This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/5QMp3XV_wAqdBe0SsahQPe_A6PM.roa
File:                     5QMp3XV_wAqdBe0SsahQPe_A6PM.roa (raw, json)
Hash identifier:          t27wu0dJA6WxebtISJDZ4r6J1S7Z1TLaFhiE16zB+EA=
Subject key identifier:   E5:03:29:DD:75:7F:C0:0A:9D:05:ED:12:B1:A8:50:3D:EF:C0:E8:F3
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       019B79EC9220675C9AF78B50C2F583E83896
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/5QMp3XV_wAqdBe0SsahQPe_A6PM.roa
Signing time:             Thu 01 Jan 2026 14:18:25 +0000
ROA not before:           Thu 01 Jan 2026 14:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44559
IP address blocks:        194.242.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:92:20:67:5c:9a:f7:8b:50:c2:f5:83:e8:38:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Jan  1 14:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e50329dd757fc00a9d05ed12b1a8503defc0e8f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d4:b4:3a:5f:43:b7:dc:3b:60:ac:29:5e:3c:
                    df:b8:fc:8b:66:f7:ca:19:3d:6e:aa:d5:61:90:42:
                    c9:fe:86:17:c6:21:ee:25:75:9e:d5:2c:f4:fa:13:
                    fd:d5:20:cb:e1:2e:01:8a:db:63:60:7f:2a:e5:e4:
                    1c:c0:a7:b5:5c:c8:fb:8c:ee:54:2c:dc:8b:40:fc:
                    36:b8:d9:54:14:e3:79:a2:70:c8:ee:a2:98:2e:77:
                    e7:60:9d:63:a2:2e:7c:70:ec:0b:9f:8e:6c:c3:7a:
                    c9:9b:b6:fb:14:be:05:94:90:cf:04:89:d5:95:8e:
                    ed:0c:50:7d:7a:e3:98:17:d4:02:fb:d7:07:99:bf:
                    cb:86:0a:5e:dd:f4:bd:04:ba:e3:fa:d8:b5:36:85:
                    a6:c4:6c:20:05:2c:59:15:ca:54:5d:b4:6e:c3:42:
                    f8:41:57:2a:53:44:89:b9:87:96:28:60:a1:f4:d6:
                    13:ff:73:40:59:ee:a1:95:39:5c:07:5c:c0:12:d3:
                    23:8c:e4:04:7f:1c:29:9a:19:77:ef:26:78:70:9e:
                    cf:08:1a:39:f5:40:b8:b0:e1:8a:d8:7d:f9:f9:39:
                    38:2c:77:0b:fc:c2:2f:33:b5:c3:01:e0:8e:80:b6:
                    87:0a:48:d1:f5:fa:de:59:00:e0:f1:8d:ca:43:fe:
                    48:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:03:29:DD:75:7F:C0:0A:9D:05:ED:12:B1:A8:50:3D:EF:C0:E8:F3
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/5QMp3XV_wAqdBe0SsahQPe_A6PM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:fd:f9:13:8b:d9:87:18:e9:50:df:57:e1:d9:fb:74:32:8b:
         a7:5c:1f:74:78:d5:f4:68:61:47:38:52:ab:53:3b:ba:52:56:
         8f:a5:35:8b:90:33:48:13:38:c8:5d:91:02:c7:18:5c:9f:19:
         ff:92:56:bd:a4:0e:60:6e:55:78:fa:53:e8:c7:4d:f0:00:17:
         eb:7d:4a:7f:89:29:34:e5:f7:7d:87:4f:89:b9:33:15:8b:75:
         c2:84:45:ec:19:d6:78:b4:e6:fc:d7:b1:45:c7:da:b5:8a:e0:
         64:f6:d5:df:53:99:eb:b2:c9:d5:45:5e:cc:1c:f6:b1:77:c8:
         3b:04:69:0d:c2:78:5f:90:1d:69:8f:f4:00:9d:5a:bc:e7:e8:
         aa:d7:6e:a5:d6:05:27:61:d7:3d:0e:9b:71:ba:44:08:1a:1a:
         4d:42:fd:18:df:74:70:72:cf:44:fd:20:aa:36:c7:0a:d1:e6:
         cd:a5:3f:cf:2d:23:2b:62:b3:c7:bb:07:f2:ba:6e:04:70:ca:
         4b:0a:55:cd:e0:95:89:b8:6a:84:43:1f:2d:fb:2c:d2:50:da:
         14:0f:f9:f8:a9:08:3c:bd:de:24:92:b5:d5:ce:f8:94:83:e9:
         1d:67:ae:8d:10:0e:cf:e6:50:a1:ec:40:00:f4:67:10:21:ba:
         c4:04:a3:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57JIgZ1ya94tQwvWD6DiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjYwMTAxMTQxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTAzMjlkZDc1N2ZjMDBhOWQwNWVkMTJiMWE4NTAzZGVmYzBlOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NS0Ol9Dt9w7YKwpXjzfuPyLZvfK
GT1uqtVhkELJ/oYXxiHuJXWe1Sz0+hP91SDL4S4BittjYH8q5eQcwKe1XMj7jO5U
LNyLQPw2uNlUFON5onDI7qKYLnfnYJ1joi58cOwLn45sw3rJm7b7FL4FlJDPBInV
lY7tDFB9euOYF9QC+9cHmb/Lhgpe3fS9BLrj+ti1NoWmxGwgBSxZFcpUXbRuw0L4
QVcqU0SJuYeWKGCh9NYT/3NAWe6hlTlcB1zAEtMjjOQEfxwpmhl37yZ4cJ7PCBo5
9UC4sOGK2H35+Tk4LHcL/MIvM7XDAeCOgLaHCkjR9freWQDg8Y3KQ/5ILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUDKd11f8AKnQXtErGoUD3vwOjzMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvNVFNcDNYVl93QXFkQmUwU3NhaFFQZV9BNlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQDP/fkTi9mHGOlQ31fh2ft0MounXB90eNX0aGFHOFKr
Uzu6UlaPpTWLkDNIEzjIXZECxxhcnxn/kla9pA5gblV4+lPox03wABfrfUp/iSk0
5fd9h0+JuTMVi3XChEXsGdZ4tOb817FFx9q1iuBk9tXfU5nrssnVRV7MHPaxd8g7
BGkNwnhfkB1pj/QAnVq85+iq126l1gUnYdc9DptxukQIGhpNQv0Y33Rwcs9E/SCq
NscK0ebNpT/PLSMrYrPHuwfyum4EcMpLClXN4JWJuGqEQx8t+yzSUNoUD/n4qQg8
vd4kkrXVzviUg+kdZ66NEA7P5lCh7EAA9GcQIbrEBKOt
-----END CERTIFICATE-----