This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/uLeN3kY2ZRDo-2-B-T0hlmjh-nU.roa
File:                     uLeN3kY2ZRDo-2-B-T0hlmjh-nU.roa (raw, json)
Hash identifier:          eLP3MmcrJSGHUuA9jj4PGJnAA+F8952d8mOEbR6//AA=
Subject key identifier:   B8:B7:8D:DE:46:36:65:10:E8:FB:6F:81:F9:3D:21:96:68:E1:FA:75
Certificate issuer:       /CN=4c6af986b241d9d27ec724adfabf06d5d231793f
Certificate serial:       019B79114F5D36EC107FD4A4CA585D4E4FB5
Authority key identifier: 4C:6A:F9:86:B2:41:D9:D2:7E:C7:24:AD:FA:BF:06:D5:D2:31:79:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGr5hrJB2dJ-xySt-r8G1dIxeT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/uLeN3kY2ZRDo-2-B-T0hlmjh-nU.roa
Signing time:             Thu 01 Jan 2026 10:18:55 +0000
ROA not before:           Thu 01 Jan 2026 10:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        194.145.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/TGr5hrJB2dJ-xySt-r8G1dIxeT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/TGr5hrJB2dJ-xySt-r8G1dIxeT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGr5hrJB2dJ-xySt-r8G1dIxeT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:4f:5d:36:ec:10:7f:d4:a4:ca:58:5d:4e:4f:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c6af986b241d9d27ec724adfabf06d5d231793f
        Validity
            Not Before: Jan  1 10:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8b78dde46366510e8fb6f81f93d219668e1fa75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b8:65:83:27:a8:24:a1:0d:cc:61:02:6f:51:
                    99:a8:ab:18:dc:60:c3:54:d7:6c:f0:be:c3:8e:37:
                    b6:e0:82:40:de:a7:10:e6:19:b2:f0:59:4e:59:94:
                    c3:c6:15:50:9b:f0:0e:56:d0:3a:d8:3a:17:7e:db:
                    51:5c:3c:ce:df:9b:fa:61:76:de:ae:10:31:89:49:
                    d5:26:1e:61:4b:ec:ab:c0:b8:53:47:e7:21:c6:a1:
                    b3:31:91:b7:69:d9:d0:87:46:d9:a5:6b:7b:2f:af:
                    fd:85:e8:0f:ca:0b:c6:fc:63:dd:7d:d5:e9:91:84:
                    e3:90:9c:29:f5:e6:71:d1:73:b1:d6:ff:80:fc:4a:
                    d1:b6:71:9e:db:aa:82:95:0e:da:ee:4a:c8:94:b1:
                    cc:bc:ce:ae:03:52:26:c2:ee:78:d0:e8:b6:2e:be:
                    3f:50:3d:9e:b2:06:84:a0:40:c1:d5:4c:3a:fc:42:
                    2e:6d:59:8e:be:b8:3c:9b:81:11:19:bd:86:53:5e:
                    13:6e:ee:51:fe:46:ca:1b:47:11:6d:5a:f5:d3:36:
                    84:bc:52:d3:d7:f6:9f:ea:f4:80:04:ab:68:ec:23:
                    3f:79:db:d3:68:ec:3b:0e:76:b9:92:08:6a:eb:70:
                    08:3b:de:d6:78:0f:84:42:b4:7b:bd:cf:5d:be:da:
                    77:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B7:8D:DE:46:36:65:10:E8:FB:6F:81:F9:3D:21:96:68:E1:FA:75
            X509v3 Authority Key Identifier:
                keyid:4C:6A:F9:86:B2:41:D9:D2:7E:C7:24:AD:FA:BF:06:D5:D2:31:79:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGr5hrJB2dJ-xySt-r8G1dIxeT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/uLeN3kY2ZRDo-2-B-T0hlmjh-nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/dbc472-6e0a-411c-af8f-0888eb42744c/1/TGr5hrJB2dJ-xySt-r8G1dIxeT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:86:05:f9:45:2d:1d:7e:74:48:04:21:eb:04:68:ff:8c:f0:
         26:9f:63:93:7f:43:8f:e2:5b:a9:01:0c:e4:ac:83:c9:f8:82:
         fd:44:ff:78:ad:c3:f2:b1:6a:74:83:67:46:f3:f3:31:dc:1d:
         cc:d7:14:f4:e3:6f:b6:ec:68:e5:8f:ac:f3:58:2c:f5:bc:0b:
         9f:a7:6b:4a:03:7a:01:93:0d:d0:3e:df:ee:3d:5b:6d:fe:80:
         1e:4d:36:1a:d3:33:74:38:52:c9:4b:73:ee:ed:9c:16:4f:cf:
         98:81:5c:cf:b3:8e:e6:8f:be:d3:3f:c4:30:54:b2:8f:a5:5b:
         6f:41:48:4f:cf:ab:ad:62:cd:b7:d8:fc:02:57:0b:fd:a9:e1:
         3b:bc:8e:ed:95:cf:86:97:54:c8:3d:f2:93:06:09:93:00:79:
         fc:5a:37:64:ab:7b:b0:40:06:1f:cc:98:32:f3:37:8c:db:ba:
         49:16:07:2b:ac:9a:ea:1c:ec:8f:bf:fa:05:db:29:f8:d6:d1:
         d2:70:f3:85:5a:f0:d9:61:e2:19:14:2c:c8:b7:82:0c:a4:cc:
         60:14:31:ed:16:19:df:24:bf:9a:49:33:00:2f:d6:95:bf:fb:
         a3:5c:1f:94:f7:20:8e:28:aa:19:31:5b:20:b3:ed:04:ec:e5:
         27:f5:29:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EU9dNuwQf9SkylhdTk+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNmFmOTg2YjI0MWQ5ZDI3ZWM3MjRhZGZhYmYwNmQ1ZDIz
MTc5M2YwHhcNMjYwMTAxMTAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI3OGRkZTQ2MzY2NTEwZThmYjZmODFmOTNkMjE5NjY4ZTFmYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rhlgyeoJKENzGECb1GZqKsY3GDD
VNds8L7Djje24IJA3qcQ5hmy8FlOWZTDxhVQm/AOVtA62DoXfttRXDzO35v6YXbe
rhAxiUnVJh5hS+yrwLhTR+chxqGzMZG3adnQh0bZpWt7L6/9hegPygvG/GPdfdXp
kYTjkJwp9eZx0XOx1v+A/ErRtnGe26qClQ7a7krIlLHMvM6uA1Imwu540Oi2Lr4/
UD2esgaEoEDB1Uw6/EIubVmOvrg8m4ERGb2GU14Tbu5R/kbKG0cRbVr10zaEvFLT
1/af6vSABKto7CM/edvTaOw7Dna5kghq63AIO97WeA+EQrR7vc9dvtp3SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLi3jd5GNmUQ6Ptvgfk9IZZo4fp1MB8GA1UdIwQY
MBaAFExq+YayQdnSfsckrfq/BtXSMXk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdyNWhySkIyZEoteHlTdC1yOEcxZEl4ZVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9kYmM0NzItNmUwYS00MTFjLWFmOGYt
MDg4OGViNDI3NDRjLzEvdUxlTjNrWTJaUkRvLTItQi1UMGhsbWpoLW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9kYmM0NzItNmUwYS00MTFjLWFmOGYtMDg4OGViNDI3NDRj
LzEvVEdyNWhySkIyZEoteHlTdC1yOEcxZEl4ZVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpGgMA0G
CSqGSIb3DQEBCwUAA4IBAQB3hgX5RS0dfnRIBCHrBGj/jPAmn2OTf0OP4lupAQzk
rIPJ+IL9RP94rcPysWp0g2dG8/Mx3B3M1xT042+27Gjlj6zzWCz1vAufp2tKA3oB
kw3QPt/uPVtt/oAeTTYa0zN0OFLJS3Pu7ZwWT8+YgVzPs47mj77TP8QwVLKPpVtv
QUhPz6utYs232PwCVwv9qeE7vI7tlc+Gl1TIPfKTBgmTAHn8Wjdkq3uwQAYfzJgy
8zeM27pJFgcrrJrqHOyPv/oF2yn41tHScPOFWvDZYeIZFCzIt4IMpMxgFDHtFhnf
JL+aSTMAL9aVv/ujXB+U9yCOKKoZMVsgs+0E7OUn9Sn8
-----END CERTIFICATE-----