This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/cpXnQ54ogNeEFY_Pmix7pjKtsVY.roa
File:                     cpXnQ54ogNeEFY_Pmix7pjKtsVY.roa (raw, json)
Hash identifier:          kjAIzOeWynNpPehvnohJeIDqQVE5YFpuq0XNwmJJBro=
Subject key identifier:   72:95:E7:43:9E:28:80:D7:84:15:8F:CF:9A:2C:7B:A6:32:AD:B1:56
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019B78A2762D36524DE5435104908E4E68F7
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/cpXnQ54ogNeEFY_Pmix7pjKtsVY.roa
Signing time:             Thu 01 Jan 2026 08:17:51 +0000
ROA not before:           Thu 01 Jan 2026 08:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20016
IP address blocks:        185.161.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:76:2d:36:52:4d:e5:43:51:04:90:8e:4e:68:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 08:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7295e7439e2880d784158fcf9a2c7ba632adb156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3b:67:54:27:59:e7:11:4f:6b:5b:3a:62:ff:
                    a8:94:a1:e9:dc:89:93:bd:38:f5:6b:a6:68:2b:5e:
                    d2:b8:0a:44:72:20:cf:53:59:5d:30:e0:19:81:c4:
                    d8:35:a3:d6:d4:1f:05:c5:a8:06:49:a4:3d:43:13:
                    47:f2:4d:53:54:e2:01:b2:e7:6e:aa:75:af:70:d6:
                    db:4e:4a:6e:11:71:b6:ef:b3:45:0f:0b:c3:ef:41:
                    24:59:1a:cc:6c:b6:9c:ec:65:9a:3b:dc:3c:a7:93:
                    d1:36:ea:d8:a2:db:44:06:bd:87:ce:14:f9:f6:74:
                    5a:0d:78:21:33:ae:2a:7e:92:b0:78:77:39:f2:90:
                    da:94:48:d0:2d:3f:9f:0d:39:32:b1:e2:1d:e3:bb:
                    07:39:6b:63:7f:26:25:38:41:3f:c6:85:ea:b3:18:
                    39:b9:15:f5:59:c4:52:25:9b:29:c2:89:14:8c:1f:
                    23:b0:42:1c:7e:a3:c4:b9:8f:03:cf:41:29:84:44:
                    4c:62:03:96:c0:0a:e5:2e:72:ef:f1:06:1d:84:b0:
                    03:0c:ef:ed:48:44:68:f8:79:72:30:06:ff:21:8e:
                    b2:d2:5d:2c:0b:69:68:3a:e1:5f:01:6a:9b:bc:b2:
                    7c:4f:d0:4c:f7:5f:4a:42:2b:8c:c4:53:8b:c8:23:
                    4d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:95:E7:43:9E:28:80:D7:84:15:8F:CF:9A:2C:7B:A6:32:AD:B1:56
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/cpXnQ54ogNeEFY_Pmix7pjKtsVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:78:00:92:23:62:3b:b6:63:80:a9:fe:93:95:27:53:f2:aa:
         6b:1a:a0:a5:3d:ff:16:03:d6:f0:10:88:9f:ef:56:f6:b5:54:
         ac:2e:83:12:87:8f:70:a5:79:34:1f:06:80:88:0e:f0:e3:22:
         89:d9:05:0d:55:83:60:2b:1d:42:dd:1e:99:08:12:a5:ba:cb:
         b7:b8:da:af:a4:5a:09:2f:51:b1:3a:bf:15:4e:fa:70:35:25:
         88:35:bb:74:9f:cc:34:76:7e:4e:e4:2c:80:cf:e0:6f:b7:51:
         57:fe:41:df:3a:4b:e5:c5:7c:82:92:da:02:cd:e2:57:f1:48:
         5e:1b:c9:a3:a4:b2:a3:59:e2:b5:8b:63:d4:ff:b6:c8:2c:39:
         e5:20:4b:98:36:d9:cb:b9:38:85:fc:62:ad:8f:95:5a:58:10:
         58:3b:40:53:ba:ea:99:71:55:89:a6:01:c9:ce:1b:f5:a3:ac:
         63:43:06:d6:9d:d6:14:9d:95:41:41:0f:40:4d:2f:ae:cf:a4:
         4c:ce:04:f0:2b:e5:0c:b9:d8:24:7b:24:f4:37:65:93:88:e1:
         88:c8:86:09:11:18:a0:01:0d:01:31:12:6c:7c:a4:ff:f7:c5:
         f2:53:2b:75:3b:2d:a8:52:b3:94:1f:c6:f4:1b:5e:0e:58:ea:
         e9:a5:dd:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4onYtNlJN5UNRBJCOTmj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMTAxMDgxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk1ZTc0MzllMjg4MGQ3ODQxNThmY2Y5YTJjN2JhNjMyYWRiMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljtnVCdZ5xFPa1s6Yv+olKHp3ImT
vTj1a6ZoK17SuApEciDPU1ldMOAZgcTYNaPW1B8FxagGSaQ9QxNH8k1TVOIBsudu
qnWvcNbbTkpuEXG277NFDwvD70EkWRrMbLac7GWaO9w8p5PRNurYottEBr2HzhT5
9nRaDXghM64qfpKweHc58pDalEjQLT+fDTkyseId47sHOWtjfyYlOEE/xoXqsxg5
uRX1WcRSJZspwokUjB8jsEIcfqPEuY8Dz0EphERMYgOWwArlLnLv8QYdhLADDO/t
SERo+HlyMAb/IY6y0l0sC2loOuFfAWqbvLJ8T9BM919KQiuMxFOLyCNNMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKV50OeKIDXhBWPz5ose6YyrbFWMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvY3BYblE1NG9nTmVFRllfUG1peDdwakt0c1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaG9MA0G
CSqGSIb3DQEBCwUAA4IBAQAbeACSI2I7tmOAqf6TlSdT8qprGqClPf8WA9bwEIif
71b2tVSsLoMSh49wpXk0HwaAiA7w4yKJ2QUNVYNgKx1C3R6ZCBKlusu3uNqvpFoJ
L1GxOr8VTvpwNSWINbt0n8w0dn5O5CyAz+Bvt1FX/kHfOkvlxXyCktoCzeJX8Uhe
G8mjpLKjWeK1i2PU/7bILDnlIEuYNtnLuTiF/GKtj5VaWBBYO0BTuuqZcVWJpgHJ
zhv1o6xjQwbWndYUnZVBQQ9ATS+uz6RMzgTwK+UMudgkeyT0N2WTiOGIyIYJERig
AQ0BMRJsfKT/98XyUyt1Oy2oUrOUH8b0G14OWOrppd11
-----END CERTIFICATE-----