd+qyk/9Fj3yjXvepKqZ1dl/BxH5QEBEuYUUcNWo2z/66PJK55xkXEMb9n
CinOCCh118O6/aAGGmhZI/RrMwlonEHDMWz7IIjOZtEwtNKrIbPuLZ+qcK5ODIlT
z92lmuJu2eD8eiZJoiQuhE7XqRBguXi8ELIDg4ZgFIjj
-----END CERTIFICATE-----