This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/cljflfngv7VZa65xQ-duBbtPRE0.roa
File:                     cljflfngv7VZa65xQ-duBbtPRE0.roa (raw, json)
Hash identifier:          9lokgvNxPt+p28kHYXp3QH4rvvO9XazJeqstX10GvAU=
Subject key identifier:   72:58:DF:95:F9:E0:BF:B5:59:6B:AE:71:43:E7:6E:05:BB:4F:44:4D
Certificate issuer:       /CN=7650634c4e4177b91844b6dc0aeb73298d8b43fa
Certificate serial:       019B7C131B500E933B2FCE8FFD1C40F06857
Authority key identifier: 76:50:63:4C:4E:41:77:B9:18:44:B6:DC:0A:EB:73:29:8D:8B:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/cljflfngv7VZa65xQ-duBbtPRE0.roa
Signing time:             Fri 02 Jan 2026 00:19:45 +0000
ROA not before:           Fri 02 Jan 2026 00:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51798
IP address blocks:        185.58.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:1b:50:0e:93:3b:2f:ce:8f:fd:1c:40:f0:68:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7650634c4e4177b91844b6dc0aeb73298d8b43fa
        Validity
            Not Before: Jan  2 00:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7258df95f9e0bfb5596bae7143e76e05bb4f444d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:61:cb:59:c3:c4:b6:0a:cd:00:71:72:1d:
                    41:c2:e5:28:f0:d0:fd:ff:ee:72:d7:d8:21:4c:77:
                    12:82:a3:08:37:0c:d1:94:97:0b:74:25:76:2b:ad:
                    e4:27:12:c2:cb:1f:e0:a0:c1:76:df:fb:bd:08:41:
                    e0:05:de:0a:6e:53:b4:92:85:a8:96:ef:45:82:15:
                    dc:41:03:2f:c0:a5:93:c4:c6:69:fb:31:aa:c4:18:
                    7b:73:db:bb:c1:e8:11:78:f0:6c:b7:a4:45:cd:05:
                    c7:dc:33:37:61:da:5b:dd:5f:ea:6b:ba:ff:96:8e:
                    21:cb:72:94:8c:c2:62:04:7b:10:be:fd:b4:e3:5d:
                    b7:ad:c9:12:cd:a2:e3:54:73:68:f8:97:5e:16:c2:
                    92:68:8e:dd:40:f3:90:77:37:aa:b9:a8:39:33:8c:
                    00:6b:56:bf:bb:6e:20:a1:63:34:ca:48:b8:09:bb:
                    52:60:2d:94:3b:8e:1c:24:2d:8c:f0:5a:07:5a:05:
                    b2:41:96:2e:0b:41:a0:d1:d8:2d:f3:0b:78:b0:20:
                    c8:a4:c1:df:92:84:b4:6b:56:63:8a:98:db:6c:6a:
                    97:bd:90:cd:6a:e8:64:16:78:07:7f:ee:9b:fc:cf:
                    3a:bc:09:42:ee:4d:ff:83:dc:e6:d4:d0:1f:fb:d1:
                    3d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:58:DF:95:F9:E0:BF:B5:59:6B:AE:71:43:E7:6E:05:BB:4F:44:4D
            X509v3 Authority Key Identifier:
                keyid:76:50:63:4C:4E:41:77:B9:18:44:B6:DC:0A:EB:73:29:8D:8B:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/cljflfngv7VZa65xQ-duBbtPRE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a4f6e4-12e7-421f-aa31-4115bd508284/1/dlBjTE5Bd7kYRLbcCutzKY2LQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:e8:7f:51:50:a4:41:5a:ae:f0:46:f9:85:9a:61:9b:5a:3c:
         0e:37:6a:0d:f7:3c:ba:cf:bb:98:c6:1a:e2:60:4b:c7:a6:2d:
         aa:30:0c:b7:01:3e:51:e7:db:e5:e8:a3:b2:82:c8:28:6f:15:
         f4:0b:60:35:af:29:43:78:91:32:ea:f8:9b:1c:23:53:e0:1c:
         a0:9f:79:26:52:5f:0b:f7:1e:90:9b:cd:65:c7:2d:29:cc:ef:
         e9:48:f3:bf:5f:64:5e:0c:64:2d:4d:34:f9:e0:46:cb:18:a6:
         a5:37:b0:47:fc:e5:a6:3f:fd:12:86:7b:2d:e9:ef:65:41:d5:
         72:d0:97:08:8f:99:b0:fe:7f:c8:de:d0:f0:9f:ec:68:1c:ee:
         f1:5f:c5:b6:0b:a1:96:0f:0a:18:4b:39:6f:95:aa:41:86:4a:
         38:06:57:83:8a:7c:3d:02:1b:ef:0b:03:29:f7:46:1b:ec:6e:
         f1:ad:ab:5c:52:f7:3e:af:95:a4:17:c9:22:b6:c4:2a:04:56:
         59:e8:84:38:9b:1f:00:35:2d:6d:6e:51:19:46:69:7b:3e:5b:
         5b:a2:e1:c8:9f:1f:66:81:f7:9d:19:0e:de:8e:92:13:e3:f7:
         38:27:a4:72:24:0a:04:70:69:99:dc:cc:4d:98:ee:13:ac:2d:
         97:a6:d5:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ExtQDpM7L86P/RxA8GhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTA2MzRjNGU0MTc3YjkxODQ0YjZkYzBhZWI3MzI5OGQ4
YjQzZmEwHhcNMjYwMTAyMDAxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU4ZGY5NWY5ZTBiZmI1NTk2YmFlNzE0M2U3NmUwNWJiNGY0NDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy5hy1nDxLYKzQBxch1BwuUo8ND9
/+5y19ghTHcSgqMINwzRlJcLdCV2K63kJxLCyx/goMF23/u9CEHgBd4KblO0koWo
lu9FghXcQQMvwKWTxMZp+zGqxBh7c9u7wegRePBst6RFzQXH3DM3Ydpb3V/qa7r/
lo4hy3KUjMJiBHsQvv204123rckSzaLjVHNo+JdeFsKSaI7dQPOQdzequag5M4wA
a1a/u24goWM0yki4CbtSYC2UO44cJC2M8FoHWgWyQZYuC0Gg0dgt8wt4sCDIpMHf
koS0a1ZjipjbbGqXvZDNauhkFngHf+6b/M86vAlC7k3/g9zm1NAf+9E9PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJY35X54L+1WWuucUPnbgW7T0RNMB8GA1UdIwQY
MBaAFHZQY0xOQXe5GES23ArrcymNi0P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxCalRFNUJkN2tZUkxiY0N1dHpLWTJMUV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9hNGY2ZTQtMTJlNy00MjFmLWFhMzEt
NDExNWJkNTA4Mjg0LzEvY2xqZmxmbmd2N1ZaYTY1eFEtZHVCYnRQUkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9hNGY2ZTQtMTJlNy00MjFmLWFhMzEtNDExNWJkNTA4Mjg0
LzEvZGxCalRFNUJkN2tZUkxiY0N1dHpLWTJMUV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTqAMA0G
CSqGSIb3DQEBCwUAA4IBAQBT6H9RUKRBWq7wRvmFmmGbWjwON2oN9zy6z7uYxhri
YEvHpi2qMAy3AT5R59vl6KOygsgobxX0C2A1rylDeJEy6vibHCNT4Bygn3kmUl8L
9x6Qm81lxy0pzO/pSPO/X2ReDGQtTTT54EbLGKalN7BH/OWmP/0Shnst6e9lQdVy
0JcIj5mw/n/I3tDwn+xoHO7xX8W2C6GWDwoYSzlvlapBhko4BleDinw9AhvvCwMp
90Yb7G7xratcUvc+r5WkF8kitsQqBFZZ6IQ4mx8ANS1tblEZRml7PltbouHInx9m
gfedGQ7ejpIT4/c4J6RyJAoEcGmZ3MxNmO4TrC2XptU8
-----END CERTIFICATE-----