This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/v1kxLCHFe4rXrYp0W0C1yyln4_I.roa
File:                     v1kxLCHFe4rXrYp0W0C1yyln4_I.roa (raw, json)
Hash identifier:          6ZjRVf5/3Gwzgj/w23L+ctsJZNRROST71Vpw12YsM/U=
Subject key identifier:   BF:59:31:2C:21:C5:7B:8A:D7:AD:8A:74:5B:40:B5:CB:29:67:E3:F2
Certificate issuer:       /CN=6dbd51576b4a93460a465af35e6bf550f5548894
Certificate serial:       019B7758C93628DDD6A173F109D2FF5256F1
Authority key identifier: 6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/v1kxLCHFe4rXrYp0W0C1yyln4_I.roa
Signing time:             Thu 01 Jan 2026 02:17:45 +0000
ROA not before:           Thu 01 Jan 2026 02:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199619
IP address blocks:        185.5.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:c9:36:28:dd:d6:a1:73:f1:09:d2:ff:52:56:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd51576b4a93460a465af35e6bf550f5548894
        Validity
            Not Before: Jan  1 02:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf59312c21c57b8ad7ad8a745b40b5cb2967e3f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e8:da:9d:41:bf:0e:9a:75:7c:09:16:2b:20:
                    c2:e8:c4:71:ef:e5:71:e4:df:84:47:70:56:dd:9f:
                    5d:c2:4f:77:ce:4e:18:b5:b1:a2:f4:bc:c8:f8:0f:
                    df:69:c8:29:47:b4:e8:df:9d:b4:8b:56:5e:40:97:
                    d1:03:00:d1:90:ff:0f:57:ab:8f:37:68:d0:6d:b6:
                    39:96:a5:7a:8f:89:d2:35:43:59:5d:58:43:21:48:
                    69:bb:39:4c:4a:ab:5b:17:58:fd:94:e2:5c:89:85:
                    bf:09:20:cd:8f:59:ff:92:2b:72:09:cf:58:27:ce:
                    5f:29:a3:9c:c3:55:6b:10:e6:a8:f0:26:53:7e:c3:
                    eb:20:ae:fb:14:48:32:17:31:0c:3e:65:ae:f4:02:
                    8e:6e:7a:88:c7:ce:21:e8:0d:26:cd:d2:bc:ab:a7:
                    12:bc:37:ca:a9:f1:36:ee:60:cd:dd:ce:5a:59:47:
                    b0:f6:d0:de:fb:54:e2:6d:89:c1:9d:bf:24:5b:2b:
                    6e:33:da:4b:e7:e8:79:89:c8:9c:51:38:73:37:88:
                    fc:ca:fd:5a:dc:cb:fd:61:24:71:3f:6f:77:d3:9d:
                    eb:08:c8:36:d4:b4:3d:36:0c:b3:3b:16:4a:45:23:
                    35:4e:c2:a5:05:8d:ae:55:77:ce:db:ee:b5:a5:34:
                    dd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:59:31:2C:21:C5:7B:8A:D7:AD:8A:74:5B:40:B5:CB:29:67:E3:F2
            X509v3 Authority Key Identifier:
                keyid:6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/v1kxLCHFe4rXrYp0W0C1yyln4_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:65:7c:92:53:87:60:96:0c:24:75:52:f1:5b:0d:68:aa:ad:
         a0:c4:ed:18:09:7b:df:96:35:8f:ec:92:5b:dd:29:2a:86:82:
         86:f3:55:bc:f2:c1:07:c6:04:e2:6d:2a:60:a2:2f:91:50:5e:
         c3:ee:e7:92:11:83:cc:77:03:db:f7:08:ea:a5:db:40:41:51:
         69:dc:b8:b3:91:12:57:2d:52:92:bf:ca:25:6b:51:0f:c7:5e:
         a0:ff:9f:ca:b1:5f:9a:55:c9:12:82:7f:d5:29:5e:0b:00:6c:
         78:14:01:31:67:b6:1a:5c:63:a1:c7:4b:2a:0e:52:82:a5:d6:
         58:91:dc:da:b4:a5:94:23:70:68:e2:ba:fd:a7:60:aa:8d:7b:
         a7:22:80:1b:f1:fc:1c:9c:93:3c:81:bb:b5:2c:d1:15:5c:b8:
         11:b6:c4:8a:c8:c4:7c:6c:e7:74:07:96:24:81:a6:95:cf:85:
         17:7a:fc:63:ff:58:78:87:d2:6b:1e:07:d2:ca:8b:ef:31:5d:
         4f:e7:84:b0:40:e7:a3:26:f2:dc:1c:8c:7c:8c:ae:1a:f6:c8:
         56:82:fe:db:f3:91:56:3d:ef:85:66:12:ea:f8:90:a8:28:d1:
         22:72:dc:cb:5b:ea:3a:ea:3e:47:d3:65:6a:c2:c3:d5:90:b1:
         63:55:f6:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WMk2KN3WoXPxCdL/UlbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1MTU3NmI0YTkzNDYwYTQ2NWFmMzVlNmJmNTUwZjU1
NDg4OTQwHhcNMjYwMTAxMDIxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU5MzEyYzIxYzU3YjhhZDdhZDhhNzQ1YjQwYjVjYjI5NjdlM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+janUG/Dpp1fAkWKyDC6MRx7+Vx
5N+ER3BW3Z9dwk93zk4YtbGi9LzI+A/facgpR7To3520i1ZeQJfRAwDRkP8PV6uP
N2jQbbY5lqV6j4nSNUNZXVhDIUhpuzlMSqtbF1j9lOJciYW/CSDNj1n/kityCc9Y
J85fKaOcw1VrEOao8CZTfsPrIK77FEgyFzEMPmWu9AKObnqIx84h6A0mzdK8q6cS
vDfKqfE27mDN3c5aWUew9tDe+1TibYnBnb8kWytuM9pL5+h5icicUThzN4j8yv1a
3Mv9YSRxP293053rCMg21LQ9NgyzOxZKRSM1TsKlBY2uVXfO2+61pTTdxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9ZMSwhxXuK162KdFtAtcspZ+PyMB8GA1UdIwQY
MBaAFG29UVdrSpNGCkZa815r9VD1VIiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUt
MWVmN2VmMTdmYTQzLzEvdjFreExDSEZlNHJYcllwMFcwQzF5eWxuNF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUtMWVmN2VmMTdmYTQz
LzEvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQWPMA0G
CSqGSIb3DQEBCwUAA4IBAQBYZXySU4dglgwkdVLxWw1oqq2gxO0YCXvfljWP7JJb
3SkqhoKG81W88sEHxgTibSpgoi+RUF7D7ueSEYPMdwPb9wjqpdtAQVFp3LizkRJX
LVKSv8ola1EPx16g/5/KsV+aVckSgn/VKV4LAGx4FAExZ7YaXGOhx0sqDlKCpdZY
kdzatKWUI3Bo4rr9p2CqjXunIoAb8fwcnJM8gbu1LNEVXLgRtsSKyMR8bOd0B5Yk
gaaVz4UXevxj/1h4h9JrHgfSyovvMV1P54SwQOejJvLcHIx8jK4a9shWgv7b85FW
Pe+FZhLq+JCoKNEictzLW+o66j5H02VqwsPVkLFjVfa9
-----END CERTIFICATE-----