This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/fBLAHwUkRrn6HYBRnTV7FYQGNDQ.roa
File:                     fBLAHwUkRrn6HYBRnTV7FYQGNDQ.roa (raw, json)
Hash identifier:          2J5IIevOI4AOjVlKsCvjgqwg6VuZoErPwilBziOfEkw=
Subject key identifier:   7C:12:C0:1F:05:24:46:B9:FA:1D:80:51:9D:35:7B:15:84:06:34:34
Certificate issuer:       /CN=f939b03f1294ebd35a3b15d695d7e91f8cb41fa0
Certificate serial:       019B7DC99A594299EFDA9AFE84451BBCC31D
Authority key identifier: F9:39:B0:3F:12:94:EB:D3:5A:3B:15:D6:95:D7:E9:1F:8C:B4:1F:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/fBLAHwUkRrn6HYBRnTV7FYQGNDQ.roa
Signing time:             Fri 02 Jan 2026 08:18:42 +0000
ROA not before:           Fri 02 Jan 2026 08:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200530
IP address blocks:        194.5.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:9a:59:42:99:ef:da:9a:fe:84:45:1b:bc:c3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f939b03f1294ebd35a3b15d695d7e91f8cb41fa0
        Validity
            Not Before: Jan  2 08:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c12c01f052446b9fa1d80519d357b1584063434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:1e:86:44:66:e2:96:85:c2:42:a4:ab:56:d9:
                    59:b0:6a:91:4d:39:6b:f0:97:55:d6:ee:1e:e6:21:
                    60:2f:d4:fb:64:33:ad:1d:5b:a6:a4:0f:38:46:d7:
                    09:81:c0:e4:50:b5:f2:16:8f:3f:f2:10:46:ad:af:
                    ed:1b:3e:83:06:98:2e:a9:cb:6b:b2:3e:5b:9d:a6:
                    73:57:70:c5:4b:d6:de:98:b2:c5:89:bb:f7:e8:ab:
                    cb:23:e0:43:2e:0e:91:93:c7:13:ff:67:e8:a4:5e:
                    f4:10:89:12:d6:a7:cc:fb:5a:19:5d:e1:6b:b6:97:
                    38:d3:72:8c:01:28:dd:0a:9e:19:8a:5e:22:af:d4:
                    c2:f1:b4:cd:9a:7c:d4:9b:c5:ca:a7:dd:09:27:3a:
                    f8:52:c4:14:f4:64:4b:01:2d:22:a0:6c:cb:10:c9:
                    a0:d4:03:92:f3:85:13:d2:56:5f:50:14:97:a8:4c:
                    52:12:9c:31:b2:0e:ba:07:66:fc:00:73:02:29:03:
                    90:95:a3:a2:48:de:6e:3f:19:7f:21:77:90:5d:49:
                    16:69:5d:6d:3f:f7:40:10:d1:1d:8b:1b:f1:d3:b1:
                    1d:ce:65:07:26:ae:cf:55:35:a1:e4:2d:1f:e1:bf:
                    e4:44:87:8b:cc:23:72:08:97:63:44:f0:72:77:f4:
                    aa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:12:C0:1F:05:24:46:B9:FA:1D:80:51:9D:35:7B:15:84:06:34:34
            X509v3 Authority Key Identifier:
                keyid:F9:39:B0:3F:12:94:EB:D3:5A:3B:15:D6:95:D7:E9:1F:8C:B4:1F:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TmwPxKU69NaOxXWldfpH4y0H6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/fBLAHwUkRrn6HYBRnTV7FYQGNDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0c9de8-cef2-4d8d-a920-76594a19177c/1/1-TmwPxKU69NaOxXWldfpH4y0H6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:c6:63:c0:f5:14:5b:d0:c9:99:e2:1f:10:8d:c0:5c:26:04:
         17:55:6d:9c:67:11:0c:76:03:d7:75:95:56:ce:5d:06:2f:cf:
         b9:8c:31:72:5b:c0:ef:3d:b3:b8:9a:34:f6:d3:54:65:39:cf:
         9d:6c:29:18:17:77:1f:de:19:06:78:7d:dc:0d:ec:81:87:92:
         84:40:ba:83:52:c7:8c:61:56:c1:00:7e:ad:44:8c:a9:47:97:
         21:1e:3e:c3:96:b2:2f:8d:d8:83:a3:25:da:ea:81:c8:9f:76:
         32:bd:be:9b:23:0c:5f:68:1b:e2:ee:d7:02:7e:4a:ed:79:9d:
         ee:90:df:b0:35:61:e8:f2:ec:72:05:79:4a:3c:32:08:e3:19:
         3e:1a:2f:68:b7:21:3a:9d:d5:1d:d6:1d:29:28:cb:49:e8:2b:
         03:56:20:26:28:62:80:bb:d0:bd:90:37:3d:40:61:3b:66:c5:
         f9:41:93:d8:e7:ff:7d:f8:78:12:ad:fb:62:7a:f6:3c:fd:47:
         a9:d6:de:30:cf:31:df:bb:1e:cb:12:97:c4:fe:a2:89:27:95:
         12:48:61:55:1a:37:05:3d:9b:70:a2:5a:73:19:d8:c7:c4:e3:
         2f:7d:f9:29:62:f5:12:9e:b2:68:5a:0b:ac:96:69:12:f0:e7:
         96:db:f0:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9yZpZQpnv2pr+hEUbvMMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MzliMDNmMTI5NGViZDM1YTNiMTVkNjk1ZDdlOTFmOGNi
NDFmYTAwHhcNMjYwMTAyMDgxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzEyYzAxZjA1MjQ0NmI5ZmExZDgwNTE5ZDM1N2IxNTg0MDYzNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4h6GRGbiloXCQqSrVtlZsGqRTTlr
8JdV1u4e5iFgL9T7ZDOtHVumpA84RtcJgcDkULXyFo8/8hBGra/tGz6DBpguqctr
sj5bnaZzV3DFS9bemLLFibv36KvLI+BDLg6Rk8cT/2fopF70EIkS1qfM+1oZXeFr
tpc403KMASjdCp4Zil4ir9TC8bTNmnzUm8XKp90JJzr4UsQU9GRLAS0ioGzLEMmg
1AOS84UT0lZfUBSXqExSEpwxsg66B2b8AHMCKQOQlaOiSN5uPxl/IXeQXUkWaV1t
P/dAENEdixvx07EdzmUHJq7PVTWh5C0f4b/kRIeLzCNyCJdjRPByd/SqSwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHwSwB8FJEa5+h2AUZ01exWEBjQ0MB8GA1UdIwQY
MBaAFPk5sD8SlOvTWjsV1pXX6R+MtB+gMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1UbXdQeEtVNjlOYU94WFdsZGZwSDR5MEg2QS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvMGM5ZGU4LWNlZjItNGQ4ZC1hOTIw
LTc2NTk0YTE5MTc3Yy8xL2ZCTEFId1VrUnJuNkhZQlJuVFY3RllRR05EUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvMGM5ZGU4LWNlZjItNGQ4ZC1hOTIwLTc2NTk0YTE5MTc3
Yy8xLzEtVG13UHhLVTY5TmFPeFhXbGRmcEg0eTBINkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALCBSgw
DQYJKoZIhvcNAQELBQADggEBAKjGY8D1FFvQyZniHxCNwFwmBBdVbZxnEQx2A9d1
lVbOXQYvz7mMMXJbwO89s7iaNPbTVGU5z51sKRgXdx/eGQZ4fdwN7IGHkoRAuoNS
x4xhVsEAfq1EjKlHlyEePsOWsi+N2IOjJdrqgcifdjK9vpsjDF9oG+Lu1wJ+Su15
ne6Q37A1Yejy7HIFeUo8MgjjGT4aL2i3ITqd1R3WHSkoy0noKwNWICYoYoC70L2Q
Nz1AYTtmxflBk9jn/334eBKt+2J69jz9R6nW3jDPMd+7HssSl8T+ooknlRJIYVUa
NwU9m3CiWnMZ2MfE4y99+Sli9RKesmhaC6yWaRLw55bb8CU=
-----END CERTIFICATE-----