This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/b6Lf3I0HlauTHnUuGmmLuCNwsAE.roa
File:                     b6Lf3I0HlauTHnUuGmmLuCNwsAE.roa (raw, json)
Hash identifier:          KijRIA7qKwkEizHIArRbDBK9UDc+o2TKpuLXk0/8BMg=
Subject key identifier:   6F:A2:DF:DC:8D:07:95:AB:93:1E:75:2E:1A:69:8B:B8:23:70:B0:01
Certificate issuer:       /CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
Certificate serial:       019B7E38AFEC284265EFD0158CDB544107FB
Authority key identifier: C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/b6Lf3I0HlauTHnUuGmmLuCNwsAE.roa
Signing time:             Fri 02 Jan 2026 10:20:02 +0000
ROA not before:           Fri 02 Jan 2026 10:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208957
IP address blocks:        5.182.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:af:ec:28:42:65:ef:d0:15:8c:db:54:41:07:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
        Validity
            Not Before: Jan  2 10:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fa2dfdc8d0795ab931e752e1a698bb82370b001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2c:db:04:f2:5c:62:77:05:13:2e:93:8f:2e:
                    e2:c2:76:42:c5:1d:d1:08:75:87:49:77:eb:12:be:
                    00:06:80:8a:6e:f0:87:f1:4d:27:f4:11:52:6d:18:
                    96:c0:57:de:4c:9a:b1:c4:ae:e2:c5:16:41:59:71:
                    e2:e2:1f:e6:b3:6d:7e:5f:6a:d7:99:d5:b0:18:16:
                    46:7f:e7:cc:89:80:35:71:ac:43:f8:2b:cf:e0:e2:
                    9b:d2:67:f1:5a:a0:ee:c4:b1:51:60:92:66:71:f3:
                    5c:34:c8:79:ae:38:e8:65:c0:28:c0:66:9e:e4:9d:
                    82:31:c2:5c:cd:23:dc:86:5c:a2:29:6e:36:67:74:
                    c6:27:a1:3d:30:ce:15:2d:48:7f:c5:fa:4c:0e:e1:
                    dc:cd:eb:a4:e1:48:1e:8e:34:8a:89:49:9a:ea:08:
                    04:67:f2:74:68:09:82:86:de:6f:1b:9c:0b:d4:c3:
                    a0:fe:98:0c:4e:cd:3a:55:5e:dd:f6:80:fc:a6:57:
                    18:cc:d6:1d:9d:17:26:7b:99:d2:f8:77:22:6d:85:
                    fb:bc:23:c9:13:85:5b:44:fb:21:6d:47:32:46:4a:
                    3c:f7:f7:57:ca:40:da:ae:13:f6:26:00:4c:9a:5e:
                    ac:42:c6:f9:62:5a:44:fc:71:bb:11:e5:6a:1a:45:
                    98:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A2:DF:DC:8D:07:95:AB:93:1E:75:2E:1A:69:8B:B8:23:70:B0:01
            X509v3 Authority Key Identifier:
                keyid:C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/b6Lf3I0HlauTHnUuGmmLuCNwsAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:d8:d5:50:37:e7:a1:60:93:04:87:a3:0f:31:d8:11:13:91:
         15:9d:3b:45:80:fd:84:41:25:f0:66:35:21:58:99:ac:47:ed:
         92:c6:e7:e2:83:61:2c:f2:77:63:90:b7:b0:4b:ed:17:ff:bf:
         0c:ce:3c:19:dd:f1:1a:dd:35:01:38:73:8e:ae:94:04:ef:20:
         42:a8:d0:99:f8:79:21:39:3c:e7:da:fb:9a:7e:af:47:c6:6d:
         99:eb:4e:0c:a6:6b:19:28:ee:2e:46:ea:fb:d9:fd:ab:62:b3:
         24:74:c9:05:8f:31:0c:29:f6:78:06:d8:a1:31:51:5f:34:2c:
         3d:1b:ab:e9:0e:68:17:49:8f:c7:59:3c:32:59:28:26:85:d5:
         14:73:78:ab:b1:ae:21:3f:9d:10:c6:68:79:8f:99:32:7c:f0:
         5f:38:b9:2e:58:a6:c3:5c:f8:4c:60:f8:fc:2b:5b:33:26:d7:
         93:51:a4:f2:6f:36:4e:74:59:3f:58:42:81:6d:06:3a:2a:83:
         ee:f2:57:01:39:18:1c:6c:1d:07:1b:09:3a:a1:5f:fa:c9:dd:
         08:27:f5:e3:fd:be:1d:45:c7:7f:a0:02:1f:17:82:72:36:bd:
         9d:00:eb:97:f8:93:94:fe:d1:91:24:37:c6:91:35:48:1e:12:
         7c:dc:8f:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OK/sKEJl79AVjNtUQQf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU0ZmQzZTEzYjRhNTBjMWQ4NzQ4MmE3NDM3YjgxYzYz
ZTk5NTEwHhcNMjYwMTAyMTAyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmEyZGZkYzhkMDc5NWFiOTMxZTc1MmUxYTY5OGJiODIzNzBiMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCzbBPJcYncFEy6Tjy7iwnZCxR3R
CHWHSXfrEr4ABoCKbvCH8U0n9BFSbRiWwFfeTJqxxK7ixRZBWXHi4h/ms21+X2rX
mdWwGBZGf+fMiYA1caxD+CvP4OKb0mfxWqDuxLFRYJJmcfNcNMh5rjjoZcAowGae
5J2CMcJczSPchlyiKW42Z3TGJ6E9MM4VLUh/xfpMDuHczeuk4UgejjSKiUma6ggE
Z/J0aAmCht5vG5wL1MOg/pgMTs06VV7d9oD8plcYzNYdnRcme5nS+HcibYX7vCPJ
E4VbRPshbUcyRko89/dXykDarhP2JgBMml6sQsb5YlpE/HG7EeVqGkWYuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+i39yNB5Wrkx51Lhppi7gjcLABMB8GA1UdIwQY
MBaAFMdVT9PhO0pQwdh0gqdDe4HGPplRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMt
NWM3NWMzZjQyMWY1LzEvYjZMZjNJMEhsYXVUSG5VdUdtbUx1Q053c0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMtNWM3NWMzZjQyMWY1
LzEveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaoMA0G
CSqGSIb3DQEBCwUAA4IBAQB92NVQN+ehYJMEh6MPMdgRE5EVnTtFgP2EQSXwZjUh
WJmsR+2Sxufig2Es8ndjkLewS+0X/78MzjwZ3fEa3TUBOHOOrpQE7yBCqNCZ+Hkh
OTzn2vuafq9Hxm2Z604MpmsZKO4uRur72f2rYrMkdMkFjzEMKfZ4BtihMVFfNCw9
G6vpDmgXSY/HWTwyWSgmhdUUc3irsa4hP50Qxmh5j5kyfPBfOLkuWKbDXPhMYPj8
K1szJteTUaTybzZOdFk/WEKBbQY6KoPu8lcBORgcbB0HGwk6oV/6yd0IJ/Xj/b4d
Rcd/oAIfF4JyNr2dAOuX+JOU/tGRJDfGkTVIHhJ83I/4
-----END CERTIFICATE-----