This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1r2LQ6g1ZJE6hel-jMzhct5sTsY.roa
File:                     1r2LQ6g1ZJE6hel-jMzhct5sTsY.roa (raw, json)
Hash identifier:          e2t3PSk6fkCAVOGxFdKf4KKM2aYvRs4qINXC9/zr8dI=
Subject key identifier:   D6:BD:8B:43:A8:35:64:91:3A:85:E9:7E:8C:CC:E1:72:DE:6C:4E:C6
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019B77C6FE702F31B19E695D811AC2223260
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1r2LQ6g1ZJE6hel-jMzhct5sTsY.roa
Signing time:             Thu 01 Jan 2026 04:18:08 +0000
ROA not before:           Thu 01 Jan 2026 04:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209732
IP address blocks:        193.151.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:fe:70:2f:31:b1:9e:69:5d:81:1a:c2:22:32:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 04:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6bd8b43a83564913a85e97e8ccce172de6c4ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f2:6b:9a:e6:fe:d2:81:4c:7e:b3:7f:2b:03:
                    dd:a7:a1:b0:a1:ba:99:96:be:4e:4c:d9:b1:03:6c:
                    a4:2f:89:52:5b:fc:8f:9f:10:86:44:1c:73:df:bd:
                    22:bc:b4:93:a0:c2:3b:8e:a1:db:e6:8b:bc:7b:b6:
                    93:e5:95:b9:88:e1:07:08:68:a1:5d:b4:c8:44:99:
                    3e:e4:6b:47:d6:ac:c8:50:dd:9e:15:0a:41:20:8d:
                    ac:a2:94:ea:fc:e3:03:55:28:a7:02:c7:e6:ee:46:
                    fa:30:7b:62:af:ce:59:ce:f7:27:c3:9d:39:0a:9d:
                    cf:d7:d9:4e:ba:4c:12:ed:2a:a1:ae:13:dd:3d:5b:
                    70:40:34:94:f9:b9:54:70:df:b6:8a:49:f3:ac:fe:
                    be:a9:49:7b:7d:90:44:db:d8:67:64:e8:48:f6:88:
                    a6:4e:5b:77:53:4d:4a:72:35:ec:63:aa:a0:52:67:
                    92:a2:27:f7:a6:36:22:7b:63:d8:c8:f2:06:12:b2:
                    6c:1c:e9:fa:60:05:2c:46:1f:f7:2c:37:65:5a:c8:
                    3b:97:d9:d9:1a:3a:59:7a:2b:40:15:e1:19:be:d8:
                    de:1e:2b:9c:d3:6a:86:05:76:15:ee:6b:ee:96:20:
                    c2:bb:e2:53:9d:31:3f:0b:3e:3d:28:e1:7d:b6:4c:
                    42:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:BD:8B:43:A8:35:64:91:3A:85:E9:7E:8C:CC:E1:72:DE:6C:4E:C6
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1r2LQ6g1ZJE6hel-jMzhct5sTsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:06:4f:f5:49:f7:e6:18:86:52:87:43:19:4f:a4:52:71:b0:
         bb:e5:f3:68:30:32:5c:df:92:d8:5c:b6:ba:42:b5:38:5a:89:
         14:03:16:8a:50:c9:ba:79:14:09:d3:58:72:40:3b:ca:80:f9:
         8d:bf:21:79:83:96:f3:e0:87:3a:02:f0:c9:fa:7b:36:aa:ed:
         4b:ef:6c:aa:80:b8:00:b6:c4:2b:f4:bf:ea:bd:da:84:59:76:
         aa:00:72:41:0e:6e:4c:de:6e:5a:5a:ca:4d:5e:96:2a:20:f2:
         90:6b:30:36:d7:b9:c8:35:fc:54:dc:af:81:d4:9d:56:d2:c5:
         09:e7:c5:8c:c6:0a:1b:71:a0:84:a4:30:73:d4:da:ba:94:89:
         81:9a:23:a0:1d:1f:91:22:3d:b2:69:0b:a8:46:84:39:47:40:
         43:06:a1:d3:ba:69:29:ce:01:c8:10:b2:5b:07:03:fb:34:ec:
         e8:5b:c7:a9:30:03:aa:6e:e4:e4:9a:5b:51:f9:cb:70:e2:0c:
         42:1b:56:5c:8c:df:2a:95:b8:8a:ad:d6:3b:ae:c9:44:9a:92:
         74:be:e9:99:72:6f:a1:94:29:30:56:f5:41:33:d7:b3:89:95:
         65:d0:e7:44:80:d2:57:9c:69:c1:93:ed:4d:1d:dd:47:8e:55:
         dd:dc:f2:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xv5wLzGxnmldgRrCIjJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMTAxMDQxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmJkOGI0M2E4MzU2NDkxM2E4NWU5N2U4Y2NjZTE3MmRlNmM0ZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPJrmub+0oFMfrN/KwPdp6GwobqZ
lr5OTNmxA2ykL4lSW/yPnxCGRBxz370ivLSToMI7jqHb5ou8e7aT5ZW5iOEHCGih
XbTIRJk+5GtH1qzIUN2eFQpBII2sopTq/OMDVSinAsfm7kb6MHtir85Zzvcnw505
Cp3P19lOukwS7SqhrhPdPVtwQDSU+blUcN+2iknzrP6+qUl7fZBE29hnZOhI9oim
Tlt3U01KcjXsY6qgUmeSoif3pjYie2PYyPIGErJsHOn6YAUsRh/3LDdlWsg7l9nZ
GjpZeitAFeEZvtjeHiuc02qGBXYV7mvuliDCu+JTnTE/Cz49KOF9tkxCowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNa9i0OoNWSROoXpfozM4XLebE7GMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvMXIyTFE2ZzFaSkU2aGVsLWpNemhjdDVzVHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZelMA0G
CSqGSIb3DQEBCwUAA4IBAQAlBk/1SffmGIZSh0MZT6RScbC75fNoMDJc35LYXLa6
QrU4WokUAxaKUMm6eRQJ01hyQDvKgPmNvyF5g5bz4Ic6AvDJ+ns2qu1L72yqgLgA
tsQr9L/qvdqEWXaqAHJBDm5M3m5aWspNXpYqIPKQazA217nINfxU3K+B1J1W0sUJ
58WMxgobcaCEpDBz1Nq6lImBmiOgHR+RIj2yaQuoRoQ5R0BDBqHTumkpzgHIELJb
BwP7NOzoW8epMAOqbuTkmltR+ctw4gxCG1ZcjN8qlbiKrdY7rslEmpJ0vumZcm+h
lCkwVvVBM9eziZVl0OdEgNJXnGnBk+1NHd1HjlXd3PJs
-----END CERTIFICATE-----