This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/ExZ6Kd56WDH-AGgQHXr1yRwsFSQ.roa
File:                     ExZ6Kd56WDH-AGgQHXr1yRwsFSQ.roa (raw, json)
Hash identifier:          kL39jLOnqVVifO/hGcRPYe9QCu6ofg6F1ZfvObXNrbI=
Subject key identifier:   13:16:7A:29:DE:7A:58:31:FE:00:68:10:1D:7A:F5:C9:1C:2C:15:24
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       019A5380864957164120BC35C0E214B04094
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/ExZ6Kd56WDH-AGgQHXr1yRwsFSQ.roa
Signing time:             Wed 05 Nov 2025 10:12:03 +0000
ROA not before:           Wed 05 Nov 2025 10:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        85.116.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:80:86:49:57:16:41:20:bc:35:c0:e2:14:b0:40:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Nov  5 10:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13167a29de7a5831fe0068101d7af5c91c2c1524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:40:31:15:37:3b:96:75:d1:e6:d2:da:2e:0b:
                    c0:94:6a:cd:68:a3:77:e5:5d:d8:91:18:7d:63:30:
                    20:41:5b:63:9f:e4:97:5e:eb:3a:42:39:ae:b0:88:
                    24:24:03:2c:4e:79:55:ca:d4:2d:a3:8a:a7:a3:12:
                    41:99:3a:59:b0:44:dd:d1:a1:63:74:7d:12:71:2c:
                    31:7c:50:4d:ed:43:aa:48:86:ba:a9:38:b1:69:51:
                    a7:44:5d:7c:4e:9f:08:43:08:81:d5:ae:5c:14:86:
                    ee:5f:1a:a8:02:d4:f0:e3:4e:0c:68:76:8f:95:4a:
                    73:9f:4a:87:44:35:23:9c:52:4b:bf:44:89:f0:1c:
                    3a:0c:32:40:89:1d:c6:64:0f:6e:04:cd:ad:c1:c3:
                    7f:5a:4f:d6:17:92:20:ee:f9:21:74:64:3f:78:1f:
                    f1:a1:21:99:ac:f6:71:cb:8c:5b:40:e0:f2:d8:ce:
                    68:56:f1:48:bd:e8:f8:83:7a:dd:24:d1:1b:06:82:
                    38:6b:b3:d8:16:66:1d:c4:7b:c5:41:8c:83:75:90:
                    63:a0:de:6c:60:34:f2:e1:27:38:63:49:78:02:80:
                    78:bc:24:e0:93:79:01:cc:e2:64:86:44:18:c0:9a:
                    4c:69:fa:96:fb:bf:c3:50:76:73:61:4f:ee:35:e0:
                    c7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:16:7A:29:DE:7A:58:31:FE:00:68:10:1D:7A:F5:C9:1C:2C:15:24
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/ExZ6Kd56WDH-AGgQHXr1yRwsFSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:2e:43:b9:cd:44:ef:34:92:a6:65:c1:79:f8:5e:cc:58:0a:
         98:c3:e9:6c:50:94:f9:1d:c8:fc:1e:e9:20:17:6e:b6:92:87:
         58:2a:0f:41:bf:94:73:f3:b6:85:0b:e7:ab:55:e6:b0:93:66:
         08:5e:e4:23:2f:d4:e8:51:9e:85:ea:5c:3c:be:38:63:2c:b0:
         02:1a:24:ae:3b:f0:64:4f:9b:48:76:5f:1d:88:f0:e6:c8:6d:
         25:9a:0e:9d:31:f9:b1:e4:65:6e:b9:d4:3e:45:a0:11:f5:26:
         ca:f5:6a:24:f8:12:44:ce:a1:30:b4:1f:ff:55:36:d1:4c:cb:
         11:15:9c:28:8e:c4:80:39:ba:d1:43:5f:89:47:7a:9e:7e:df:
         f7:4c:5f:23:87:38:d6:f7:75:e5:e3:dd:84:56:b6:43:21:12:
         91:a2:17:e8:14:d5:c7:0a:18:db:cd:6a:4b:b0:4c:f4:bb:82:
         1c:ac:47:b1:08:c2:36:68:b5:aa:3e:4b:d2:af:d0:35:a3:e7:
         9c:75:cc:79:4f:a0:4e:a3:d7:22:f5:8c:fc:7c:04:20:3a:58:
         86:ac:ac:b9:8a:72:13:46:e1:59:8e:dc:40:c2:86:4d:b6:18:
         90:57:03:01:0b:a9:8c:38:34:f2:a4:34:14:5d:50:1a:57:9a:
         d2:c2:07:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpTgIZJVxZBILw1wOIUsECUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjUxMTA1MTAxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzE2N2EyOWRlN2E1ODMxZmUwMDY4MTAxZDdhZjVjOTFjMmMxNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40AxFTc7lnXR5tLaLgvAlGrNaKN3
5V3YkRh9YzAgQVtjn+SXXus6QjmusIgkJAMsTnlVytQto4qnoxJBmTpZsETd0aFj
dH0ScSwxfFBN7UOqSIa6qTixaVGnRF18Tp8IQwiB1a5cFIbuXxqoAtTw404MaHaP
lUpzn0qHRDUjnFJLv0SJ8Bw6DDJAiR3GZA9uBM2twcN/Wk/WF5Ig7vkhdGQ/eB/x
oSGZrPZxy4xbQODy2M5oVvFIvej4g3rdJNEbBoI4a7PYFmYdxHvFQYyDdZBjoN5s
YDTy4Sc4Y0l4AoB4vCTgk3kBzOJkhkQYwJpMafqW+7/DUHZzYU/uNeDHwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMWeineelgx/gBoEB169ckcLBUkMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvRXhaNktkNTZXREgtQUdnUUhYcjF5UndzRlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXTAMA0G
CSqGSIb3DQEBCwUAA4IBAQCjLkO5zUTvNJKmZcF5+F7MWAqYw+lsUJT5Hcj8Hukg
F262kodYKg9Bv5Rz87aFC+erVeawk2YIXuQjL9ToUZ6F6lw8vjhjLLACGiSuO/Bk
T5tIdl8diPDmyG0lmg6dMfmx5GVuudQ+RaAR9SbK9Wok+BJEzqEwtB//VTbRTMsR
FZwojsSAObrRQ1+JR3qeft/3TF8jhzjW93Xl492EVrZDIRKRohfoFNXHChjbzWpL
sEz0u4IcrEexCMI2aLWqPkvSr9A1o+ecdcx5T6BOo9ci9Yz8fAQgOliGrKy5inIT
RuFZjtxAwoZNthiQVwMBC6mMODTypDQUXVAaV5rSwgcL
-----END CERTIFICATE-----