This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/4h5jFmUAHogYMzFmPzLef51aEOo.roa
File:                     4h5jFmUAHogYMzFmPzLef51aEOo.roa (raw, json)
Hash identifier:          +Vnh/sN48kb2A3UtpPAdLkn1qR/raYPxhCm9aIXa9vk=
Subject key identifier:   E2:1E:63:16:65:00:1E:88:18:33:31:66:3F:32:DE:7F:9D:5A:10:EA
Certificate issuer:       /CN=fad0fb39d6b11fd15fcbb4163403155d1d455c05
Certificate serial:       019B7D5C5572F5DA854BA8B34AA90C6CEA58
Authority key identifier: FA:D0:FB:39:D6:B1:1F:D1:5F:CB:B4:16:34:03:15:5D:1D:45:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/4h5jFmUAHogYMzFmPzLef51aEOo.roa
Signing time:             Fri 02 Jan 2026 06:19:21 +0000
ROA not before:           Fri 02 Jan 2026 06:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205685
IP address blocks:        185.209.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:55:72:f5:da:85:4b:a8:b3:4a:a9:0c:6c:ea:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad0fb39d6b11fd15fcbb4163403155d1d455c05
        Validity
            Not Before: Jan  2 06:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e21e631665001e88183331663f32de7f9d5a10ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:56:54:b5:da:6e:2f:81:e4:50:1b:ca:3d:
                    71:1f:22:90:cb:8f:9f:f4:11:ed:bd:0e:fa:e1:f5:
                    4c:65:61:a2:dd:39:31:d0:d7:0e:db:23:a8:81:99:
                    10:dd:c7:86:b1:9a:1a:c3:e1:c9:17:9f:e2:a7:03:
                    29:24:ae:3a:5a:0d:dc:ff:27:5d:20:30:da:82:e7:
                    c1:3c:fa:f5:d9:3e:20:04:24:81:d2:f5:d5:e6:ce:
                    fd:e1:27:2b:27:31:59:d8:a7:71:f8:af:f6:35:38:
                    d0:5c:c6:79:24:62:a8:d1:34:d6:a1:9d:d1:9d:f4:
                    0a:7b:c6:fd:a0:64:94:90:0a:f0:db:06:ac:d1:e4:
                    0a:c2:45:02:12:c1:6f:b2:fd:19:5f:62:0a:30:94:
                    36:db:8b:13:0b:f6:ed:d7:a8:35:3c:c4:b2:02:eb:
                    a3:21:e4:bc:30:0e:0d:59:32:19:52:ce:22:3b:4a:
                    87:d6:e8:33:fb:07:bd:93:de:6a:d4:63:70:c0:50:
                    fd:5c:2a:2f:3a:c8:81:90:f9:d6:b4:38:6f:7f:bf:
                    98:bc:b8:ea:5d:31:26:9c:f6:7f:4f:43:e5:d0:e7:
                    24:3e:2b:5a:ad:6f:23:75:3d:82:cf:de:2a:08:43:
                    0b:c3:0b:c5:7d:c6:db:fa:a1:9a:d5:4d:e2:b7:d1:
                    fd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1E:63:16:65:00:1E:88:18:33:31:66:3F:32:DE:7F:9D:5A:10:EA
            X509v3 Authority Key Identifier:
                keyid:FA:D0:FB:39:D6:B1:1F:D1:5F:CB:B4:16:34:03:15:5D:1D:45:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/4h5jFmUAHogYMzFmPzLef51aEOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/304e3d-1f0e-44eb-b2c1-e792f89cbce2/1/1-tD7OdaxH9Ffy7QWNAMVXR1FXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:2a:1e:cd:05:85:f2:52:9f:91:9d:7f:13:d2:67:46:43:b1:
         23:9e:ad:ff:63:e3:2e:e8:07:fb:94:a5:ef:dc:9e:df:54:98:
         6c:13:9b:f6:80:eb:18:57:64:b8:14:f1:ea:9f:84:fc:72:b6:
         87:e7:b1:a3:3b:5f:da:67:90:54:58:c2:b1:9f:cf:79:40:b9:
         ab:3b:fd:9b:84:8b:89:cd:ae:db:2f:4f:8f:74:b8:50:e3:43:
         c7:f5:0f:69:e8:90:59:73:88:52:a1:b8:1d:31:02:58:c1:1a:
         24:2e:78:ec:e6:71:f0:59:37:6b:98:95:f6:6e:0e:86:64:1b:
         73:33:2a:e8:37:4b:40:fe:f9:fa:43:18:7d:a8:07:e1:3e:b1:
         ca:48:6f:b7:4a:14:e8:ed:d5:35:3e:fd:9d:da:d4:63:5e:b3:
         00:5f:82:88:2c:4a:7b:8f:72:63:84:85:35:24:58:8a:ee:5f:
         6b:43:8a:9a:3a:c2:6f:57:ae:6c:df:bb:80:aa:83:d2:8b:62:
         c8:74:f5:6d:df:df:c5:d1:9c:f3:45:69:a7:a1:d3:b5:63:12:
         a4:ab:b5:86:8c:be:da:f3:0e:b4:64:42:e2:16:13:82:14:de:
         31:37:ce:d3:71:74:b4:d5:06:b9:1a:36:39:fc:56:2f:21:95:
         a9:be:1d:9a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9XFVy9dqFS6izSqkMbOpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDBmYjM5ZDZiMTFmZDE1ZmNiYjQxNjM0MDMxNTVkMWQ0
NTVjMDUwHhcNMjYwMTAyMDYxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFlNjMxNjY1MDAxZTg4MTgzMzMxNjYzZjMyZGU3ZjlkNWExMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsilWVLXabi+B5FAbyj1xHyKQy4+f
9BHtvQ764fVMZWGi3Tkx0NcO2yOogZkQ3ceGsZoaw+HJF5/ipwMpJK46Wg3c/ydd
IDDagufBPPr12T4gBCSB0vXV5s794ScrJzFZ2Kdx+K/2NTjQXMZ5JGKo0TTWoZ3R
nfQKe8b9oGSUkArw2was0eQKwkUCEsFvsv0ZX2IKMJQ224sTC/bt16g1PMSyAuuj
IeS8MA4NWTIZUs4iO0qH1ugz+we9k95q1GNwwFD9XCovOsiBkPnWtDhvf7+YvLjq
XTEmnPZ/T0Pl0OckPitarW8jdT2Cz94qCEMLwwvFfcbb+qGa1U3it9H94wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOIeYxZlAB6IGDMxZj8y3n+dWhDqMB8GA1UdIwQY
MBaAFPrQ+znWsR/RX8u0FjQDFV0dRVwFMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10RDdPZGF4SDlGZnk3UVdOQU1WWFIxRlhBVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMzA0ZTNkLTFmMGUtNDRlYi1iMmMx
LWU3OTJmODljYmNlMi8xLzRoNWpGbVVBSG9nWU16Rm1QekxlZjUxYUVPby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMzA0ZTNkLTFmMGUtNDRlYi1iMmMxLWU3OTJmODljYmNl
Mi8xLzEtdEQ3T2RheEg5RmZ5N1FXTkFNVlhSMUZYQVUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG50UQw
DQYJKoZIhvcNAQELBQADggEBAA0qHs0FhfJSn5GdfxPSZ0ZDsSOerf9j4y7oB/uU
pe/cnt9UmGwTm/aA6xhXZLgU8eqfhPxytofnsaM7X9pnkFRYwrGfz3lAuas7/ZuE
i4nNrtsvT490uFDjQ8f1D2nokFlziFKhuB0xAljBGiQueOzmcfBZN2uYlfZuDoZk
G3MzKug3S0D++fpDGH2oB+E+scpIb7dKFOjt1TU+/Z3a1GNeswBfgogsSnuPcmOE
hTUkWIruX2tDipo6wm9Xrmzfu4Cqg9KLYsh09W3f38XRnPNFaaeh07VjEqSrtYaM
vtrzDrRkQuIWE4IU3jE3ztNxdLTVBrkaNjn8Vi8hlam+HZo=
-----END CERTIFICATE-----