This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/67pKVcBP4g1ka7BHnXY8o1GjatI.roa
File:                     67pKVcBP4g1ka7BHnXY8o1GjatI.roa (raw, json)
Hash identifier:          NHI8d7vH5tjpxPomV3eBVCOa5aQTAvgW0GwAOx6HDCM=
Subject key identifier:   EB:BA:4A:55:C0:4F:E2:0D:64:6B:B0:47:9D:76:3C:A3:51:A3:6A:D2
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       019B7F82FD16038D136980ECC66F82CAD35D
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/67pKVcBP4g1ka7BHnXY8o1GjatI.roa
Signing time:             Fri 02 Jan 2026 16:20:49 +0000
ROA not before:           Fri 02 Jan 2026 16:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39737
IP address blocks:        37.153.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:fd:16:03:8d:13:69:80:ec:c6:6f:82:ca:d3:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  2 16:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebba4a55c04fe20d646bb0479d763ca351a36ad2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:60:38:b7:9e:a0:13:28:2c:15:ff:67:80:5c:
                    eb:c9:fa:05:78:c6:cd:15:90:d3:b8:3d:c8:4c:c9:
                    e8:94:01:97:93:57:dc:5b:ce:16:0f:4f:5f:9b:2b:
                    3b:66:88:0f:b7:d1:f1:ee:6c:cf:f0:26:f0:ca:59:
                    de:8f:ed:5d:d7:85:8c:3d:b6:c0:28:e8:17:de:60:
                    36:86:2a:8b:f1:ff:83:c2:15:d7:ba:e5:b1:e7:cd:
                    cd:97:d8:54:2a:75:71:7d:0f:d8:d9:26:47:df:6b:
                    33:c3:a9:e6:c5:21:25:21:f0:1c:46:e7:c5:ba:f7:
                    f6:0f:14:bd:a5:4c:db:57:0b:f3:97:40:96:89:f5:
                    8b:8f:43:b7:78:77:ef:0d:e6:67:65:88:11:b1:d0:
                    81:d3:8e:36:52:ec:00:43:b8:c1:80:af:20:55:d2:
                    75:a1:16:aa:a7:62:25:34:90:46:77:19:fa:a8:fd:
                    f9:f2:54:42:58:f6:9c:aa:a6:23:e4:a7:69:51:88:
                    4d:8c:e7:a9:bd:ad:fc:b2:66:71:a2:04:69:04:74:
                    f5:01:23:c0:65:8b:7e:ad:c3:b5:e1:ce:a2:fe:00:
                    7f:f9:26:05:dc:38:53:b8:a0:f7:cf:f8:f9:12:de:
                    84:aa:d2:22:4a:4d:e0:f6:b0:5c:64:d9:10:c9:9f:
                    05:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BA:4A:55:C0:4F:E2:0D:64:6B:B0:47:9D:76:3C:A3:51:A3:6A:D2
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/67pKVcBP4g1ka7BHnXY8o1GjatI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4f:1c:b4:cc:d6:b0:38:cf:1c:9c:ef:80:00:c2:70:bb:ef:
         c5:6d:2d:7e:06:5e:c0:4e:5d:a2:8b:6d:ea:2b:12:5b:df:28:
         1d:40:c3:53:cc:25:de:42:99:46:bc:f2:d2:4b:6c:2f:c2:b8:
         93:98:7e:0e:dd:d2:9d:3d:16:f3:63:62:13:0c:56:ad:eb:df:
         f2:a1:9e:25:f4:f7:c7:18:b2:2e:0b:16:af:48:c9:0e:e1:68:
         3b:a2:98:fe:e4:41:cf:1f:15:14:1d:5f:a4:90:a7:bb:76:cc:
         79:e7:26:85:f6:fa:d4:78:d6:39:f1:07:e3:b3:3b:aa:be:2c:
         1b:b1:fb:6f:23:3a:25:88:03:73:46:a2:55:ef:5c:22:6d:36:
         23:87:fd:26:22:d8:26:51:55:85:55:a5:d3:c3:20:12:33:46:
         33:0f:2a:ad:50:94:a2:4b:e4:5b:a6:f1:bf:38:55:6c:f2:45:
         9e:3c:de:18:ae:d0:4e:60:c9:f9:d6:1a:c9:0d:41:2b:37:82:
         f3:5e:47:38:38:02:98:60:2a:45:d3:b9:63:0c:f3:0d:ca:bb:
         83:44:bc:a1:59:ac:f3:5e:31:ee:cb:cb:8d:b5:fe:17:0b:b3:
         96:8e:0a:fb:cb:45:f4:3b:92:4a:60:38:ff:b4:79:a0:34:b5:
         68:91:fd:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gv0WA40TaYDsxm+CytNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjYwMTAyMTYyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmJhNGE1NWMwNGZlMjBkNjQ2YmIwNDc5ZDc2M2NhMzUxYTM2YWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmA4t56gEygsFf9ngFzryfoFeMbN
FZDTuD3ITMnolAGXk1fcW84WD09fmys7ZogPt9Hx7mzP8Cbwylnej+1d14WMPbbA
KOgX3mA2hiqL8f+DwhXXuuWx583Nl9hUKnVxfQ/Y2SZH32szw6nmxSElIfAcRufF
uvf2DxS9pUzbVwvzl0CWifWLj0O3eHfvDeZnZYgRsdCB0442UuwAQ7jBgK8gVdJ1
oRaqp2IlNJBGdxn6qP358lRCWPacqqYj5KdpUYhNjOepva38smZxogRpBHT1ASPA
ZYt+rcO14c6i/gB/+SYF3DhTuKD3z/j5Et6EqtIiSk3g9rBcZNkQyZ8FEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu6SlXAT+INZGuwR512PKNRo2rSMB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvNjdwS1ZjQlA0ZzFrYTdCSG5YWThvMUdqYXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmIMA0G
CSqGSIb3DQEBCwUAA4IBAQABTxy0zNawOM8cnO+AAMJwu+/FbS1+Bl7ATl2ii23q
KxJb3ygdQMNTzCXeQplGvPLSS2wvwriTmH4O3dKdPRbzY2ITDFat69/yoZ4l9PfH
GLIuCxavSMkO4Wg7opj+5EHPHxUUHV+kkKe7dsx55yaF9vrUeNY58Qfjszuqviwb
sftvIzoliANzRqJV71wibTYjh/0mItgmUVWFVaXTwyASM0YzDyqtUJSiS+RbpvG/
OFVs8kWePN4YrtBOYMn51hrJDUErN4LzXkc4OAKYYCpF07ljDPMNyruDRLyhWazz
XjHuy8uNtf4XC7OWjgr7y0X0O5JKYDj/tHmgNLVokf31
-----END CERTIFICATE-----