This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/1-kHdsLNbk3wn4YZGGv7nR6qgmuo.roa
File:                     1-kHdsLNbk3wn4YZGGv7nR6qgmuo.roa (raw, json)
Hash identifier:          GP85i29ZuAZsmZlUrVOG+U5Hl6NUzQEiBUiRqfR82Fs=
Subject key identifier:   FA:41:DD:B0:B3:5B:93:7C:27:E1:86:46:1A:FE:E7:47:AA:A0:9A:EA
Certificate issuer:       /CN=ee82395001b03c663509909979dfb78445b3d9c4
Certificate serial:       019B7AC845BB7CC71F5497020CF4EA2ED820
Authority key identifier: EE:82:39:50:01:B0:3C:66:35:09:90:99:79:DF:B7:84:45:B3:D9:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7oI5UAGwPGY1CZCZed-3hEWz2cQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/1-kHdsLNbk3wn4YZGGv7nR6qgmuo.roa
Signing time:             Thu 01 Jan 2026 18:18:23 +0000
ROA not before:           Thu 01 Jan 2026 18:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8253
IP address blocks:        192.108.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/7oI5UAGwPGY1CZCZed-3hEWz2cQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/7oI5UAGwPGY1CZCZed-3hEWz2cQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7oI5UAGwPGY1CZCZed-3hEWz2cQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 15:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:45:bb:7c:c7:1f:54:97:02:0c:f4:ea:2e:d8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee82395001b03c663509909979dfb78445b3d9c4
        Validity
            Not Before: Jan  1 18:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa41ddb0b35b937c27e186461afee747aaa09aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:83:33:b1:45:66:f0:d7:97:f1:eb:89:20:ec:
                    b3:64:31:53:28:ae:bb:71:f3:8f:20:fb:e4:79:58:
                    e5:e1:15:62:57:be:61:8b:b0:49:cb:3a:00:9b:18:
                    47:47:1d:eb:c8:d1:84:91:92:a3:75:b2:b7:ac:57:
                    1c:e9:18:f7:14:0e:99:20:94:b1:85:f7:6f:33:1e:
                    ec:04:05:30:38:50:47:89:ba:ac:30:df:99:ff:8d:
                    dc:c9:cd:ef:66:25:68:9e:ec:bc:4b:14:2b:7e:37:
                    d0:74:22:96:9b:b1:0d:15:51:38:d9:5f:e8:03:8a:
                    a2:70:58:09:3d:3f:19:93:8a:04:56:c0:e1:6f:8f:
                    49:6a:0d:06:b5:08:e5:35:44:c6:ef:9f:94:7f:69:
                    6b:8a:1e:40:eb:0b:c6:0d:dd:a3:16:40:bd:f8:3e:
                    d4:cc:8d:8e:0a:fe:15:29:db:3c:8a:02:a5:a2:ca:
                    ce:67:a7:56:b1:21:a2:73:be:52:f6:af:f3:ab:0e:
                    9c:9d:b8:85:5d:f4:9d:00:30:47:8a:8f:8c:fc:5f:
                    c4:18:0b:cc:cf:0c:e3:5d:65:7f:ea:7a:33:b0:a9:
                    5f:2c:5f:2d:68:76:23:f0:96:07:31:15:09:e9:ee:
                    92:49:c8:56:6e:db:aa:9b:39:c4:dc:ca:4b:77:8c:
                    66:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:41:DD:B0:B3:5B:93:7C:27:E1:86:46:1A:FE:E7:47:AA:A0:9A:EA
            X509v3 Authority Key Identifier:
                keyid:EE:82:39:50:01:B0:3C:66:35:09:90:99:79:DF:B7:84:45:B3:D9:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oI5UAGwPGY1CZCZed-3hEWz2cQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/1-kHdsLNbk3wn4YZGGv7nR6qgmuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/ef2a01-d8ca-4b94-8f67-78ea83d21249/1/7oI5UAGwPGY1CZCZed-3hEWz2cQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.108.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d7:91:46:f5:69:41:4d:ae:06:e5:ac:6f:b5:2a:1c:29:91:
         9a:02:61:4e:9c:ce:cd:13:bb:44:c3:14:86:6f:35:33:24:11:
         97:52:fd:49:56:06:df:ef:e8:3f:f5:84:9e:0d:38:95:89:99:
         41:3a:7f:27:dc:0d:c2:55:83:50:5a:02:f1:26:c0:28:17:6e:
         31:24:f6:21:c6:bf:5b:22:09:0f:6a:e3:fe:58:8e:23:a9:01:
         2d:28:8f:e7:02:35:e7:98:cc:01:68:2b:74:c9:b1:d1:ad:ed:
         37:ea:0a:78:61:05:e4:a3:f5:e1:8d:3c:fd:c7:92:b9:0d:5e:
         55:de:df:f8:07:c2:b7:1c:08:cb:60:88:22:6b:1f:24:54:9a:
         af:9c:ed:c0:f0:f1:b5:49:65:0b:9d:86:e2:7e:51:04:f2:93:
         25:72:0a:7d:19:85:25:c2:6b:20:16:18:5c:f8:64:4d:74:a5:
         82:7e:9b:3e:fd:99:a7:fc:0b:4d:a4:3a:48:7c:4d:9f:a1:ef:
         13:fc:84:a0:65:d8:ee:98:58:3c:2c:0c:53:31:c1:9e:4a:16:
         b6:66:58:eb:77:08:ab:0b:4c:87:fe:34:47:5d:68:de:1f:40:
         15:0b:d1:81:42:e1:d8:e4:3d:56:66:c0:1e:5d:87:c3:08:dc:
         de:0b:e3:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6yEW7fMcfVJcCDPTqLtggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlODIzOTUwMDFiMDNjNjYzNTA5OTA5OTc5ZGZiNzg0NDVi
M2Q5YzQwHhcNMjYwMTAxMTgxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQxZGRiMGIzNWI5MzdjMjdlMTg2NDYxYWZlZTc0N2FhYTA5YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5oMzsUVm8NeX8euJIOyzZDFTKK67
cfOPIPvkeVjl4RViV75hi7BJyzoAmxhHRx3ryNGEkZKjdbK3rFcc6Rj3FA6ZIJSx
hfdvMx7sBAUwOFBHibqsMN+Z/43cyc3vZiVonuy8SxQrfjfQdCKWm7ENFVE42V/o
A4qicFgJPT8Zk4oEVsDhb49Jag0GtQjlNUTG75+Uf2lrih5A6wvGDd2jFkC9+D7U
zI2OCv4VKds8igKlosrOZ6dWsSGic75S9q/zqw6cnbiFXfSdADBHio+M/F/EGAvM
zwzjXWV/6nozsKlfLF8taHYj8JYHMRUJ6e6SSchWbtuqmznE3MpLd4xmOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpB3bCzW5N8J+GGRhr+50eqoJrqMB8GA1UdIwQY
MBaAFO6COVABsDxmNQmQmXnft4RFs9nEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29JNVVBR3dQR1kxQ1pDWmVkLTNoRVd6MmNRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lZjJhMDEtZDhjYS00Yjk0LThmNjct
NzhlYTgzZDIxMjQ5LzEvMS1rSGRzTE5iazN3bjRZWkdHdjduUjZxZ211by5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODIvZWYyYTAxLWQ4Y2EtNGI5NC04ZjY3LTc4ZWE4M2QyMTI0
OS8xLzdvSTVVQUd3UEdZMUNaQ1plZC0zaEVXejJjUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMBscjAN
BgkqhkiG9w0BAQsFAAOCAQEAIdeRRvVpQU2uBuWsb7UqHCmRmgJhTpzOzRO7RMMU
hm81MyQRl1L9SVYG3+/oP/WEng04lYmZQTp/J9wNwlWDUFoC8SbAKBduMST2Ica/
WyIJD2rj/liOI6kBLSiP5wI155jMAWgrdMmx0a3tN+oKeGEF5KP14Y08/ceSuQ1e
Vd7f+AfCtxwIy2CIImsfJFSar5ztwPDxtUllC52G4n5RBPKTJXIKfRmFJcJrIBYY
XPhkTXSlgn6bPv2Zp/wLTaQ6SHxNn6HvE/yEoGXY7phYPCwMUzHBnkoWtmZY63cI
qwtMh/40R11o3h9AFQvRgULh2OQ9VmbAHl2Hwwjc3gvjAQ==
-----END CERTIFICATE-----