This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/g4wrIHIGlRmBjCBIOZWynLiU_RQ.roa
File:                     g4wrIHIGlRmBjCBIOZWynLiU_RQ.roa (raw, json)
Hash identifier:          crp+OmNL+gqdA9fGFNYDxasudDTsK6CYTas0oygF0Vs=
Subject key identifier:   83:8C:2B:20:72:06:95:19:81:8C:20:48:39:95:B2:9C:B8:94:FD:14
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       019B77C709DFAB686D931211FAB709D88465
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/g4wrIHIGlRmBjCBIOZWynLiU_RQ.roa
Signing time:             Thu 01 Jan 2026 04:18:11 +0000
ROA not before:           Thu 01 Jan 2026 04:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50247
IP address blocks:        194.1.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Feb 2026 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:09:df:ab:68:6d:93:12:11:fa:b7:09:d8:84:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  1 04:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=838c2b2072069519818c20483995b29cb894fd14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:42:e5:2b:77:88:b0:c7:e2:96:e9:71:50:d0:
                    a0:4d:36:84:b5:f5:96:0c:65:a0:d0:0c:fb:7d:89:
                    ac:65:0d:59:51:e9:ef:00:99:33:3f:21:12:aa:33:
                    dc:72:19:a6:ad:0c:f5:4e:c9:a7:ef:f7:2e:74:ec:
                    aa:14:75:ab:2f:db:93:55:3a:07:97:53:dd:1f:14:
                    51:c9:de:57:3c:75:15:31:dc:99:e4:a7:7b:9d:c4:
                    d7:80:e8:8f:08:0f:07:32:71:97:f0:6c:9f:48:55:
                    fd:06:1c:54:39:e9:c4:f9:a8:94:ce:90:b8:91:02:
                    e0:c2:eb:aa:a8:8d:f1:ce:dc:55:9e:99:29:e6:b5:
                    41:8b:00:59:1a:99:36:82:02:bd:fb:8c:75:40:62:
                    2e:54:bf:da:31:3f:07:5e:68:83:46:fc:1c:8b:da:
                    a8:25:1b:0b:12:c0:b8:a8:65:57:62:e4:d8:d9:00:
                    dc:a3:9c:17:06:e6:2c:fd:af:23:6b:d6:62:30:43:
                    ec:67:b4:3a:53:f8:67:bc:3a:48:15:98:0d:20:53:
                    fe:98:a8:14:c4:d2:80:b1:5e:a3:2c:5c:7f:c3:a1:
                    21:43:b2:02:da:b9:1b:60:33:bf:d2:8e:db:11:73:
                    0e:96:7c:f0:d4:16:98:a8:a3:34:17:ae:45:90:24:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:8C:2B:20:72:06:95:19:81:8C:20:48:39:95:B2:9C:B8:94:FD:14
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/g4wrIHIGlRmBjCBIOZWynLiU_RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:70:34:2d:07:f0:25:a4:73:1f:b5:0e:77:5a:85:af:9b:77:
         3d:03:ec:43:be:e5:24:75:64:f7:d0:94:a1:73:b4:4f:6c:d7:
         27:e3:5c:e8:a3:56:54:69:a3:29:df:c6:24:24:13:a3:28:2d:
         85:1b:7e:eb:3e:5d:09:68:6b:7b:f9:d5:72:3d:87:85:80:e6:
         1b:21:df:53:68:d9:15:2e:75:99:54:b5:d7:06:d9:de:7b:74:
         e7:12:15:ad:c5:2d:de:5d:d7:56:9c:6a:cd:0c:c6:e5:d4:2f:
         f5:5f:ab:b1:27:38:cc:9b:d2:9a:a1:39:26:90:e3:e5:89:92:
         91:e7:d2:3e:fb:a4:54:36:88:55:98:b2:5e:2e:de:e1:24:0f:
         56:1b:4e:d4:35:f9:5f:33:10:92:0f:71:90:f3:09:af:28:a4:
         83:1a:ba:7b:fb:83:f9:b3:fa:8f:8c:89:f6:8c:af:cf:b1:a1:
         f9:bb:0e:74:5f:f4:d9:13:aa:f7:04:02:66:7e:2f:03:2d:ea:
         c4:ed:ce:7c:39:4e:c5:aa:27:ba:a5:1c:8f:36:2c:64:c3:b5:
         68:94:ed:48:ef:f2:2f:93:d9:20:2a:eb:bf:37:05:1b:60:d9:
         66:8f:f3:b3:ac:bb:e4:71:c5:eb:1e:ad:cc:a1:5c:94:b4:97:
         10:bc:1c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwnfq2htkxIR+rcJ2IRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjYwMTAxMDQxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzhjMmIyMDcyMDY5NTE5ODE4YzIwNDgzOTk1YjI5Y2I4OTRmZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykLlK3eIsMfilulxUNCgTTaEtfWW
DGWg0Az7fYmsZQ1ZUenvAJkzPyESqjPcchmmrQz1Tsmn7/cudOyqFHWrL9uTVToH
l1PdHxRRyd5XPHUVMdyZ5Kd7ncTXgOiPCA8HMnGX8GyfSFX9BhxUOenE+aiUzpC4
kQLgwuuqqI3xztxVnpkp5rVBiwBZGpk2ggK9+4x1QGIuVL/aMT8HXmiDRvwci9qo
JRsLEsC4qGVXYuTY2QDco5wXBuYs/a8ja9ZiMEPsZ7Q6U/hnvDpIFZgNIFP+mKgU
xNKAsV6jLFx/w6EhQ7IC2rkbYDO/0o7bEXMOlnzw1BaYqKM0F65FkCQJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOMKyByBpUZgYwgSDmVspy4lP0UMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvZzR3cklISUdsUm1CakNCSU9aV3luTGlVX1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgH8MA0G
CSqGSIb3DQEBCwUAA4IBAQCjcDQtB/AlpHMftQ53WoWvm3c9A+xDvuUkdWT30JSh
c7RPbNcn41zoo1ZUaaMp38YkJBOjKC2FG37rPl0JaGt7+dVyPYeFgOYbId9TaNkV
LnWZVLXXBtnee3TnEhWtxS3eXddWnGrNDMbl1C/1X6uxJzjMm9KaoTkmkOPliZKR
59I++6RUNohVmLJeLt7hJA9WG07UNflfMxCSD3GQ8wmvKKSDGrp7+4P5s/qPjIn2
jK/PsaH5uw50X/TZE6r3BAJmfi8DLerE7c58OU7Fqie6pRyPNixkw7VolO1I7/Iv
k9kgKuu/NwUbYNlmj/OzrLvkccXrHq3MoVyUtJcQvBxu
-----END CERTIFICATE-----