This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/G5FnSUz31AbVLph_XF_b2V-WE4k.roa
File:                     G5FnSUz31AbVLph_XF_b2V-WE4k.roa (raw, json)
Hash identifier:          OyarEjklBShgcZGA7xw5r7NANY/GN4xIbQ4B1wFv/ow=
Subject key identifier:   1B:91:67:49:4C:F7:D4:06:D5:2E:98:7F:5C:5F:DB:D9:5F:96:13:89
Certificate issuer:       /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial:       019B7D5BE644E88041EAA5F7CF7042F92E4B
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/G5FnSUz31AbVLph_XF_b2V-WE4k.roa
Signing time:             Fri 02 Jan 2026 06:18:52 +0000
ROA not before:           Fri 02 Jan 2026 06:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        193.40.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:e6:44:e8:80:41:ea:a5:f7:cf:70:42:f9:2e:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
        Validity
            Not Before: Jan  2 06:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b9167494cf7d406d52e987f5c5fdbd95f961389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fe:a2:ba:dd:ab:20:0e:77:6f:ea:5c:25:a6:
                    2e:56:d5:67:ef:74:15:80:fd:23:9e:6e:eb:fa:69:
                    f9:62:ac:67:6a:0e:bd:6b:98:03:79:3f:b7:8a:ba:
                    dc:be:59:73:05:e4:0e:77:31:a1:52:8e:75:b8:e8:
                    88:93:11:da:06:80:df:7d:eb:f3:6e:8f:7c:8b:e5:
                    f6:03:48:a9:71:07:f8:02:ca:38:d0:fa:8d:54:2f:
                    08:98:ad:c5:f8:92:a4:cc:18:d3:bc:e8:61:3c:2c:
                    2f:b9:8a:14:da:08:db:64:f5:9d:ff:e0:25:5a:84:
                    a5:6f:3d:2f:ec:7f:b7:b1:bc:b9:f5:87:f8:77:4e:
                    7d:ee:85:3d:d8:60:c6:2e:53:58:ca:a7:97:f3:a0:
                    2c:e5:a1:9d:0a:b5:98:4b:1a:2f:7f:72:a4:2c:50:
                    f6:85:13:cd:a5:82:3d:d5:dd:44:0a:b6:d6:cd:ba:
                    61:3a:34:e0:69:ec:43:fe:2a:6b:5a:c8:9f:fc:f9:
                    a5:a2:bf:85:e2:86:57:eb:81:96:de:50:ca:50:4d:
                    39:1a:48:d0:f5:d8:ef:d2:4a:69:70:02:db:f9:91:
                    58:1c:51:a2:a7:18:79:9d:e8:a2:55:fe:99:51:1d:
                    e1:71:8a:74:91:f7:b4:61:24:12:dd:6d:4e:7c:1c:
                    a2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:91:67:49:4C:F7:D4:06:D5:2E:98:7F:5C:5F:DB:D9:5F:96:13:89
            X509v3 Authority Key Identifier:
                keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/G5FnSUz31AbVLph_XF_b2V-WE4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.40.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:03:25:87:b6:4a:17:f0:dd:d8:17:f2:9a:c1:64:80:05:f9:
         61:80:d7:c9:d7:d4:87:5f:4c:89:e6:fb:18:55:16:41:f2:82:
         a0:67:20:38:2e:b7:7b:93:93:cf:fb:b6:14:20:2c:1f:76:63:
         d5:f0:34:88:6b:1e:19:c4:7b:92:c7:87:70:14:ec:6c:04:6c:
         92:40:7f:bc:a3:64:4e:33:90:57:8d:7c:26:72:c2:95:e9:e5:
         46:e9:ed:da:f1:e6:cc:d2:94:3a:40:2d:93:93:e0:7c:ef:db:
         72:40:d1:3b:e1:c6:1b:02:3d:b8:f5:df:92:fe:6b:4f:5b:21:
         81:59:6c:04:be:b1:ad:77:ec:04:83:65:50:8b:73:2b:b4:b7:
         9a:e4:0b:21:d7:9f:a2:00:2f:d9:b9:9e:b1:8d:e7:f9:85:d4:
         8a:fc:49:64:04:44:0e:0e:ef:28:ef:25:40:bc:17:3f:6b:05:
         83:49:97:4a:0e:8e:41:43:d0:ab:fe:84:d2:41:01:00:82:b0:
         47:cd:74:fa:79:56:45:99:13:80:04:7f:bd:9d:b5:d5:af:2a:
         ac:c8:8c:5e:0f:a6:5f:2d:56:5b:2d:2f:9e:63:93:5a:fe:7e:
         f5:47:98:e5:cf:5c:3c:b2:33:64:68:f9:1b:56:bd:40:f8:57:
         f7:74:77:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W+ZE6IBB6qX3z3BC+S5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjYwMTAyMDYxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjkxNjc0OTRjZjdkNDA2ZDUyZTk4N2Y1YzVmZGJkOTVmOTYxMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf6iut2rIA53b+pcJaYuVtVn73QV
gP0jnm7r+mn5Yqxnag69a5gDeT+3irrcvllzBeQOdzGhUo51uOiIkxHaBoDffevz
bo98i+X2A0ipcQf4Aso40PqNVC8ImK3F+JKkzBjTvOhhPCwvuYoU2gjbZPWd/+Al
WoSlbz0v7H+3sby59Yf4d0597oU92GDGLlNYyqeX86As5aGdCrWYSxovf3KkLFD2
hRPNpYI91d1ECrbWzbphOjTgaexD/iprWsif/Pmlor+F4oZX64GW3lDKUE05GkjQ
9djv0kppcALb+ZFYHFGipxh5neiiVf6ZUR3hcYp0kfe0YSQS3W1OfByidwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuRZ0lM99QG1S6Yf1xf29lflhOJMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvRzVGblNVejMxQWJWTHBoX1hGX2IyVi1XRTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSjDMA0G
CSqGSIb3DQEBCwUAA4IBAQAGAyWHtkoX8N3YF/KawWSABflhgNfJ19SHX0yJ5vsY
VRZB8oKgZyA4Lrd7k5PP+7YUICwfdmPV8DSIax4ZxHuSx4dwFOxsBGySQH+8o2RO
M5BXjXwmcsKV6eVG6e3a8ebM0pQ6QC2Tk+B879tyQNE74cYbAj249d+S/mtPWyGB
WWwEvrGtd+wEg2VQi3MrtLea5Ash15+iAC/ZuZ6xjef5hdSK/ElkBEQODu8o7yVA
vBc/awWDSZdKDo5BQ9Cr/oTSQQEAgrBHzXT6eVZFmROABH+9nbXVryqsyIxeD6Zf
LVZbLS+eY5Na/n71R5jlz1w8sjNkaPkbVr1A+Ff3dHfA
-----END CERTIFICATE-----