This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/tUd0APy5lJPbz6wFDFJu0u985WQ.roa
File:                     tUd0APy5lJPbz6wFDFJu0u985WQ.roa (raw, json)
Hash identifier:          KqXLchMnbVqnoKOUk/yCQOefoXck4w0BI9s549cedMw=
Subject key identifier:   B5:47:74:00:FC:B9:94:93:DB:CF:AC:05:0C:52:6E:D2:EF:7C:E5:64
Certificate issuer:       /CN=7250baadff2c286c60b96107d2c64d537ec0aca6
Certificate serial:       019B7D5CBED557F1B961D962AB857A8B60B8
Authority key identifier: 72:50:BA:AD:FF:2C:28:6C:60:B9:61:07:D2:C6:4D:53:7E:C0:AC:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clC6rf8sKGxguWEH0sZNU37ArKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/tUd0APy5lJPbz6wFDFJu0u985WQ.roa
Signing time:             Fri 02 Jan 2026 06:19:48 +0000
ROA not before:           Fri 02 Jan 2026 06:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206091
IP address blocks:        185.196.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/clC6rf8sKGxguWEH0sZNU37ArKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/clC6rf8sKGxguWEH0sZNU37ArKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clC6rf8sKGxguWEH0sZNU37ArKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:be:d5:57:f1:b9:61:d9:62:ab:85:7a:8b:60:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7250baadff2c286c60b96107d2c64d537ec0aca6
        Validity
            Not Before: Jan  2 06:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5477400fcb99493dbcfac050c526ed2ef7ce564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a2:eb:71:f1:ee:96:10:65:52:bd:7c:45:53:
                    ab:ee:9d:0c:53:8b:af:73:41:59:60:77:be:43:f7:
                    9e:71:49:8b:ae:d9:af:8a:9a:25:bd:d7:5e:1b:bd:
                    a7:af:a8:e7:f6:b0:ad:bd:01:59:29:f6:12:b3:b2:
                    07:46:68:f9:ae:b2:38:f9:b4:b3:7f:0d:1e:91:5c:
                    2f:e6:9f:ba:49:ac:f7:3c:db:08:2b:0f:4b:f5:d9:
                    22:c2:cb:ee:c7:91:ca:85:81:c3:84:63:8a:56:f5:
                    11:91:21:60:d7:62:97:7f:ca:84:01:9a:96:79:22:
                    d4:a5:1c:25:70:9a:4f:f7:fe:d5:49:09:3f:08:b0:
                    aa:09:3d:69:d4:c3:be:3e:62:89:f2:0d:42:bf:70:
                    f3:a4:c9:80:40:9f:c0:a7:dd:d6:94:75:63:8a:9d:
                    5e:a6:70:e7:2b:fa:56:f6:f6:0b:08:1a:88:51:d3:
                    cb:ab:29:7a:70:70:d8:3e:af:f2:12:c5:d0:20:1f:
                    b6:35:1d:37:89:d4:de:99:ae:a1:3d:a9:b0:3a:9e:
                    50:6d:e4:97:51:80:b9:8d:e8:1c:27:b9:a0:2c:64:
                    b3:1a:89:00:15:d1:52:a3:d2:57:af:48:42:bc:7e:
                    4b:f3:f2:f3:f5:9d:3f:bb:1c:d8:62:e6:00:5c:32:
                    5c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:47:74:00:FC:B9:94:93:DB:CF:AC:05:0C:52:6E:D2:EF:7C:E5:64
            X509v3 Authority Key Identifier:
                keyid:72:50:BA:AD:FF:2C:28:6C:60:B9:61:07:D2:C6:4D:53:7E:C0:AC:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clC6rf8sKGxguWEH0sZNU37ArKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/tUd0APy5lJPbz6wFDFJu0u985WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/27e031-1386-4fca-bbe1-8e9b511cac1a/1/clC6rf8sKGxguWEH0sZNU37ArKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:21:66:bf:e2:c4:f4:95:c1:98:d3:c4:78:8d:b8:39:10:10:
         fb:eb:a2:98:0e:08:96:93:04:b0:6b:a2:15:21:2f:6f:5e:90:
         c6:d4:fe:57:d7:be:b9:b8:5b:23:e7:06:21:0f:2d:e5:5b:8a:
         c6:32:1f:41:d1:9b:90:d2:77:54:b9:79:4a:4f:7b:1a:31:aa:
         27:e3:62:2b:91:90:f5:a2:aa:f6:c9:d8:ce:7c:a3:2f:63:89:
         ce:7e:7f:31:84:af:8d:c0:88:7b:cd:6a:17:e6:8f:f6:08:49:
         62:9d:01:aa:aa:c4:1b:92:59:d8:24:b1:11:3b:fa:c1:91:64:
         ce:fa:86:12:a0:eb:19:16:17:bb:9e:fa:17:15:7f:7b:1e:10:
         6d:e8:ad:f5:dd:99:c1:f1:fd:44:67:87:6f:39:a8:98:ff:f6:
         09:4c:6a:e9:72:83:d9:e3:af:80:34:ac:6a:81:91:72:6d:e0:
         f8:77:ff:8f:16:97:50:06:e8:2f:aa:64:bd:fc:bd:da:dd:d0:
         f5:8a:a4:b6:95:f8:74:7e:70:7f:84:3b:f2:c3:c6:ec:71:4c:
         3f:2e:cc:c4:5b:06:6c:61:b2:1b:c0:15:e5:38:6c:74:95:59:
         bb:e1:61:77:18:0c:23:b1:38:f4:3d:9a:5e:17:3b:80:75:01:
         55:a7:84:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XL7VV/G5Ydliq4V6i2C4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNTBiYWFkZmYyYzI4NmM2MGI5NjEwN2QyYzY0ZDUzN2Vj
MGFjYTYwHhcNMjYwMTAyMDYxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ3NzQwMGZjYjk5NDkzZGJjZmFjMDUwYzUyNmVkMmVmN2NlNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqLrcfHulhBlUr18RVOr7p0MU4uv
c0FZYHe+Q/eecUmLrtmvipolvddeG72nr6jn9rCtvQFZKfYSs7IHRmj5rrI4+bSz
fw0ekVwv5p+6Saz3PNsIKw9L9dkiwsvux5HKhYHDhGOKVvURkSFg12KXf8qEAZqW
eSLUpRwlcJpP9/7VSQk/CLCqCT1p1MO+PmKJ8g1Cv3DzpMmAQJ/Ap93WlHVjip1e
pnDnK/pW9vYLCBqIUdPLqyl6cHDYPq/yEsXQIB+2NR03idTema6hPamwOp5QbeSX
UYC5jegcJ7mgLGSzGokAFdFSo9JXr0hCvH5L8/Lz9Z0/uxzYYuYAXDJcJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVHdAD8uZST28+sBQxSbtLvfOVkMB8GA1UdIwQY
MBaAFHJQuq3/LChsYLlhB9LGTVN+wKymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2xDNnJmOHNLR3hndVdFSDBzWk5VMzdBcktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8yN2UwMzEtMTM4Ni00ZmNhLWJiZTEt
OGU5YjUxMWNhYzFhLzEvdFVkMEFQeTVsSlBiejZ3RkRGSnUwdTk4NVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8yN2UwMzEtMTM4Ni00ZmNhLWJiZTEtOGU5YjUxMWNhYzFh
LzEvY2xDNnJmOHNLR3hndVdFSDBzWk5VMzdBcktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucSwMA0G
CSqGSIb3DQEBCwUAA4IBAQB3IWa/4sT0lcGY08R4jbg5EBD766KYDgiWkwSwa6IV
IS9vXpDG1P5X1765uFsj5wYhDy3lW4rGMh9B0ZuQ0ndUuXlKT3saMaon42IrkZD1
oqr2ydjOfKMvY4nOfn8xhK+NwIh7zWoX5o/2CElinQGqqsQbklnYJLERO/rBkWTO
+oYSoOsZFhe7nvoXFX97HhBt6K313ZnB8f1EZ4dvOaiY//YJTGrpcoPZ46+ANKxq
gZFybeD4d/+PFpdQBugvqmS9/L3a3dD1iqS2lfh0fnB/hDvyw8bscUw/LszEWwZs
YbIbwBXlOGx0lVm74WF3GAwjsTj0PZpeFzuAdQFVp4S7
-----END CERTIFICATE-----