This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/AXFjpDXCpejxYVRyegcQY_lgsRM.roa
File:                     AXFjpDXCpejxYVRyegcQY_lgsRM.roa (raw, json)
Hash identifier:          Sa96eMd8qKDmCn/rVwKHcrgoDa7IBUJYs80RqrdQZIQ=
Subject key identifier:   01:71:63:A4:35:C2:A5:E8:F1:61:54:72:7A:07:10:63:F9:60:B1:13
Certificate issuer:       /CN=c8c2c7314593042cf74210f7f03be7106c224f89
Certificate serial:       019B7AC957AA4F62174193DE2D564C553ADD
Authority key identifier: C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/AXFjpDXCpejxYVRyegcQY_lgsRM.roa
Signing time:             Thu 01 Jan 2026 18:19:34 +0000
ROA not before:           Thu 01 Jan 2026 18:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212269
IP address blocks:        194.5.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:57:aa:4f:62:17:41:93:de:2d:56:4c:55:3a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c2c7314593042cf74210f7f03be7106c224f89
        Validity
            Not Before: Jan  1 18:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=017163a435c2a5e8f16154727a071063f960b113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5f:ff:68:05:18:e3:0a:d4:5d:14:fc:1d:fd:
                    ef:82:82:5e:c6:64:87:2c:0e:d8:9c:52:22:91:69:
                    8f:ed:71:da:7e:03:65:3f:2f:24:cb:9b:d9:4b:26:
                    37:66:22:a3:d8:76:fe:04:fc:5e:21:ca:91:8a:28:
                    5e:b0:b4:e1:de:eb:f5:a8:2f:f3:21:02:b7:84:1c:
                    51:c6:ed:cd:97:bb:c2:4c:c3:b8:be:03:1f:fd:6b:
                    5c:55:66:b9:38:61:b0:15:68:5c:e6:0c:5b:df:ce:
                    e5:f1:e1:ff:99:8d:98:0e:eb:8c:b7:80:eb:c3:ca:
                    1a:69:83:55:54:7a:d6:d3:b5:8b:a0:27:17:60:75:
                    fb:b6:4a:aa:90:54:65:52:1d:0b:c3:c1:9a:68:76:
                    0e:b3:84:29:a9:fa:37:fd:f4:48:91:e8:40:d7:a7:
                    84:64:b4:05:8f:4a:24:18:17:09:e9:e2:02:f6:b3:
                    c2:2c:b0:f6:bf:72:aa:ac:81:78:82:5b:87:8a:4b:
                    bf:97:09:4f:16:d8:66:4e:81:7c:64:69:b1:97:6b:
                    40:0a:df:00:57:e6:c0:d2:be:29:50:02:27:10:65:
                    d3:61:98:dd:20:19:3d:d9:43:19:b5:4a:af:0f:5c:
                    43:f9:31:d5:e9:e0:4b:61:47:d0:b2:41:a2:18:67:
                    69:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:71:63:A4:35:C2:A5:E8:F1:61:54:72:7A:07:10:63:F9:60:B1:13
            X509v3 Authority Key Identifier:
                keyid:C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/AXFjpDXCpejxYVRyegcQY_lgsRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:e2:0d:d2:b2:ae:32:e6:ac:2f:1a:74:42:6d:45:3a:e8:91:
         29:da:9d:39:f3:63:f9:43:44:37:ce:ce:43:e5:2a:9f:f0:88:
         a0:35:2e:3b:d4:a8:5f:65:3e:34:7a:63:9e:a6:c8:d8:72:f9:
         32:24:0d:c4:2c:8d:f5:88:57:6c:48:38:81:03:e1:f6:03:10:
         62:2d:ba:30:bf:9a:a7:32:90:94:1a:a5:d8:f7:cf:7d:b1:86:
         f7:f9:14:f1:21:97:54:a3:1c:75:40:34:05:71:ae:57:53:e8:
         bd:76:55:f7:b4:20:f1:bb:0d:d3:1d:a6:bc:65:15:0c:3b:ce:
         5e:59:a6:f3:80:1a:00:29:6e:de:fe:6e:d8:c2:b8:6f:9e:de:
         68:50:08:de:98:84:07:6a:5b:15:db:38:a8:59:fa:0c:ea:24:
         45:3d:09:01:88:8a:d8:f3:06:1b:0c:15:3b:c4:48:09:a9:1e:
         47:4a:ba:33:64:2d:32:c3:9f:d9:45:1c:b1:c0:dd:90:db:84:
         be:b3:b0:16:11:67:e2:1c:fa:2f:fb:2a:c4:fd:60:89:88:e4:
         6b:c3:84:ec:d3:f7:92:ab:d8:95:63:c6:a1:5d:29:d3:b3:5e:
         75:0e:a4:7e:1f:89:70:aa:83:af:2b:52:e8:86:ca:be:67:7b:
         43:70:0a:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yVeqT2IXQZPeLVZMVTrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzJjNzMxNDU5MzA0MmNmNzQyMTBmN2YwM2JlNzEwNmMy
MjRmODkwHhcNMjYwMTAxMTgxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTcxNjNhNDM1YzJhNWU4ZjE2MTU0NzI3YTA3MTA2M2Y5NjBiMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1//aAUY4wrUXRT8Hf3vgoJexmSH
LA7YnFIikWmP7XHafgNlPy8ky5vZSyY3ZiKj2Hb+BPxeIcqRiihesLTh3uv1qC/z
IQK3hBxRxu3Nl7vCTMO4vgMf/WtcVWa5OGGwFWhc5gxb387l8eH/mY2YDuuMt4Dr
w8oaaYNVVHrW07WLoCcXYHX7tkqqkFRlUh0Lw8GaaHYOs4Qpqfo3/fRIkehA16eE
ZLQFj0okGBcJ6eIC9rPCLLD2v3KqrIF4gluHiku/lwlPFthmToF8ZGmxl2tACt8A
V+bA0r4pUAInEGXTYZjdIBk92UMZtUqvD1xD+THV6eBLYUfQskGiGGdpjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFxY6Q1wqXo8WFUcnoHEGP5YLETMB8GA1UdIwQY
MBaAFMjCxzFFkwQs90IQ9/A75xBsIk+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjIt
M2E1M2QwZWY4YjVhLzEvQVhGanBEWENwZWp4WVZSeWVnY1FZX2xnc1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjItM2E1M2QwZWY4YjVh
LzEveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgXoMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ4g3Ssq4y5qwvGnRCbUU66JEp2p0582P5Q0Q3zs5D
5Sqf8IigNS471KhfZT40emOepsjYcvkyJA3ELI31iFdsSDiBA+H2AxBiLbowv5qn
MpCUGqXY9899sYb3+RTxIZdUoxx1QDQFca5XU+i9dlX3tCDxuw3THaa8ZRUMO85e
WabzgBoAKW7e/m7Ywrhvnt5oUAjemIQHalsV2zioWfoM6iRFPQkBiIrY8wYbDBU7
xEgJqR5HSrozZC0yw5/ZRRyxwN2Q24S+s7AWEWfiHPov+yrE/WCJiORrw4Ts0/eS
q9iVY8ahXSnTs151DqR+H4lwqoOvK1Lohsq+Z3tDcAqo
-----END CERTIFICATE-----