This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/aUSEjOq7T5GdB1gJh0wm73gZGVE.roa
File:                     aUSEjOq7T5GdB1gJh0wm73gZGVE.roa (raw, json)
Hash identifier:          I/x2EyeVTVrdNEFq9RRb2OJVpKKmppQFIjO/Hlu4b9k=
Subject key identifier:   69:44:84:8C:EA:BB:4F:91:9D:07:58:09:87:4C:26:EF:78:19:19:51
Certificate issuer:       /CN=153f24183d6c95185919349e6e92533736437b94
Certificate serial:       019B797E033F4E280AED6DA0195F65EF9CFB
Authority key identifier: 15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/aUSEjOq7T5GdB1gJh0wm73gZGVE.roa
Signing time:             Thu 01 Jan 2026 12:17:40 +0000
ROA not before:           Thu 01 Jan 2026 12:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216146
IP address blocks:        194.187.253.0/24 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:03:3f:4e:28:0a:ed:6d:a0:19:5f:65:ef:9c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153f24183d6c95185919349e6e92533736437b94
        Validity
            Not Before: Jan  1 12:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6944848ceabb4f919d075809874c26ef78191951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:20:e7:95:65:b8:4d:2b:b8:f1:f1:c0:7d:df:
                    83:6f:04:ff:f2:4d:03:4d:28:90:f0:68:e1:80:23:
                    b5:a7:0c:6f:28:9a:6a:2f:30:dc:ad:df:cd:e7:ad:
                    72:5d:fe:5f:39:89:f3:86:d9:d0:31:69:63:9c:3b:
                    75:6d:02:93:62:c9:ca:7a:c1:09:45:fe:93:bb:e7:
                    84:f8:74:f4:18:3b:0a:7a:5e:66:09:2e:a9:81:99:
                    50:66:da:51:24:f4:52:26:23:71:a6:39:27:f9:bc:
                    80:66:39:7e:18:23:85:a5:48:0b:73:29:1d:0c:a8:
                    5a:14:5c:f5:54:0f:7e:70:f9:98:c7:ad:0f:88:53:
                    aa:65:54:55:30:48:b9:9f:43:3a:9f:c3:1b:44:3c:
                    b2:fd:b9:c7:0f:80:5f:08:4e:53:91:f8:7b:6f:99:
                    d1:10:aa:44:7d:e2:14:bb:cc:80:09:00:44:c2:43:
                    54:19:4e:3f:e5:10:db:e2:7f:74:2b:e2:1a:ec:fd:
                    3e:78:8f:83:c6:55:78:e1:f9:f7:2e:a6:af:de:3c:
                    af:1b:08:7b:7a:51:3d:5e:77:79:5d:9c:d6:d9:74:
                    2f:d8:46:bf:95:23:e3:48:d4:79:8b:bb:cf:97:57:
                    f7:58:dc:5a:43:80:04:56:75:f3:b4:a2:33:1f:71:
                    b8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:44:84:8C:EA:BB:4F:91:9D:07:58:09:87:4C:26:EF:78:19:19:51
            X509v3 Authority Key Identifier:
                keyid:15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/aUSEjOq7T5GdB1gJh0wm73gZGVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:e9:b6:de:df:68:17:83:ff:d4:67:b9:8a:a9:89:38:6f:e1:
         9c:78:73:9a:12:6f:3d:eb:2d:80:5f:34:3b:6e:28:c5:90:ce:
         c3:b4:dd:bd:b4:c5:c5:32:64:ed:69:1a:18:70:c7:04:64:3c:
         17:2a:8f:73:57:6f:cc:11:cd:e4:20:18:8f:19:a0:68:3b:be:
         f1:77:8d:47:b8:a2:96:3b:ec:7c:93:31:fb:8d:1a:4e:83:a6:
         ef:82:fe:e9:50:c9:55:55:b1:13:53:ce:7c:c5:34:88:d7:ad:
         63:12:d8:c8:2b:05:39:c4:b6:df:cf:86:6a:9f:c0:fa:7a:7b:
         5d:70:e0:b6:b6:db:f5:fe:97:1b:5a:e5:5c:33:19:b2:cc:74:
         60:2b:d5:fb:3e:69:81:fc:18:0c:46:66:b9:f5:30:a1:10:f9:
         86:34:dd:f5:b8:8f:c7:00:b2:aa:bc:4c:67:df:f6:29:dc:de:
         8d:9c:06:38:0f:0e:42:0f:09:ad:84:26:c9:43:86:f2:a3:31:
         18:bf:54:96:b3:e5:0b:b6:8e:28:c4:c9:79:36:51:64:ff:7e:
         d9:12:17:79:45:49:6a:4d:0b:81:b6:6c:00:1a:74:22:61:92:
         27:6e:0a:24:84:0a:a2:da:57:15:89:39:98:c9:1a:75:1c:25:
         fb:00:ea:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgM/TigK7W2gGV9l75z7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2YyNDE4M2Q2Yzk1MTg1OTE5MzQ5ZTZlOTI1MzM3MzY0
MzdiOTQwHhcNMjYwMTAxMTIxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTQ0ODQ4Y2VhYmI0ZjkxOWQwNzU4MDk4NzRjMjZlZjc4MTkxOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSDnlWW4TSu48fHAfd+DbwT/8k0D
TSiQ8GjhgCO1pwxvKJpqLzDcrd/N561yXf5fOYnzhtnQMWljnDt1bQKTYsnKesEJ
Rf6Tu+eE+HT0GDsKel5mCS6pgZlQZtpRJPRSJiNxpjkn+byAZjl+GCOFpUgLcykd
DKhaFFz1VA9+cPmYx60PiFOqZVRVMEi5n0M6n8MbRDyy/bnHD4BfCE5Tkfh7b5nR
EKpEfeIUu8yACQBEwkNUGU4/5RDb4n90K+Ia7P0+eI+DxlV44fn3Lqav3jyvGwh7
elE9Xnd5XZzW2XQv2Ea/lSPjSNR5i7vPl1f3WNxaQ4AEVnXztKIzH3G4TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlEhIzqu0+RnQdYCYdMJu94GRlRMB8GA1UdIwQY
MBaAFBU/JBg9bJUYWRk0nm6SUzc2Q3uUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAt
NTgwNWQzZjNkYmIyLzEvYVVTRWpPcTdUNUdkQjFnSmgwd203M2daR1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAtNTgwNWQzZjNkYmIy
LzEvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrv9MA0G
CSqGSIb3DQEBCwUAA4IBAQCS6bbe32gXg//UZ7mKqYk4b+GceHOaEm896y2AXzQ7
bijFkM7DtN29tMXFMmTtaRoYcMcEZDwXKo9zV2/MEc3kIBiPGaBoO77xd41HuKKW
O+x8kzH7jRpOg6bvgv7pUMlVVbETU858xTSI161jEtjIKwU5xLbfz4Zqn8D6entd
cOC2ttv1/pcbWuVcMxmyzHRgK9X7PmmB/BgMRma59TChEPmGNN31uI/HALKqvExn
3/Yp3N6NnAY4Dw5CDwmthCbJQ4byozEYv1SWs+ULto4oxMl5NlFk/37ZEhd5RUlq
TQuBtmwAGnQiYZInbgokhAqi2lcViTmYyRp1HCX7AOo7
-----END CERTIFICATE-----