This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/cJErKp3l7YOeG09N0R0TYAEpUGg.roa
File:                     cJErKp3l7YOeG09N0R0TYAEpUGg.roa (raw, json)
Hash identifier:          7gKjqS1rnbh2fqNlL6j2VX106p+ru9PHs/6B+IxwUi4=
Subject key identifier:   70:91:2B:2A:9D:E5:ED:83:9E:1B:4F:4D:D1:1D:13:60:01:29:50:68
Certificate issuer:       /CN=a1ebf54d028ee4764f62f78ad871dbf026228788
Certificate serial:       019B7DC9C575B025705BFD0C019684DD22E0
Authority key identifier: A1:EB:F5:4D:02:8E:E4:76:4F:62:F7:8A:D8:71:DB:F0:26:22:87:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/cJErKp3l7YOeG09N0R0TYAEpUGg.roa
Signing time:             Fri 02 Jan 2026 08:18:53 +0000
ROA not before:           Fri 02 Jan 2026 08:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6663
IP address blocks:        185.137.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:c5:75:b0:25:70:5b:fd:0c:01:96:84:dd:22:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1ebf54d028ee4764f62f78ad871dbf026228788
        Validity
            Not Before: Jan  2 08:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70912b2a9de5ed839e1b4f4dd11d136001295068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1b:93:9c:58:d7:f0:cd:ac:73:ab:ab:1c:0d:
                    b3:31:ac:ac:01:92:dc:e0:97:ae:76:8a:a9:89:0f:
                    de:fb:fe:d9:6d:e3:a6:30:fe:29:b7:de:22:8f:bc:
                    15:d1:be:0a:a4:a1:ee:c2:2e:9b:23:94:07:f8:6a:
                    61:46:5f:19:b8:b6:c2:8d:5a:fd:a7:8b:14:fb:f4:
                    5e:2c:f5:15:8e:4c:2f:e2:99:fd:fa:b6:87:b4:a3:
                    a8:31:aa:76:1d:4b:18:88:7e:bc:04:b2:45:c5:d0:
                    4c:fc:41:23:98:62:01:72:41:d0:52:d6:1a:13:a1:
                    6e:9c:8f:b9:23:5f:96:9c:7a:f6:3b:8a:c3:43:99:
                    22:8c:e4:10:7f:e6:b1:9f:34:15:ba:15:5b:03:b1:
                    85:a1:ee:92:a5:f1:74:24:9a:21:8b:db:8b:f6:b0:
                    50:56:aa:85:0b:84:a0:58:2d:4b:b3:92:fd:a7:c4:
                    9d:3c:4f:0a:1d:f4:22:29:a9:b0:95:61:dd:48:07:
                    ef:af:62:a1:c5:eb:93:4c:8f:4b:44:51:53:5f:57:
                    e5:87:87:0b:1d:4d:7c:53:2b:78:04:8f:77:5d:07:
                    6b:93:0d:df:7a:3e:7c:b4:c3:54:c1:d9:cf:f0:7a:
                    7f:8f:91:3a:85:13:6c:a6:7b:af:d6:dc:2c:16:60:
                    2a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:91:2B:2A:9D:E5:ED:83:9E:1B:4F:4D:D1:1D:13:60:01:29:50:68
            X509v3 Authority Key Identifier:
                keyid:A1:EB:F5:4D:02:8E:E4:76:4F:62:F7:8A:D8:71:DB:F0:26:22:87:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oev1TQKO5HZPYveK2HHb8CYih4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/cJErKp3l7YOeG09N0R0TYAEpUGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/1b172a-61d1-420c-a3dd-47a5bf5b313d/1/oev1TQKO5HZPYveK2HHb8CYih4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:2e:2e:8d:8e:1d:8b:a5:12:24:d1:64:bb:63:7e:d5:e9:ad:
         88:f6:97:31:53:f4:f5:ab:5c:4b:e1:28:1e:a9:f0:c7:b5:8e:
         b5:c0:c8:ba:bb:d7:37:aa:ec:46:17:ea:98:e8:cf:12:98:46:
         d0:13:15:36:1f:a7:87:a8:b2:8f:5d:8d:24:40:72:4c:55:3f:
         b3:06:34:a2:ab:16:35:51:d0:57:68:d1:86:8f:eb:f5:67:07:
         0c:cc:49:ff:24:45:f5:68:a9:d0:ea:85:0f:92:a2:a4:6f:35:
         a5:43:c7:f3:2e:02:b7:8c:ba:6f:44:bf:cb:e4:09:46:08:8d:
         ca:80:6b:86:7c:d5:06:fd:4e:de:83:7a:7e:78:a9:73:2d:39:
         f8:aa:6e:ac:3c:83:17:7e:fe:c5:d6:06:e5:6f:e0:a1:2b:88:
         ec:5b:2d:40:c9:f2:3d:02:82:1d:7a:b1:3b:58:2e:d4:bb:9d:
         8d:30:87:ca:cf:62:a7:f9:e7:df:a8:6d:62:98:00:d1:f6:d7:
         16:1a:56:51:0d:31:39:f2:54:8c:36:e5:cd:70:54:89:a1:ce:
         d1:ad:80:e8:74:48:29:4f:49:94:4b:e6:82:3a:c6:2b:ec:9e:
         73:73:b1:0d:11:9e:88:3c:17:a8:9b:3b:8d:76:82:55:e8:1e:
         d6:24:21:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ycV1sCVwW/0MAZaE3SLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZWJmNTRkMDI4ZWU0NzY0ZjYyZjc4YWQ4NzFkYmYwMjYy
Mjg3ODgwHhcNMjYwMTAyMDgxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDkxMmIyYTlkZTVlZDgzOWUxYjRmNGRkMTFkMTM2MDAxMjk1MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhuTnFjX8M2sc6urHA2zMaysAZLc
4JeudoqpiQ/e+/7ZbeOmMP4pt94ij7wV0b4KpKHuwi6bI5QH+GphRl8ZuLbCjVr9
p4sU+/ReLPUVjkwv4pn9+raHtKOoMap2HUsYiH68BLJFxdBM/EEjmGIBckHQUtYa
E6FunI+5I1+WnHr2O4rDQ5kijOQQf+axnzQVuhVbA7GFoe6SpfF0JJohi9uL9rBQ
VqqFC4SgWC1Ls5L9p8SdPE8KHfQiKamwlWHdSAfvr2KhxeuTTI9LRFFTX1flh4cL
HU18Uyt4BI93XQdrkw3fej58tMNUwdnP8Hp/j5E6hRNspnuv1twsFmAqxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCRKyqd5e2DnhtPTdEdE2ABKVBoMB8GA1UdIwQY
MBaAFKHr9U0CjuR2T2L3ithx2/AmIoeIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2V2MVRRS081SFpQWXZlSzJISGI4Q1lpaDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8xYjE3MmEtNjFkMS00MjBjLWEzZGQt
NDdhNWJmNWIzMTNkLzEvY0pFcktwM2w3WU9lRzA5TjBSMFRZQUVwVUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8xYjE3MmEtNjFkMS00MjBjLWEzZGQtNDdhNWJmNWIzMTNk
LzEvb2V2MVRRS081SFpQWXZlSzJISGI4Q1lpaDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYmEMA0G
CSqGSIb3DQEBCwUAA4IBAQAgLi6Njh2LpRIk0WS7Y37V6a2I9pcxU/T1q1xL4Sge
qfDHtY61wMi6u9c3quxGF+qY6M8SmEbQExU2H6eHqLKPXY0kQHJMVT+zBjSiqxY1
UdBXaNGGj+v1ZwcMzEn/JEX1aKnQ6oUPkqKkbzWlQ8fzLgK3jLpvRL/L5AlGCI3K
gGuGfNUG/U7eg3p+eKlzLTn4qm6sPIMXfv7F1gblb+ChK4jsWy1AyfI9AoIderE7
WC7Uu52NMIfKz2Kn+effqG1imADR9tcWGlZRDTE58lSMNuXNcFSJoc7RrYDodEgp
T0mUS+aCOsYr7J5zc7ENEZ6IPBeomzuNdoJV6B7WJCHm
-----END CERTIFICATE-----