This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/4usRpBobCHCzpwrJfO9MESi2eHE.roa
File:                     4usRpBobCHCzpwrJfO9MESi2eHE.roa (raw, json)
Hash identifier:          9o5TwDkw3VuguoRghDhwwlw0Cs2+gJaMgEUU/235EeA=
Subject key identifier:   E2:EB:11:A4:1A:1B:08:70:B3:A7:0A:C9:7C:EF:4C:11:28:B6:78:71
Certificate issuer:       /CN=70de707d6c01006b2aca687eaab29cb4736b7668
Certificate serial:       019B76EB215E9D6D4ACFD37FCF6A3032FF30
Authority key identifier: 70:DE:70:7D:6C:01:00:6B:2A:CA:68:7E:AA:B2:9C:B4:73:6B:76:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/4usRpBobCHCzpwrJfO9MESi2eHE.roa
Signing time:             Thu 01 Jan 2026 00:17:59 +0000
ROA not before:           Thu 01 Jan 2026 00:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208357
IP address blocks:        185.54.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:21:5e:9d:6d:4a:cf:d3:7f:cf:6a:30:32:ff:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70de707d6c01006b2aca687eaab29cb4736b7668
        Validity
            Not Before: Jan  1 00:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2eb11a41a1b0870b3a70ac97cef4c1128b67871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6e:0c:26:05:cf:35:44:36:6c:be:0a:83:c0:
                    fc:14:2a:4a:2d:9c:2d:f0:58:e0:cc:87:9a:64:3f:
                    ec:80:46:a2:65:0a:14:f5:7c:30:9f:06:18:2a:5a:
                    69:27:a9:76:9d:e3:01:fa:0e:04:1c:4f:ee:4e:c5:
                    12:0f:68:8a:18:52:73:2a:1d:22:cb:6d:2f:f0:7e:
                    ab:7d:03:08:e1:a5:d0:89:85:6d:86:8c:ec:2c:24:
                    6e:f6:f8:23:d6:ea:db:52:2f:71:86:bc:83:49:87:
                    f2:46:4a:ba:97:e0:a6:77:5c:1f:36:55:d7:34:e7:
                    d2:a9:2e:41:2d:3c:74:f0:d6:0b:6a:a4:4b:ce:fe:
                    b4:db:94:d8:b2:34:5c:5f:f7:a6:c5:e4:3c:7b:81:
                    9f:c3:de:03:71:97:02:07:8e:ee:db:cc:38:7a:fa:
                    cb:7c:3e:e6:42:6e:fe:2d:11:fa:d3:9c:6e:0b:d9:
                    fc:67:51:04:ad:e4:cf:a9:ed:df:3a:1f:71:cf:57:
                    eb:bd:f1:90:f1:d9:be:fd:ca:2e:f0:cb:ac:c5:e1:
                    76:b8:62:4b:c9:94:b3:c2:8a:d5:72:f4:f0:47:6d:
                    60:5a:01:b9:27:7e:f7:43:61:9a:ed:14:03:fa:1b:
                    36:56:12:15:67:6c:a8:a3:90:a3:59:ac:4a:99:8d:
                    68:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:EB:11:A4:1A:1B:08:70:B3:A7:0A:C9:7C:EF:4C:11:28:B6:78:71
            X509v3 Authority Key Identifier:
                keyid:70:DE:70:7D:6C:01:00:6B:2A:CA:68:7E:AA:B2:9C:B4:73:6B:76:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/4usRpBobCHCzpwrJfO9MESi2eHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3e:d0:f0:ff:29:b6:3f:82:8c:d7:64:0a:a1:2d:b4:80:62:
         ae:1d:bb:02:a4:10:22:eb:84:eb:1f:2b:3d:78:c8:4a:a5:68:
         36:90:ea:33:c1:9b:09:9e:09:68:d6:1a:88:ca:fe:e9:03:56:
         3c:98:7c:ec:af:12:7a:2f:d9:27:6f:cd:b4:cd:b7:1c:a8:14:
         c3:86:d9:c9:00:7c:81:1c:dc:c2:54:9a:25:95:f9:fc:88:a7:
         59:59:ec:5d:a0:45:34:1e:70:c6:d4:67:bf:e8:cb:3a:05:b9:
         4f:fb:92:be:89:7c:98:db:44:cc:0a:c0:c2:40:6f:14:d9:8d:
         bc:86:92:d0:f5:69:74:89:5e:4b:8f:c7:ec:94:84:0c:b5:70:
         ea:93:6d:ae:25:7c:3a:6b:0b:e8:5b:79:05:e9:47:06:83:41:
         d4:a6:32:bb:13:de:17:6a:b6:34:88:c5:65:15:52:70:46:09:
         1e:03:58:b8:01:92:2e:73:ff:4a:8e:8a:38:00:8e:51:ef:03:
         d6:e6:2e:23:59:ce:3f:c2:03:74:dc:a3:7e:84:37:25:54:f2:
         ea:3a:6a:cf:32:e9:04:09:05:b8:ef:f6:87:81:e1:04:a2:a4:
         44:c4:b9:c4:89:13:95:08:54:75:50:93:5f:e2:68:63:07:3b:
         12:06:ce:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26yFenW1Kz9N/z2owMv8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZGU3MDdkNmMwMTAwNmIyYWNhNjg3ZWFhYjI5Y2I0NzM2
Yjc2NjgwHhcNMjYwMTAxMDAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmViMTFhNDFhMWIwODcwYjNhNzBhYzk3Y2VmNGMxMTI4YjY3ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m4MJgXPNUQ2bL4Kg8D8FCpKLZwt
8FjgzIeaZD/sgEaiZQoU9XwwnwYYKlppJ6l2neMB+g4EHE/uTsUSD2iKGFJzKh0i
y20v8H6rfQMI4aXQiYVthozsLCRu9vgj1urbUi9xhryDSYfyRkq6l+Cmd1wfNlXX
NOfSqS5BLTx08NYLaqRLzv6025TYsjRcX/emxeQ8e4Gfw94DcZcCB47u28w4evrL
fD7mQm7+LRH605xuC9n8Z1EEreTPqe3fOh9xz1frvfGQ8dm+/cou8MusxeF2uGJL
yZSzworVcvTwR21gWgG5J373Q2Ga7RQD+hs2VhIVZ2yoo5CjWaxKmY1oXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLrEaQaGwhws6cKyXzvTBEotnhxMB8GA1UdIwQY
MBaAFHDecH1sAQBrKspofqqynLRza3ZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY041d2ZXd0JBR3NxeW1oLXFyS2N0SE5yZG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82Y2UwYzAtOTM3Yy00YTQzLTllODQt
MThlNWM1MzdkNTFkLzEvNHVzUnBCb2JDSEN6cHdySmZPOU1FU2kyZUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82Y2UwYzAtOTM3Yy00YTQzLTllODQtMThlNWM1MzdkNTFk
LzEvY041d2ZXd0JBR3NxeW1oLXFyS2N0SE5yZG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTaKMA0G
CSqGSIb3DQEBCwUAA4IBAQBxPtDw/ym2P4KM12QKoS20gGKuHbsCpBAi64TrHys9
eMhKpWg2kOozwZsJnglo1hqIyv7pA1Y8mHzsrxJ6L9knb820zbccqBTDhtnJAHyB
HNzCVJollfn8iKdZWexdoEU0HnDG1Ge/6Ms6BblP+5K+iXyY20TMCsDCQG8U2Y28
hpLQ9Wl0iV5Lj8fslIQMtXDqk22uJXw6awvoW3kF6UcGg0HUpjK7E94XarY0iMVl
FVJwRgkeA1i4AZIuc/9Kjoo4AI5R7wPW5i4jWc4/wgN03KN+hDclVPLqOmrPMukE
CQW47/aHgeEEoqRExLnEiROVCFR1UJNf4mhjBzsSBs6s
-----END CERTIFICATE-----