This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/1FR5ZpZwPSxvOqUqxpmnyVdoI2Y.roa
File:                     1FR5ZpZwPSxvOqUqxpmnyVdoI2Y.roa (raw, json)
Hash identifier:          Uc2np6So5kLYsA5QE2lGHUyNPrOYT/fABQqkzzDnXDo=
Subject key identifier:   D4:54:79:66:96:70:3D:2C:6F:3A:A5:2A:C6:99:A7:C9:57:68:23:66
Certificate issuer:       /CN=a621186413bbdfde20e592fbe5553de7f94e5987
Certificate serial:       019B7C13482572102A8C0B1B17F4B4A49866
Authority key identifier: A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/1FR5ZpZwPSxvOqUqxpmnyVdoI2Y.roa
Signing time:             Fri 02 Jan 2026 00:19:57 +0000
ROA not before:           Fri 02 Jan 2026 00:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.131.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:48:25:72:10:2a:8c:0b:1b:17:f4:b4:a4:98:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a621186413bbdfde20e592fbe5553de7f94e5987
        Validity
            Not Before: Jan  2 00:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d454796696703d2c6f3aa52ac699a7c957682366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:bf:95:63:d8:4c:d2:20:d0:64:53:64:9f:
                    70:4a:08:36:fe:69:5b:ac:46:b3:58:a4:3e:04:df:
                    9f:28:d4:96:40:27:dc:99:a3:dc:c2:31:af:d7:b0:
                    47:64:5e:ec:87:e7:10:7a:b8:f8:f0:2c:56:91:9f:
                    87:38:65:b6:9c:e8:c2:d8:84:69:57:b6:43:0c:d9:
                    10:81:87:ed:e6:fc:13:27:27:34:93:a0:1c:d4:1e:
                    33:c1:5a:6e:28:bd:b3:f8:d2:ea:9e:6e:4f:a9:c7:
                    46:b2:a1:e3:ce:f6:ec:56:1d:c5:c2:83:08:3f:a1:
                    13:13:f5:0d:a5:50:b4:f0:77:e1:71:3d:93:e0:2b:
                    b7:ad:4d:0f:0c:f7:c5:44:29:e8:41:1a:c6:c8:25:
                    3c:c8:7c:3c:e1:5c:91:4f:11:0f:c5:58:a5:c6:74:
                    25:cc:5a:1e:d3:1c:0c:ed:1f:d1:fb:cb:69:b3:c2:
                    c3:e5:93:6b:aa:39:1d:39:85:48:8a:dc:ce:73:ce:
                    19:d2:ab:7b:97:a4:a0:81:dc:3c:44:6f:15:f5:05:
                    3b:77:3a:9f:67:20:a3:58:93:52:c7:a6:62:ad:c6:
                    ce:87:f4:27:7e:1a:c4:ca:84:16:87:15:bd:03:3f:
                    c7:bb:8a:d8:41:7d:18:70:e9:8f:dc:c3:65:3a:1a:
                    87:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:54:79:66:96:70:3D:2C:6F:3A:A5:2A:C6:99:A7:C9:57:68:23:66
            X509v3 Authority Key Identifier:
                keyid:A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/1FR5ZpZwPSxvOqUqxpmnyVdoI2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:06:fe:59:1e:ad:71:69:19:33:d3:04:b0:2b:06:cd:93:94:
         12:05:78:4d:67:1f:79:37:c5:9f:ae:10:5a:7d:c1:a8:a6:1c:
         4e:1f:f9:a9:13:4b:9c:4b:90:08:c6:d8:a6:34:51:ad:02:eb:
         04:06:19:b1:3a:39:fc:1a:22:cc:21:dc:a1:d6:c4:65:ad:dd:
         0d:be:e3:30:1a:fb:ae:49:df:6b:b7:5b:b8:e9:ee:44:59:ae:
         dd:04:65:81:79:d9:3e:21:90:91:1d:93:6c:8d:45:67:c0:c7:
         e2:54:7e:e2:89:0d:ec:64:d3:41:47:8f:7a:e8:00:5d:48:77:
         75:1f:c1:d6:30:01:68:22:e2:97:0d:59:ff:02:1a:a1:c8:06:
         7a:dc:80:18:10:93:67:1a:ff:49:98:43:4e:98:73:89:fc:fd:
         29:1e:55:9c:13:38:c6:33:60:4f:ca:1e:dc:53:11:14:be:3d:
         f2:d5:06:81:9b:af:09:88:ec:d8:4e:b9:18:5d:26:1b:a1:42:
         3f:74:59:94:6e:9a:c3:67:02:63:65:94:4f:5c:3d:02:4c:d5:
         e8:f5:38:51:0b:15:78:df:82:dc:7e:39:b7:de:fa:04:35:ce:
         f7:c7:72:90:80:8e:f1:a7:15:64:d6:73:1b:b3:67:2e:ee:fa:
         2a:c9:0e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0glchAqjAsbF/S0pJhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MjExODY0MTNiYmRmZGUyMGU1OTJmYmU1NTUzZGU3Zjk0
ZTU5ODcwHhcNMjYwMTAyMDAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU0Nzk2Njk2NzAzZDJjNmYzYWE1MmFjNjk5YTdjOTU3NjgyMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqm/lWPYTNIg0GRTZJ9wSgg2/mlb
rEazWKQ+BN+fKNSWQCfcmaPcwjGv17BHZF7sh+cQerj48CxWkZ+HOGW2nOjC2IRp
V7ZDDNkQgYft5vwTJyc0k6Ac1B4zwVpuKL2z+NLqnm5PqcdGsqHjzvbsVh3FwoMI
P6ETE/UNpVC08HfhcT2T4Cu3rU0PDPfFRCnoQRrGyCU8yHw84VyRTxEPxVilxnQl
zFoe0xwM7R/R+8tps8LD5ZNrqjkdOYVIitzOc84Z0qt7l6Sggdw8RG8V9QU7dzqf
ZyCjWJNSx6ZircbOh/QnfhrEyoQWhxW9Az/Hu4rYQX0YcOmP3MNlOhqHVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRUeWaWcD0sbzqlKsaZp8lXaCNmMB8GA1UdIwQY
MBaAFKYhGGQTu9/eIOWS++VVPef5TlmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYt
ZjU2Yzc3OWIxNDJmLzEvMUZSNVpwWndQU3h2T3FVcXhwbW55VmRvSTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYtZjU2Yzc3OWIxNDJm
LzEvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPkMA0G
CSqGSIb3DQEBCwUAA4IBAQBpBv5ZHq1xaRkz0wSwKwbNk5QSBXhNZx95N8WfrhBa
fcGophxOH/mpE0ucS5AIxtimNFGtAusEBhmxOjn8GiLMIdyh1sRlrd0NvuMwGvuu
Sd9rt1u46e5EWa7dBGWBedk+IZCRHZNsjUVnwMfiVH7iiQ3sZNNBR4966ABdSHd1
H8HWMAFoIuKXDVn/AhqhyAZ63IAYEJNnGv9JmENOmHOJ/P0pHlWcEzjGM2BPyh7c
UxEUvj3y1QaBm68JiOzYTrkYXSYboUI/dFmUbprDZwJjZZRPXD0CTNXo9ThRCxV4
34Lcfjm33voENc73x3KQgI7xpxVk1nMbs2cu7voqyQ7W
-----END CERTIFICATE-----