This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/sZfhkZkDlljdeNObC5iRcwVBy-g.roa
File:                     sZfhkZkDlljdeNObC5iRcwVBy-g.roa (raw, json)
Hash identifier:          cHYrHxR6Q8P5qrIoXtkRdADLyBy0tVuJ2Ieccmta0NU=
Subject key identifier:   B1:97:E1:91:99:03:96:58:DD:78:D3:9B:0B:98:91:73:05:41:CB:E8
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019B7BA40EF7111495893067BC2053CE8B31
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/sZfhkZkDlljdeNObC5iRcwVBy-g.roa
Signing time:             Thu 01 Jan 2026 22:18:27 +0000
ROA not before:           Thu 01 Jan 2026 22:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203749
IP address blocks:        194.53.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:0e:f7:11:14:95:89:30:67:bc:20:53:ce:8b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jan  1 22:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b197e19199039658dd78d39b0b9891730541cbe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:75:7a:ee:0c:8a:e4:c5:24:85:8d:d6:9c:ce:
                    57:fd:13:55:79:80:7c:df:84:fa:fb:c3:9e:da:03:
                    5f:a4:58:d1:3f:5b:78:aa:3c:e6:d8:77:11:77:84:
                    59:17:85:d6:67:7c:38:64:12:0f:d7:92:fd:e2:c9:
                    58:86:e3:b1:54:76:fc:fc:15:18:6b:9f:93:24:4f:
                    74:16:b0:68:ef:10:f4:d5:5a:a6:1a:cb:c4:6e:08:
                    35:3b:d0:19:80:a3:2b:52:b1:8b:a9:8b:ce:22:6d:
                    6b:c4:da:fc:7a:2e:d2:d3:ec:5b:2d:6b:fb:63:de:
                    8f:f3:71:26:90:3a:e0:6c:5d:dd:fc:88:63:c3:ad:
                    5a:18:cd:7a:57:69:05:da:b3:29:da:67:9b:93:e6:
                    53:5c:fd:92:dc:22:59:86:bd:09:17:90:cc:f6:79:
                    01:16:4d:6c:63:db:6f:a4:39:f2:71:05:dc:68:ef:
                    5c:77:80:14:ad:4d:df:66:ea:39:d4:18:a0:f9:a6:
                    34:ce:bf:06:2f:65:f5:f3:bb:1b:90:26:8a:7e:62:
                    0c:b1:40:47:91:cc:fa:d3:60:89:d7:35:a2:5a:50:
                    37:18:f0:2a:d4:0b:a0:d0:ba:c8:10:86:6d:58:3d:
                    92:7c:a9:c5:e1:90:e9:a8:12:6d:f4:60:8e:41:2b:
                    e0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:97:E1:91:99:03:96:58:DD:78:D3:9B:0B:98:91:73:05:41:CB:E8
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/sZfhkZkDlljdeNObC5iRcwVBy-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:90:c7:25:73:b9:b0:d9:10:fa:30:7e:e9:35:99:55:74:5f:
         11:27:b1:4b:f9:ca:d7:ea:c9:5f:f1:8d:69:64:d8:c4:89:97:
         42:03:94:69:c7:f3:cf:78:f7:e0:fd:c7:75:24:25:00:6b:d4:
         f3:36:52:19:de:7a:16:6a:55:23:ba:32:7f:39:c6:1a:2a:5f:
         de:24:5a:f6:e3:e5:02:86:44:49:f3:fc:10:73:f8:f8:55:47:
         8b:3a:a3:61:fe:49:a7:6b:e5:f3:c5:e3:eb:b3:f2:90:f2:54:
         27:12:10:44:5e:7c:03:ca:66:ad:ae:d6:ad:af:6b:5f:34:67:
         93:3b:a7:0d:47:12:77:24:99:20:f3:fb:0c:25:b4:a3:96:fe:
         dd:ae:20:ff:97:a4:5c:91:b3:89:2f:e1:00:3a:d5:7e:dc:d2:
         1f:39:91:b2:e5:71:30:72:20:8a:8c:14:e5:37:97:e5:1f:40:
         3a:f8:1a:82:35:71:02:be:64:13:b5:7c:26:58:97:92:30:c5:
         95:db:1d:c0:08:be:e1:a2:3a:84:38:59:ab:75:21:2b:0c:a6:
         49:73:52:d3:c1:61:ae:8a:1c:5a:0a:d4:3e:32:95:20:f7:cf:
         a0:bc:fc:b9:30:5a:73:65:55:74:4a:16:db:1d:e0:1d:ff:95:
         71:9f:5f:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pA73ERSViTBnvCBTzosxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjYwMTAxMjIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTk3ZTE5MTk5MDM5NjU4ZGQ3OGQzOWIwYjk4OTE3MzA1NDFjYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXV67gyK5MUkhY3WnM5X/RNVeYB8
34T6+8Oe2gNfpFjRP1t4qjzm2HcRd4RZF4XWZ3w4ZBIP15L94slYhuOxVHb8/BUY
a5+TJE90FrBo7xD01VqmGsvEbgg1O9AZgKMrUrGLqYvOIm1rxNr8ei7S0+xbLWv7
Y96P83EmkDrgbF3d/Ihjw61aGM16V2kF2rMp2mebk+ZTXP2S3CJZhr0JF5DM9nkB
Fk1sY9tvpDnycQXcaO9cd4AUrU3fZuo51Big+aY0zr8GL2X187sbkCaKfmIMsUBH
kcz602CJ1zWiWlA3GPAq1Aug0LrIEIZtWD2SfKnF4ZDpqBJt9GCOQSvg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGX4ZGZA5ZY3XjTmwuYkXMFQcvoMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvc1pmaGtaa0RsbGpkZU5PYkM1aVJjd1ZCeS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjU0MA0G
CSqGSIb3DQEBCwUAA4IBAQBXkMclc7mw2RD6MH7pNZlVdF8RJ7FL+crX6slf8Y1p
ZNjEiZdCA5Rpx/PPePfg/cd1JCUAa9TzNlIZ3noWalUjujJ/OcYaKl/eJFr24+UC
hkRJ8/wQc/j4VUeLOqNh/kmna+XzxePrs/KQ8lQnEhBEXnwDymatrtatr2tfNGeT
O6cNRxJ3JJkg8/sMJbSjlv7driD/l6RckbOJL+EAOtV+3NIfOZGy5XEwciCKjBTl
N5flH0A6+BqCNXECvmQTtXwmWJeSMMWV2x3ACL7hojqEOFmrdSErDKZJc1LTwWGu
ihxaCtQ+MpUg98+gvPy5MFpzZVV0ShbbHeAd/5Vxn1+/
-----END CERTIFICATE-----