This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CIVx-yMNpqhrcKjoTwKoRxaN88s.roa
File:                     CIVx-yMNpqhrcKjoTwKoRxaN88s.roa (raw, json)
Hash identifier:          enH9E4NW1s30zvfJtzpA0G4+efoZT5IrqhziRm3I7kY=
Subject key identifier:   08:85:71:FB:23:0D:A6:A8:6B:70:A8:E8:4F:02:A8:47:16:8D:F3:CB
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAEA6A11CE65E23171FF4D4D067941
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CIVx-yMNpqhrcKjoTwKoRxaN88s.roa
Signing time:             Thu 01 Jan 2026 00:17:45 +0000
ROA not before:           Thu 01 Jan 2026 00:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32043
IP address blocks:        155.254.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 14:27:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:ea:6a:11:ce:65:e2:31:71:ff:4d:4d:06:79:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=088571fb230da6a86b70a8e84f02a847168df3cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:84:8d:f7:89:ce:fe:96:0a:3d:41:64:03:c5:
                    0b:3e:ad:ff:e7:5c:17:24:c8:3c:ac:30:02:87:0e:
                    a4:92:c1:34:40:01:4c:b3:3c:02:02:36:b8:ef:1e:
                    0b:b0:4c:65:06:c4:30:a7:bc:b4:9b:a3:45:f2:79:
                    b1:2f:6e:fa:77:22:c4:95:60:63:f3:30:54:4d:d1:
                    24:d2:8e:4e:8f:d6:14:97:ae:e3:5f:36:43:3f:16:
                    ce:b5:c0:00:f6:7f:32:cd:4e:b7:b8:cd:a1:e4:92:
                    9d:ff:f7:ef:c7:1b:4b:df:8d:21:e5:2e:fb:be:00:
                    63:33:2b:ac:f9:6b:41:50:56:88:a4:f7:9d:94:04:
                    7f:3b:89:63:45:23:07:7e:61:5c:79:e7:51:a5:4d:
                    84:00:e4:3a:54:6e:b4:8c:71:7f:2f:2f:49:87:4e:
                    ed:c1:bc:e1:a2:c8:f4:5c:11:6d:44:8a:58:67:99:
                    b6:c7:c6:23:c5:51:ff:99:85:12:53:26:be:6f:27:
                    2c:a0:22:91:47:ac:4a:a2:18:2f:dd:62:9b:fb:6f:
                    19:94:f7:aa:f3:0e:d0:ef:59:f4:6a:af:db:cf:13:
                    3a:47:52:30:2c:f9:75:0c:b0:0e:bc:a8:c7:01:ce:
                    c3:cb:c5:8d:d4:b0:cc:46:dd:be:2e:26:91:06:5e:
                    e0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:85:71:FB:23:0D:A6:A8:6B:70:A8:E8:4F:02:A8:47:16:8D:F3:CB
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CIVx-yMNpqhrcKjoTwKoRxaN88s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.254.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         db:8b:b6:e9:57:82:c8:1e:96:1f:0f:63:f0:d4:29:59:8a:e2:
         ed:ab:8d:c8:dc:93:85:8c:ac:7a:48:f2:53:d7:97:03:3d:b0:
         68:ec:7a:4f:b7:2b:ff:3b:79:18:0f:98:85:4b:87:37:d5:fb:
         34:a7:ee:11:30:8a:3c:42:f0:75:26:a2:66:85:b5:f8:58:55:
         79:3c:3a:09:2e:74:d8:42:33:2a:cb:cc:74:df:40:e7:cb:f6:
         9c:c1:eb:c6:dd:c2:34:b3:84:f5:1a:af:37:07:cf:34:4c:2e:
         59:fa:5b:98:5c:10:d9:67:38:c6:6c:b4:f1:60:b9:b6:94:2a:
         4b:ed:df:ad:b3:84:45:b0:56:a2:6e:cd:27:cd:b6:13:fb:1c:
         71:0a:24:eb:1d:f3:28:dc:83:81:7a:33:1d:04:6b:fe:06:80:
         a2:89:89:7e:b3:73:f3:0e:37:b6:ed:06:d8:e6:41:83:4e:fb:
         2b:19:5f:f4:88:4d:ca:ae:86:79:79:79:5a:ac:b8:fb:06:04:
         82:20:b2:91:e1:62:13:9c:67:87:97:2b:e5:b9:f9:38:e9:0c:
         46:ee:0d:8b:25:71:0a:ad:1a:90:d7:84:72:20:5e:9f:df:9e:
         3c:78:02:c9:e2:53:dd:54:c2:fd:1d:8f:e0:8d:2f:ed:4c:3f:
         a8:30:ea:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26upqEc5l4jFx/01NBnlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg1NzFmYjIzMGRhNmE4NmI3MGE4ZTg0ZjAyYTg0NzE2OGRmM2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoSN94nO/pYKPUFkA8ULPq3/51wX
JMg8rDAChw6kksE0QAFMszwCAja47x4LsExlBsQwp7y0m6NF8nmxL276dyLElWBj
8zBUTdEk0o5Oj9YUl67jXzZDPxbOtcAA9n8yzU63uM2h5JKd//fvxxtL340h5S77
vgBjMyus+WtBUFaIpPedlAR/O4ljRSMHfmFceedRpU2EAOQ6VG60jHF/Ly9Jh07t
wbzhosj0XBFtRIpYZ5m2x8YjxVH/mYUSUya+bycsoCKRR6xKohgv3WKb+28ZlPeq
8w7Q71n0aq/bzxM6R1IwLPl1DLAOvKjHAc7Dy8WN1LDMRt2+LiaRBl7gEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiFcfsjDaaoa3Co6E8CqEcWjfPLMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQ0lWeC15TU5wcWhyY0tqb1R3S29SeGFOODhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDm/5wMA0G
CSqGSIb3DQEBCwUAA4IBAQDbi7bpV4LIHpYfD2Pw1ClZiuLtq43I3JOFjKx6SPJT
15cDPbBo7HpPtyv/O3kYD5iFS4c31fs0p+4RMIo8QvB1JqJmhbX4WFV5PDoJLnTY
QjMqy8x030Dny/acwevG3cI0s4T1Gq83B880TC5Z+luYXBDZZzjGbLTxYLm2lCpL
7d+ts4RFsFaibs0nzbYT+xxxCiTrHfMo3IOBejMdBGv+BoCiiYl+s3PzDje27QbY
5kGDTvsrGV/0iE3KroZ5eXlarLj7BgSCILKR4WITnGeHlyvlufk46QxG7g2LJXEK
rRqQ14RyIF6f3548eALJ4lPdVML9HY/gjS/tTD+oMOqe
-----END CERTIFICATE-----