This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/X0ur3LhvwaGbR0SSZ5X6a-FSnjA.roa
File:                     X0ur3LhvwaGbR0SSZ5X6a-FSnjA.roa (raw, json)
Hash identifier:          IToaXqDk0KkIsGrmapc6E0mxayDrae727bDiBQN47vQ=
Subject key identifier:   5F:4B:AB:DC:B8:6F:C1:A1:9B:47:44:92:67:95:FA:6B:E1:52:9E:30
Certificate issuer:       /CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
Certificate serial:       019B78A287A5A12E7ED1E1032665EA16E8C7
Authority key identifier: D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/X0ur3LhvwaGbR0SSZ5X6a-FSnjA.roa
Signing time:             Thu 01 Jan 2026 08:17:56 +0000
ROA not before:           Thu 01 Jan 2026 08:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        130.185.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:87:a5:a1:2e:7e:d1:e1:03:26:65:ea:16:e8:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
        Validity
            Not Before: Jan  1 08:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f4babdcb86fc1a19b4744926795fa6be1529e30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e5:91:88:d6:38:fe:51:fd:f2:28:7f:7c:98:
                    d0:5c:2f:f8:17:ac:49:70:2b:43:91:ac:2c:95:91:
                    c9:fe:d2:53:4a:77:74:9d:81:cc:4f:a6:17:a2:bc:
                    67:c3:71:49:c2:21:9e:b4:e5:dd:a6:26:5a:e6:64:
                    3d:7e:d8:b2:ae:ec:11:b9:d6:a8:1b:78:cb:51:09:
                    13:c9:b1:13:53:e3:51:76:07:4e:99:8d:be:1e:9d:
                    d7:d8:89:0b:bc:21:a8:8d:47:f5:c0:8c:83:0e:c1:
                    04:37:1d:29:c1:23:49:17:1b:06:b3:79:57:2e:c4:
                    8d:c4:2f:fa:74:43:20:68:b2:f3:90:55:68:24:b3:
                    c8:01:73:48:50:7e:28:ea:3f:a7:4f:b9:7e:69:0d:
                    15:9a:82:d8:60:a2:2d:ff:e7:39:bc:2f:83:df:f4:
                    4c:40:cb:ec:5d:da:80:41:49:51:9c:de:19:fa:8b:
                    e1:78:b0:7d:f4:83:f0:6a:d1:29:52:53:9f:94:2b:
                    ca:6c:2b:c2:8c:92:95:f7:9a:7c:56:cb:b0:9c:11:
                    14:7f:69:10:aa:4f:aa:d5:c7:48:e7:de:84:d8:73:
                    21:09:9d:e6:0c:16:65:d3:0c:04:1c:46:0c:db:e2:
                    5a:f9:3d:a3:30:c6:cc:da:3e:19:da:0f:da:d1:9f:
                    ad:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4B:AB:DC:B8:6F:C1:A1:9B:47:44:92:67:95:FA:6B:E1:52:9E:30
            X509v3 Authority Key Identifier:
                keyid:D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/X0ur3LhvwaGbR0SSZ5X6a-FSnjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:78:65:09:c6:5a:ca:2a:ce:23:87:b7:1e:e2:cf:6f:5b:78:
         c0:bd:02:29:b0:d3:e9:5e:55:ae:f3:66:ed:06:8b:c9:84:d0:
         fb:bd:9e:d6:82:fb:6f:6a:04:cd:0d:b7:ae:ef:60:fc:e1:28:
         9d:b0:e9:ab:ad:37:1f:dd:e9:fe:b2:ad:72:b0:74:09:c7:c8:
         0e:85:87:46:b1:fc:dc:fc:a7:08:1d:b1:02:da:8a:25:31:7f:
         1e:5d:0a:69:49:d2:35:f9:30:65:a6:a5:60:46:fd:93:02:41:
         69:62:af:91:17:f1:51:6d:6e:55:da:2b:04:98:8f:75:4c:5b:
         a7:a4:d5:81:9b:78:2e:d0:08:1a:dc:e6:d8:d9:8e:6f:a0:3e:
         2d:02:a1:7f:e0:13:67:cf:2f:4d:d8:c1:c6:fa:af:d6:bb:3c:
         0e:09:42:75:db:fb:fe:70:b0:4c:69:73:80:1a:ca:d0:5d:27:
         71:f2:db:b9:1b:20:ce:cf:42:61:9a:4d:c0:e8:d8:19:78:36:
         bb:56:46:f6:2e:7d:c6:b0:72:83:b9:ca:a4:5d:73:7f:01:1c:
         53:f1:89:e5:fd:c8:b8:38:43:cd:4a:5b:17:7c:50:9f:c2:17:
         31:c7:4d:76:14:5c:1f:94:e8:0f:42:9c:dd:60:b2:3a:b0:ee:
         d6:2f:37:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ooeloS5+0eEDJmXqFujHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1NWY5YTUyNzI3ZjZiY2Y3MTVjYjQ3NTBhMmE0YTZj
MzUxNjEwHhcNMjYwMTAxMDgxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRiYWJkY2I4NmZjMWExOWI0NzQ0OTI2Nzk1ZmE2YmUxNTI5ZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOWRiNY4/lH98ih/fJjQXC/4F6xJ
cCtDkawslZHJ/tJTSnd0nYHMT6YXorxnw3FJwiGetOXdpiZa5mQ9ftiyruwRudao
G3jLUQkTybETU+NRdgdOmY2+Hp3X2IkLvCGojUf1wIyDDsEENx0pwSNJFxsGs3lX
LsSNxC/6dEMgaLLzkFVoJLPIAXNIUH4o6j+nT7l+aQ0VmoLYYKIt/+c5vC+D3/RM
QMvsXdqAQUlRnN4Z+ovheLB99IPwatEpUlOflCvKbCvCjJKV95p8VsuwnBEUf2kQ
qk+q1cdI596E2HMhCZ3mDBZl0wwEHEYM2+Ja+T2jMMbM2j4Z2g/a0Z+tGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9Lq9y4b8Ghm0dEkmeV+mvhUp4wMB8GA1UdIwQY
MBaAFNSFVfmlJyf2vPcVy0dQoqSmw1FhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2Et
MDJhYmY4NTcyZmNiLzEvWDB1cjNMaHZ3YUdiUjBTU1o1WDZhLUZTbmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2EtMDJhYmY4NTcyZmNi
LzEvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgrmoMA0G
CSqGSIb3DQEBCwUAA4IBAQBPeGUJxlrKKs4jh7ce4s9vW3jAvQIpsNPpXlWu82bt
BovJhND7vZ7WgvtvagTNDbeu72D84SidsOmrrTcf3en+sq1ysHQJx8gOhYdGsfzc
/KcIHbEC2oolMX8eXQppSdI1+TBlpqVgRv2TAkFpYq+RF/FRbW5V2isEmI91TFun
pNWBm3gu0Aga3ObY2Y5voD4tAqF/4BNnzy9N2MHG+q/WuzwOCUJ12/v+cLBMaXOA
GsrQXSdx8tu5GyDOz0Jhmk3A6NgZeDa7Vkb2Ln3GsHKDucqkXXN/ARxT8Ynl/ci4
OEPNSlsXfFCfwhcxx012FFwflOgPQpzdYLI6sO7WLzeB
-----END CERTIFICATE-----