This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Rh1E5qxMlmiIy0iHzMFcbx-ILCY.roa
File:                     Rh1E5qxMlmiIy0iHzMFcbx-ILCY.roa (raw, json)
Hash identifier:          l7nvXUR6ZjHVsyeZWx0Ki3Tb8P2diCAcOJlZGejmDxA=
Subject key identifier:   46:1D:44:E6:AC:4C:96:68:88:CB:48:87:CC:C1:5C:6F:1F:88:2C:26
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019B79EC4CAEF9A3368941379669EFEC2B20
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Rh1E5qxMlmiIy0iHzMFcbx-ILCY.roa
Signing time:             Thu 01 Jan 2026 14:18:07 +0000
ROA not before:           Thu 01 Jan 2026 14:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214767
IP address blocks:        194.140.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:4c:ae:f9:a3:36:89:41:37:96:69:ef:ec:2b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 14:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=461d44e6ac4c966888cb4887ccc15c6f1f882c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:e8:f3:03:c1:b5:43:d0:6b:a7:df:4f:61:
                    0b:dd:6e:d5:22:b9:b4:6f:9b:1d:ed:c9:fa:b1:79:
                    ca:15:4d:f8:21:63:74:a5:f6:71:71:98:12:b7:71:
                    2a:72:10:bd:94:ed:80:6f:a3:ca:12:08:42:3d:d5:
                    0c:dd:94:a5:f7:d7:c0:5d:7c:f5:8b:2b:74:e2:32:
                    48:f6:64:59:4f:e6:89:d6:45:ce:1f:be:0c:22:4f:
                    ea:e7:d4:f8:96:03:ee:82:97:c3:e3:b7:3f:65:fa:
                    97:b7:8c:09:6d:84:f0:d4:88:6d:12:03:c6:ef:0c:
                    64:28:4e:1e:18:ec:89:f8:93:b7:44:c2:fa:9c:73:
                    ac:f1:69:b9:9a:04:5b:af:39:b5:ff:97:99:48:20:
                    6e:e4:f7:f4:b5:cf:70:e2:f7:dc:de:15:c3:3d:6b:
                    52:b7:0c:bb:be:a3:90:39:15:15:b7:ae:64:94:5d:
                    62:5b:6c:b9:f6:9a:6e:ee:ec:61:bc:54:63:d8:75:
                    ff:f9:7d:82:47:7a:ae:d5:ae:88:0d:7f:e6:f0:44:
                    b5:ea:07:d1:cf:5d:20:15:cb:93:30:a0:26:d7:ad:
                    a2:fa:dd:83:ae:14:9a:ea:8f:71:e4:64:ca:a6:95:
                    c1:53:f3:00:28:3c:d8:0b:19:81:b9:5c:5a:02:a1:
                    b1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1D:44:E6:AC:4C:96:68:88:CB:48:87:CC:C1:5C:6F:1F:88:2C:26
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Rh1E5qxMlmiIy0iHzMFcbx-ILCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:a7:5e:e2:2d:a1:b6:d0:1e:ad:b1:a9:1a:f1:9c:ba:1d:d7:
         c2:5b:b3:53:5e:43:93:3c:c1:12:97:f6:aa:25:43:8f:3c:b8:
         31:be:56:92:9b:c3:aa:27:12:ed:52:0b:23:f3:20:48:ed:9b:
         60:0b:fa:58:77:e0:ca:12:df:ee:c3:b9:45:e5:47:6b:bc:d7:
         4b:c2:94:77:6f:9a:cd:a9:20:59:1c:ba:12:aa:84:c1:08:19:
         b3:35:93:6f:a4:3f:f5:9b:cb:1e:f8:9d:98:a7:ef:ae:2a:4d:
         4f:ab:f5:71:73:07:79:28:75:6a:98:39:d3:c7:d0:f4:75:72:
         18:5c:91:69:8e:85:20:b3:40:ba:33:fe:a8:42:66:a9:53:5b:
         be:41:9b:e6:08:36:b2:09:75:4d:08:0b:0a:f9:02:c1:1a:27:
         64:31:6c:9f:67:ad:ea:6f:da:f6:21:eb:2c:25:53:7c:d1:4f:
         80:9a:97:cd:2e:42:bb:82:81:61:0f:e9:39:36:e2:cb:9b:76:
         46:0d:b1:16:b6:d0:00:a2:6a:f8:64:12:25:48:dd:1b:fe:e4:
         06:dc:4a:74:17:e3:15:81:17:73:54:d3:8d:96:01:b3:74:fe:
         92:06:8e:b1:ee:52:e6:5a:72:d2:bc:90:33:bc:dd:70:f4:4d:
         46:21:19:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Eyu+aM2iUE3lmnv7CsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjYwMTAxMTQxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFkNDRlNmFjNGM5NjY4ODhjYjQ4ODdjY2MxNWM2ZjFmODgyYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIzo8wPBtUPQa6ffT2EL3W7VIrm0
b5sd7cn6sXnKFU34IWN0pfZxcZgSt3EqchC9lO2Ab6PKEghCPdUM3ZSl99fAXXz1
iyt04jJI9mRZT+aJ1kXOH74MIk/q59T4lgPugpfD47c/ZfqXt4wJbYTw1IhtEgPG
7wxkKE4eGOyJ+JO3RML6nHOs8Wm5mgRbrzm1/5eZSCBu5Pf0tc9w4vfc3hXDPWtS
twy7vqOQORUVt65klF1iW2y59ppu7uxhvFRj2HX/+X2CR3qu1a6IDX/m8ES16gfR
z10gFcuTMKAm162i+t2DrhSa6o9x5GTKppXBU/MAKDzYCxmBuVxaAqGxXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYdROasTJZoiMtIh8zBXG8fiCwmMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvUmgxRTVxeE1sbWlJeTBpSHpNRmNieC1JTENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwozkMA0G
CSqGSIb3DQEBCwUAA4IBAQC4p17iLaG20B6tsaka8Zy6HdfCW7NTXkOTPMESl/aq
JUOPPLgxvlaSm8OqJxLtUgsj8yBI7ZtgC/pYd+DKEt/uw7lF5UdrvNdLwpR3b5rN
qSBZHLoSqoTBCBmzNZNvpD/1m8se+J2Yp++uKk1Pq/Vxcwd5KHVqmDnTx9D0dXIY
XJFpjoUgs0C6M/6oQmapU1u+QZvmCDayCXVNCAsK+QLBGidkMWyfZ63qb9r2Iess
JVN80U+AmpfNLkK7goFhD+k5NuLLm3ZGDbEWttAAomr4ZBIlSN0b/uQG3Ep0F+MV
gRdzVNONlgGzdP6SBo6x7lLmWnLSvJAzvN1w9E1GIRnm
-----END CERTIFICATE-----