This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/ChsrIe_cFwpAiazbN6fxpmLK7t4.roa
File:                     ChsrIe_cFwpAiazbN6fxpmLK7t4.roa (raw, json)
Hash identifier:          LuQhPrdzKvZLID91e7AArGX99lU+Hh7zxpmaut21ffs=
Subject key identifier:   0A:1B:2B:21:EF:DC:17:0A:40:89:AC:DB:37:A7:F1:A6:62:CA:EE:DE
Certificate issuer:       /CN=de286d03a373bd689ef04610a1c8ad8473ebddad
Certificate serial:       019B78A299940FEF65AC002FCBFF7C5008ED
Authority key identifier: DE:28:6D:03:A3:73:BD:68:9E:F0:46:10:A1:C8:AD:84:73:EB:DD:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ihtA6NzvWie8EYQocithHPr3a0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/ChsrIe_cFwpAiazbN6fxpmLK7t4.roa
Signing time:             Thu 01 Jan 2026 08:18:00 +0000
ROA not before:           Thu 01 Jan 2026 08:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201679
IP address blocks:        185.64.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/3ihtA6NzvWie8EYQocithHPr3a0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/3ihtA6NzvWie8EYQocithHPr3a0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ihtA6NzvWie8EYQocithHPr3a0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:99:94:0f:ef:65:ac:00:2f:cb:ff:7c:50:08:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de286d03a373bd689ef04610a1c8ad8473ebddad
        Validity
            Not Before: Jan  1 08:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a1b2b21efdc170a4089acdb37a7f1a662caeede
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:23:aa:2a:16:e2:ea:aa:89:59:82:03:d4:6e:
                    da:03:0f:0e:c9:55:7a:ae:98:07:76:a9:93:e8:ee:
                    0d:00:66:9f:13:c9:fe:e3:44:a5:ec:89:c5:81:5b:
                    81:03:bb:e6:50:cd:ef:c7:9b:92:4c:f0:11:b3:48:
                    ad:32:10:a7:55:41:fe:39:2e:ea:92:7d:07:de:d6:
                    2b:22:d1:48:71:59:b9:fc:12:c2:5e:1a:59:d2:e1:
                    48:a2:2a:69:e9:eb:79:d0:b3:62:0d:86:92:0b:54:
                    ab:d8:97:70:4e:d5:34:57:ce:d3:ee:82:1e:d6:1d:
                    a9:8a:60:64:5b:26:23:83:e1:f8:a9:b6:c2:6f:8b:
                    bf:20:a1:ad:a1:c8:ad:34:74:df:7c:e7:33:62:f1:
                    60:1d:cf:bd:96:fd:4d:3d:6a:46:63:66:73:16:f6:
                    33:87:be:10:1b:e8:31:9a:e0:55:0b:5b:a6:f4:56:
                    b4:52:11:3a:24:5c:e8:42:c7:70:3c:0f:45:03:9f:
                    64:11:3b:4a:15:c0:bc:51:75:a3:b1:a6:02:4a:48:
                    42:f1:d7:c6:84:aa:78:44:76:8d:d9:45:08:66:45:
                    ec:9e:3d:de:45:3c:8c:cc:4f:51:76:dd:78:d2:01:
                    fa:b9:08:06:4e:8b:ef:74:2d:39:b2:f0:69:6e:13:
                    4f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1B:2B:21:EF:DC:17:0A:40:89:AC:DB:37:A7:F1:A6:62:CA:EE:DE
            X509v3 Authority Key Identifier:
                keyid:DE:28:6D:03:A3:73:BD:68:9E:F0:46:10:A1:C8:AD:84:73:EB:DD:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ihtA6NzvWie8EYQocithHPr3a0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/ChsrIe_cFwpAiazbN6fxpmLK7t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/dbef17-9bb8-46bc-9343-cadf0ca1dd0d/1/3ihtA6NzvWie8EYQocithHPr3a0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:f6:95:29:18:78:bc:b8:4a:a3:eb:e5:d7:97:bc:4c:da:87:
         30:58:87:49:c6:fc:25:96:44:87:bf:fd:89:88:34:58:42:3d:
         ab:5d:51:77:3f:e6:2d:7c:59:80:78:07:69:5f:cf:0f:ab:fb:
         e1:7b:bd:e3:02:c9:af:61:8a:f5:43:2c:2a:66:60:d3:b0:02:
         d9:1d:91:52:d2:9c:75:50:e2:3d:ea:d6:b8:fd:78:5f:1e:86:
         8f:99:d7:b7:ff:9a:ce:4a:28:6e:e1:12:38:2c:3d:22:72:75:
         92:f4:4b:21:43:40:7f:54:5e:b5:78:d5:cc:71:32:72:bd:91:
         42:58:92:ad:8d:20:c5:f7:30:0a:0f:28:e3:98:1c:04:39:fc:
         de:06:8a:b6:e1:75:80:c8:76:78:70:7c:01:37:b1:7f:21:fe:
         74:9d:74:36:8d:21:96:54:e7:83:1c:66:53:b6:02:8b:12:7f:
         e2:69:38:96:67:60:06:e2:15:58:a6:25:77:5d:36:c4:e1:09:
         4d:12:86:b1:5c:8b:38:29:cb:d9:24:d0:a5:ae:1a:b0:f9:68:
         76:9e:e1:df:46:07:4a:5e:2d:b1:0a:c1:eb:eb:22:74:8b:2f:
         9b:50:a6:ff:69:22:2a:46:c4:16:26:c2:0f:70:12:4a:e1:df:
         c3:85:98:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4opmUD+9lrAAvy/98UAjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMjg2ZDAzYTM3M2JkNjg5ZWYwNDYxMGExYzhhZDg0NzNl
YmRkYWQwHhcNMjYwMTAxMDgxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTFiMmIyMWVmZGMxNzBhNDA4OWFjZGIzN2E3ZjFhNjYyY2FlZWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3COqKhbi6qqJWYID1G7aAw8OyVV6
rpgHdqmT6O4NAGafE8n+40Sl7InFgVuBA7vmUM3vx5uSTPARs0itMhCnVUH+OS7q
kn0H3tYrItFIcVm5/BLCXhpZ0uFIoipp6et50LNiDYaSC1Sr2JdwTtU0V87T7oIe
1h2pimBkWyYjg+H4qbbCb4u/IKGtocitNHTffOczYvFgHc+9lv1NPWpGY2ZzFvYz
h74QG+gxmuBVC1um9Fa0UhE6JFzoQsdwPA9FA59kETtKFcC8UXWjsaYCSkhC8dfG
hKp4RHaN2UUIZkXsnj3eRTyMzE9Rdt140gH6uQgGTovvdC05svBpbhNPbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAobKyHv3BcKQIms2zen8aZiyu7eMB8GA1UdIwQY
MBaAFN4obQOjc71onvBGEKHIrYRz692tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2lodEE2Tnp2V2llOEVZUW9jaXRoSFByM2EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kYmVmMTctOWJiOC00NmJjLTkzNDMt
Y2FkZjBjYTFkZDBkLzEvQ2hzckllX2NGd3BBaWF6Yk42ZnhwbUxLN3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kYmVmMTctOWJiOC00NmJjLTkzNDMtY2FkZjBjYTFkZDBk
LzEvM2lodEE2Tnp2V2llOEVZUW9jaXRoSFByM2EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUCEMA0G
CSqGSIb3DQEBCwUAA4IBAQAM9pUpGHi8uEqj6+XXl7xM2ocwWIdJxvwllkSHv/2J
iDRYQj2rXVF3P+YtfFmAeAdpX88Pq/vhe73jAsmvYYr1QywqZmDTsALZHZFS0px1
UOI96ta4/XhfHoaPmde3/5rOSihu4RI4LD0icnWS9EshQ0B/VF61eNXMcTJyvZFC
WJKtjSDF9zAKDyjjmBwEOfzeBoq24XWAyHZ4cHwBN7F/If50nXQ2jSGWVOeDHGZT
tgKLEn/iaTiWZ2AG4hVYpiV3XTbE4QlNEoaxXIs4KcvZJNClrhqw+Wh2nuHfRgdK
Xi2xCsHr6yJ0iy+bUKb/aSIqRsQWJsIPcBJK4d/DhZiB
-----END CERTIFICATE-----