This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/X7aPlR-pZo6rLSSiJT7Oe8Uyo-s.roa
File:                     X7aPlR-pZo6rLSSiJT7Oe8Uyo-s.roa (raw, json)
Hash identifier:          f8OEucDIP6cYs0bjMa0ASBn6fJHEhpbyHwyN5ykv6sY=
Subject key identifier:   5F:B6:8F:95:1F:A9:66:8E:AB:2D:24:A2:25:3E:CE:7B:C5:32:A3:EB
Certificate issuer:       /CN=a1ebf54d028ee4764f62f78ad871dbf026228788
Certificate serial:       019B7DC9C53DB1051CB4DE0E962E345D50E0
Authority key identifier: A1:EB:F5:4D:02:8E:E4:76:4F:62:F7:8A:D8:71:DB:F0:26:22:87:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/X7aPlR-pZo6rLSSiJT7Oe8Uyo-s.roa
Signing time:             Fri 02 Jan 2026 08:18:53 +0000
ROA not before:           Fri 02 Jan 2026 08:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5606
IP address blocks:        185.137.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:c5:3d:b1:05:1c:b4:de:0e:96:2e:34:5d:50:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1ebf54d028ee4764f62f78ad871dbf026228788
        Validity
            Not Before: Jan  2 08:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fb68f951fa9668eab2d24a2253ece7bc532a3eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:14:3c:57:b2:04:fa:b7:8a:9e:ac:a9:f4:
                    38:63:ae:cf:fb:7b:e1:01:e4:ef:ad:7d:85:5f:bf:
                    d2:b9:d1:f1:e5:13:75:20:a7:23:4e:71:8a:f0:91:
                    4a:cf:14:a1:9d:2a:6b:1b:51:7f:7d:7f:ca:b2:ab:
                    4b:e5:f2:11:2c:be:a6:42:ef:7c:0a:16:d6:17:c8:
                    45:88:65:2a:16:b9:75:36:76:d5:d8:28:0e:f7:df:
                    67:18:1a:2e:1e:0b:bb:bf:7b:7a:41:97:2b:19:97:
                    bd:9e:10:7e:b5:d3:a6:19:cb:c7:ce:ea:02:85:42:
                    6a:2b:8d:b2:6f:fa:33:f8:06:10:9e:e2:66:9c:b2:
                    0b:2d:a9:0d:69:8d:3e:0f:84:f1:1d:93:f4:86:eb:
                    cc:ef:5f:7f:76:9a:33:0e:be:04:91:32:12:c2:cb:
                    74:c3:f3:7d:36:2d:f3:2f:45:f6:d6:78:2a:fc:53:
                    2c:4a:b5:b5:6b:8d:13:22:90:19:d1:a9:3b:92:e1:
                    96:47:9f:17:e4:2b:2f:e4:8d:95:35:98:33:d7:eb:
                    fa:75:fd:00:69:24:49:31:ae:b1:f1:4d:7e:8a:04:
                    cb:17:57:2c:b8:86:91:73:03:02:09:cc:0e:b5:05:
                    c2:97:90:80:52:db:60:e9:97:db:9c:48:df:67:cd:
                    27:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B6:8F:95:1F:A9:66:8E:AB:2D:24:A2:25:3E:CE:7B:C5:32:A3:EB
            X509v3 Authority Key Identifier:
                keyid:A1:EB:F5:4D:02:8E:E4:76:4F:62:F7:8A:D8:71:DB:F0:26:22:87:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/X7aPlR-pZo6rLSSiJT7Oe8Uyo-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:90:0e:38:a1:5c:99:27:6e:a1:8c:b8:de:b1:70:42:7e:b1:
         e3:25:07:63:e2:e0:33:f9:4b:f0:b7:ae:8e:3f:71:b3:5b:53:
         19:c3:ca:d7:f6:9a:4a:e5:c2:f5:07:3e:ec:9c:f0:f4:57:26:
         d0:61:6f:01:60:bb:aa:c8:d0:f4:cf:67:5b:8a:18:5c:e4:1b:
         d1:44:e7:6b:47:5f:8c:fa:f5:67:a3:8b:09:c5:fa:a6:76:70:
         85:3a:04:bc:8a:91:80:df:54:06:5a:87:71:55:8b:d5:7a:fa:
         5f:3f:af:a1:51:b0:1d:9c:9d:a7:12:5d:85:9b:b5:b5:7a:c2:
         7f:02:a5:d8:91:dd:98:13:1b:fe:b6:31:b4:8d:49:84:e4:ba:
         38:d2:75:03:53:5d:d1:d0:45:d2:f8:e5:92:92:14:22:4d:aa:
         02:37:f6:a9:93:e9:23:05:44:d7:fd:cd:47:83:61:66:84:77:
         56:e5:aa:5b:94:88:ba:7c:d5:19:2b:87:40:30:b7:9b:9d:d5:
         f0:77:55:e0:a8:3c:ea:28:b7:19:36:3c:3c:fd:f6:c3:91:9e:
         42:88:26:6c:7b:ae:d9:6e:17:41:76:a0:78:0b:c6:30:23:9a:
         d7:15:a9:76:7b:c4:10:82:b4:47:c1:cb:8e:ec:c7:82:42:85:
         45:9e:2d:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ycU9sQUctN4Oli40XVDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZWJmNTRkMDI4ZWU0NzY0ZjYyZjc4YWQ4NzFkYmYwMjYy
Mjg3ODgwHhcNMjYwMTAyMDgxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI2OGY5NTFmYTk2NjhlYWIyZDI0YTIyNTNlY2U3YmM1MzJhM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15cUPFeyBPq3ip6sqfQ4Y67P+3vh
AeTvrX2FX7/SudHx5RN1IKcjTnGK8JFKzxShnSprG1F/fX/KsqtL5fIRLL6mQu98
ChbWF8hFiGUqFrl1NnbV2CgO999nGBouHgu7v3t6QZcrGZe9nhB+tdOmGcvHzuoC
hUJqK42yb/oz+AYQnuJmnLILLakNaY0+D4TxHZP0huvM719/dpozDr4EkTISwst0
w/N9Ni3zL0X21ngq/FMsSrW1a40TIpAZ0ak7kuGWR58X5Csv5I2VNZgz1+v6df0A
aSRJMa6x8U1+igTLF1csuIaRcwMCCcwOtQXCl5CAUttg6ZfbnEjfZ80nqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+2j5UfqWaOqy0koiU+znvFMqPrMB8GA1UdIwQY
MBaAFKHr9U0CjuR2T2L3ithx2/AmIoeIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2V2MVRRS081SFpQWXZlSzJISGI4Q1lpaDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8xYjE3MmEtNjFkMS00MjBjLWEzZGQt
NDdhNWJmNWIzMTNkLzEvWDdhUGxSLXBabzZyTFNTaUpUN09lOFV5by1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8xYjE3MmEtNjFkMS00MjBjLWEzZGQtNDdhNWJmNWIzMTNk
LzEvb2V2MVRRS081SFpQWXZlSzJISGI4Q1lpaDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYmEMA0G
CSqGSIb3DQEBCwUAA4IBAQCnkA44oVyZJ26hjLjesXBCfrHjJQdj4uAz+Uvwt66O
P3GzW1MZw8rX9ppK5cL1Bz7snPD0VybQYW8BYLuqyND0z2dbihhc5BvRROdrR1+M
+vVno4sJxfqmdnCFOgS8ipGA31QGWodxVYvVevpfP6+hUbAdnJ2nEl2Fm7W1esJ/
AqXYkd2YExv+tjG0jUmE5Lo40nUDU13R0EXS+OWSkhQiTaoCN/apk+kjBUTX/c1H
g2FmhHdW5apblIi6fNUZK4dAMLebndXwd1XgqDzqKLcZNjw8/fbDkZ5CiCZse67Z
bhdBdqB4C8YwI5rXFal2e8QQgrRHwcuO7MeCQoVFni21
-----END CERTIFICATE-----