This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/f8cxDtGsT2Ikp6eF_zj9ggqQBiQ.roa
File:                     f8cxDtGsT2Ikp6eF_zj9ggqQBiQ.roa (raw, json)
Hash identifier:          CbPEI2G5Y9W39zpXifforX4BNfoULMQ57Hb8GhyiU7s=
Subject key identifier:   7F:C7:31:0E:D1:AC:4F:62:24:A7:A7:85:FF:38:FD:82:0A:90:06:24
Certificate issuer:       /CN=a3698b01053911607edb2a76090a6aced95a3ed5
Certificate serial:       019B77C6895FFEB27937D6FA7E244B4E170F
Authority key identifier: A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/f8cxDtGsT2Ikp6eF_zj9ggqQBiQ.roa
Signing time:             Thu 01 Jan 2026 04:17:38 +0000
ROA not before:           Thu 01 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        194.61.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:89:5f:fe:b2:79:37:d6:fa:7e:24:4b:4e:17:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3698b01053911607edb2a76090a6aced95a3ed5
        Validity
            Not Before: Jan  1 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fc7310ed1ac4f6224a7a785ff38fd820a900624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c0:61:90:e0:4c:9b:06:2f:34:72:47:79:9c:
                    f2:56:58:ad:b8:bd:dd:c1:5f:61:2b:30:d0:cd:24:
                    ba:6b:c9:e8:d9:6e:5e:c9:53:4f:2e:d2:f3:96:9d:
                    95:a2:25:ff:e1:3d:15:e5:94:35:c8:23:b7:5c:9e:
                    8f:65:a0:5b:52:35:43:d6:c8:2c:a6:7c:0d:6b:c5:
                    3a:70:2c:00:bf:c6:7b:ce:aa:d4:5a:60:4a:6d:13:
                    ea:20:1f:5f:b5:e0:a1:52:07:6b:ba:87:2b:39:8b:
                    ee:7c:c0:7b:ad:19:6c:11:dd:0a:63:86:05:07:e0:
                    f5:17:15:88:c7:ec:45:cd:89:96:e5:d1:f0:7e:fc:
                    f0:fc:cf:4f:05:94:45:fa:75:df:2b:65:67:79:89:
                    a0:ba:c6:9c:d7:e5:ae:63:40:aa:bd:af:29:1d:4b:
                    fd:1d:9c:09:ba:91:87:0c:ab:03:35:25:32:b5:20:
                    35:1b:08:e3:dc:26:1f:e9:81:c9:39:2c:0b:74:27:
                    fb:b1:83:5c:1a:03:97:17:f5:9c:06:0f:85:c8:d8:
                    f0:1a:f6:71:24:8f:3e:3c:d8:7f:b2:fa:4f:d1:3f:
                    7d:7d:11:df:b9:01:0f:a5:98:b6:48:ca:80:cd:63:
                    01:68:18:4e:5f:eb:94:f8:7b:fc:63:f2:dc:96:e6:
                    6d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C7:31:0E:D1:AC:4F:62:24:A7:A7:85:FF:38:FD:82:0A:90:06:24
            X509v3 Authority Key Identifier:
                keyid:A3:69:8B:01:05:39:11:60:7E:DB:2A:76:09:0A:6A:CE:D9:5A:3E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2mLAQU5EWB-2yp2CQpqztlaPtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/f8cxDtGsT2Ikp6eF_zj9ggqQBiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/81d68a-536c-4442-b852-bbd311186950/1/o2mLAQU5EWB-2yp2CQpqztlaPtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:02:ff:6c:9c:c0:87:63:61:f3:10:c1:45:ff:f3:8d:69:ab:
         c4:c6:45:8d:0c:98:15:6a:5f:33:23:f6:06:fa:08:ab:60:44:
         b4:37:49:47:b2:cb:42:24:28:4a:4e:61:e1:69:c8:4a:45:07:
         f4:79:0f:d0:f4:ac:08:94:09:12:d7:c5:f1:35:31:08:a6:10:
         a6:c4:24:ca:b6:4e:e4:e6:0b:98:7a:be:b3:d0:f8:39:79:f7:
         ab:dc:d5:89:a8:b7:71:90:b7:03:41:7f:77:2d:88:cf:9b:26:
         81:86:06:8e:c5:85:74:a3:a8:2b:62:61:fc:93:ef:19:e6:d0:
         3e:eb:26:ea:6a:87:5a:20:7b:a4:c0:7a:5d:1b:eb:33:2a:b4:
         5a:34:c6:52:48:3d:c1:9f:2c:2b:6b:16:1c:a5:92:da:6f:43:
         48:75:4b:b7:2a:93:47:bb:a6:19:d9:b7:c9:5f:5b:0c:a8:d1:
         c9:c2:49:44:d2:6a:b4:bf:59:91:b6:c1:4f:bb:88:a2:49:b6:
         b6:35:a1:6f:f3:65:13:38:2e:86:f9:c0:17:aa:f1:66:8d:46:
         e3:77:88:d3:4b:b2:5c:43:99:16:d3:43:c8:14:e0:4a:0d:8d:
         95:38:c9:05:c2:5d:9e:22:8c:b8:e7:d1:6a:fd:0b:6f:ff:77:
         ed:b4:0c:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xolf/rJ5N9b6fiRLThcPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjk4YjAxMDUzOTExNjA3ZWRiMmE3NjA5MGE2YWNlZDk1
YTNlZDUwHhcNMjYwMTAxMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmM3MzEwZWQxYWM0ZjYyMjRhN2E3ODVmZjM4ZmQ4MjBhOTAwNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssBhkOBMmwYvNHJHeZzyVlituL3d
wV9hKzDQzSS6a8no2W5eyVNPLtLzlp2VoiX/4T0V5ZQ1yCO3XJ6PZaBbUjVD1sgs
pnwNa8U6cCwAv8Z7zqrUWmBKbRPqIB9fteChUgdruocrOYvufMB7rRlsEd0KY4YF
B+D1FxWIx+xFzYmW5dHwfvzw/M9PBZRF+nXfK2VneYmgusac1+WuY0Cqva8pHUv9
HZwJupGHDKsDNSUytSA1Gwjj3CYf6YHJOSwLdCf7sYNcGgOXF/WcBg+FyNjwGvZx
JI8+PNh/svpP0T99fRHfuQEPpZi2SMqAzWMBaBhOX+uU+Hv8Y/LcluZtfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/HMQ7RrE9iJKenhf84/YIKkAYkMB8GA1UdIwQY
MBaAFKNpiwEFORFgftsqdgkKas7ZWj7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTIt
YmJkMzExMTg2OTUwLzEvZjhjeER0R3NUMklrcDZlRl96ajlnZ3FRQmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS84MWQ2OGEtNTM2Yy00NDQyLWI4NTItYmJkMzExMTg2OTUw
LzEvbzJtTEFRVTVFV0ItMnlwMkNRcHF6dGxhUHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAuAv9snMCHY2HzEMFF//ONaavExkWNDJgVal8zI/YG
+girYES0N0lHsstCJChKTmHhachKRQf0eQ/Q9KwIlAkS18XxNTEIphCmxCTKtk7k
5guYer6z0Pg5efer3NWJqLdxkLcDQX93LYjPmyaBhgaOxYV0o6grYmH8k+8Z5tA+
6ybqaodaIHukwHpdG+szKrRaNMZSSD3BnywraxYcpZLab0NIdUu3KpNHu6YZ2bfJ
X1sMqNHJwklE0mq0v1mRtsFPu4iiSba2NaFv82UTOC6G+cAXqvFmjUbjd4jTS7Jc
Q5kW00PIFOBKDY2VOMkFwl2eIoy459Fq/Qtv/3fttAxr
-----END CERTIFICATE-----