This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/a5gV2iTHliPR8LhFYU-KK7QJJvE.roa
File:                     a5gV2iTHliPR8LhFYU-KK7QJJvE.roa (raw, json)
Hash identifier:          Wf9B8UaHcibkRfA0zFpN6M9JgI+cnQ8hTvGPe2+Coc4=
Subject key identifier:   6B:98:15:DA:24:C7:96:23:D1:F0:B8:45:61:4F:8A:2B:B4:09:26:F1
Certificate issuer:       /CN=960dd7cdce588bdaa2b7a8cb056d4db016701532
Certificate serial:       019B7B3698218E8A9A4B7F3DF810E557661C
Authority key identifier: 96:0D:D7:CD:CE:58:8B:DA:A2:B7:A8:CB:05:6D:4D:B0:16:70:15:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/a5gV2iTHliPR8LhFYU-KK7QJJvE.roa
Signing time:             Thu 01 Jan 2026 20:18:53 +0000
ROA not before:           Thu 01 Jan 2026 20:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41432
IP address blocks:        193.164.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:98:21:8e:8a:9a:4b:7f:3d:f8:10:e5:57:66:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=960dd7cdce588bdaa2b7a8cb056d4db016701532
        Validity
            Not Before: Jan  1 20:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b9815da24c79623d1f0b845614f8a2bb40926f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a5:15:56:c4:1a:df:b5:8f:74:c7:da:1a:98:
                    92:65:4e:f8:99:cb:6f:1a:8e:c5:3c:5e:fc:63:01:
                    66:dc:0c:4a:fa:06:be:68:5d:35:cd:bb:1f:18:c6:
                    ed:76:7b:74:4b:34:53:b6:c9:64:0d:fc:75:68:13:
                    9c:47:a2:e4:d6:03:ed:9a:8e:3c:e6:d7:39:8f:0c:
                    59:32:61:d3:99:29:38:4c:1d:33:2c:ad:48:20:b1:
                    bc:d6:3d:82:94:e9:58:a6:75:8d:e7:96:9f:9a:bd:
                    2c:11:a7:31:8b:b7:46:34:38:42:b9:ab:2c:64:79:
                    2c:fe:7d:6f:6a:38:2e:45:fd:ad:a7:e3:cf:71:29:
                    2b:04:83:81:89:82:dc:ba:98:66:a0:fc:61:38:6b:
                    d4:c6:58:c5:1f:b4:13:ad:db:6a:a1:5f:61:83:00:
                    82:0b:7d:ac:7b:42:61:77:59:95:67:61:76:43:db:
                    b2:28:6a:8a:7e:6e:55:74:fe:04:56:9c:f4:77:38:
                    14:18:b3:57:7f:fd:16:ba:c6:ef:a1:e6:d2:7a:1e:
                    5d:67:bf:b3:f7:80:6c:53:4d:6f:73:86:b1:22:ef:
                    7f:cb:03:eb:75:a4:3b:5e:ec:b1:48:ca:1e:65:bf:
                    10:e1:d3:47:4b:79:34:a1:da:e8:7b:b3:b9:62:f5:
                    c0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:98:15:DA:24:C7:96:23:D1:F0:B8:45:61:4F:8A:2B:B4:09:26:F1
            X509v3 Authority Key Identifier:
                keyid:96:0D:D7:CD:CE:58:8B:DA:A2:B7:A8:CB:05:6D:4D:B0:16:70:15:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/a5gV2iTHliPR8LhFYU-KK7QJJvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d31230-cbdc-42c1-8732-902ff17bc494/1/lg3Xzc5Yi9qit6jLBW1NsBZwFTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:eb:40:90:07:d9:c0:83:4e:b1:3c:ad:a9:d9:77:e3:ec:db:
         90:5f:2e:48:47:86:96:17:40:55:3a:58:d4:bf:03:81:55:a1:
         1c:65:e5:b0:64:a5:d8:6a:ae:06:a6:c0:be:f8:10:18:8b:39:
         6f:ea:78:42:d7:b1:5d:0f:89:24:af:b8:d0:32:10:ba:b9:18:
         a0:b0:70:2b:88:e3:af:6f:aa:4d:cc:4a:36:a1:fb:69:bb:18:
         62:11:1b:77:e8:09:dd:fb:1a:25:4d:17:86:f3:e6:09:dc:01:
         5f:d8:c6:c8:d0:95:4a:09:71:7e:f9:01:cb:77:c4:48:b5:e3:
         02:9e:32:a5:ff:a9:0d:f6:32:cb:ad:ca:98:67:4e:d5:7a:72:
         e2:03:37:7c:48:ec:29:1a:6a:b0:da:9d:95:23:b9:77:2f:11:
         4e:96:3f:f3:45:18:ec:dc:4e:39:08:cf:ca:6f:a6:3f:4b:71:
         94:53:29:ea:e1:60:5b:52:72:8d:34:4a:08:40:9b:70:61:48:
         9a:77:ac:a1:0d:a6:4c:2b:8f:be:7e:4e:f6:68:b6:da:fd:7b:
         a7:7b:78:b7:a4:3a:66:a8:c1:26:3b:ef:16:88:b7:e3:ac:8d:
         e5:80:6e:1b:31:35:be:c0:90:7e:ee:3b:a0:d3:7e:e6:f5:7f:
         d0:41:26:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NpghjoqaS389+BDlV2YcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MGRkN2NkY2U1ODhiZGFhMmI3YThjYjA1NmQ0ZGIwMTY3
MDE1MzIwHhcNMjYwMTAxMjAxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjk4MTVkYTI0Yzc5NjIzZDFmMGI4NDU2MTRmOGEyYmI0MDkyNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6UVVsQa37WPdMfaGpiSZU74mctv
Go7FPF78YwFm3AxK+ga+aF01zbsfGMbtdnt0SzRTtslkDfx1aBOcR6Lk1gPtmo48
5tc5jwxZMmHTmSk4TB0zLK1IILG81j2ClOlYpnWN55afmr0sEacxi7dGNDhCuass
ZHks/n1vajguRf2tp+PPcSkrBIOBiYLcuphmoPxhOGvUxljFH7QTrdtqoV9hgwCC
C32se0Jhd1mVZ2F2Q9uyKGqKfm5VdP4EVpz0dzgUGLNXf/0WusbvoebSeh5dZ7+z
94BsU01vc4axIu9/ywPrdaQ7XuyxSMoeZb8Q4dNHS3k0odroe7O5YvXAiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuYFdokx5Yj0fC4RWFPiiu0CSbxMB8GA1UdIwQY
MBaAFJYN183OWIvaoreoywVtTbAWcBUyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGczWHpjNVlpOXFpdDZqTEJXMU5zQlp3RlRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMzEyMzAtY2JkYy00MmMxLTg3MzIt
OTAyZmYxN2JjNDk0LzEvYTVnVjJpVEhsaVBSOExoRllVLUtLN1FKSnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMzEyMzAtY2JkYy00MmMxLTg3MzItOTAyZmYxN2JjNDk0
LzEvbGczWHpjNVlpOXFpdDZqTEJXMU5zQlp3RlRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaSIMA0G
CSqGSIb3DQEBCwUAA4IBAQB+60CQB9nAg06xPK2p2Xfj7NuQXy5IR4aWF0BVOljU
vwOBVaEcZeWwZKXYaq4GpsC++BAYizlv6nhC17FdD4kkr7jQMhC6uRigsHAriOOv
b6pNzEo2oftpuxhiERt36And+xolTReG8+YJ3AFf2MbI0JVKCXF++QHLd8RIteMC
njKl/6kN9jLLrcqYZ07VenLiAzd8SOwpGmqw2p2VI7l3LxFOlj/zRRjs3E45CM/K
b6Y/S3GUUynq4WBbUnKNNEoIQJtwYUiad6yhDaZMK4++fk72aLba/Xune3i3pDpm
qMEmO+8WiLfjrI3lgG4bMTW+wJB+7jug037m9X/QQSbK
-----END CERTIFICATE-----