This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/sICtzvgHOfjE61zPkmdaObhuF_w.roa
File:                     sICtzvgHOfjE61zPkmdaObhuF_w.roa (raw, json)
Hash identifier:          yLzVc8wYL4bjob1Nz0UNQRkDAIOchQwZ/HOQ+w5x5Ik=
Subject key identifier:   B0:80:AD:CE:F8:07:39:F8:C4:EB:5C:CF:92:67:5A:39:B8:6E:17:FC
Certificate issuer:       /CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
Certificate serial:       019B7C80D05686B1864621D0789D4463760A
Authority key identifier: BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/sICtzvgHOfjE61zPkmdaObhuF_w.roa
Signing time:             Fri 02 Jan 2026 02:19:35 +0000
ROA not before:           Fri 02 Jan 2026 02:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25111
IP address blocks:        194.0.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:d0:56:86:b1:86:46:21:d0:78:9d:44:63:76:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
        Validity
            Not Before: Jan  2 02:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b080adcef80739f8c4eb5ccf92675a39b86e17fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:dc:fc:cf:83:43:12:35:e1:b0:3c:c3:2c:46:
                    90:91:f1:3d:55:71:4f:72:ba:71:b1:af:29:dd:97:
                    a2:cf:9c:e1:06:30:b5:eb:71:13:9d:bf:5e:98:5c:
                    fa:32:51:d2:d1:0e:ed:19:ec:62:3b:1c:d3:25:89:
                    e9:1d:be:25:ae:4a:24:7b:d5:b3:e5:83:7e:b4:64:
                    50:c2:09:27:bd:a2:0b:0e:dd:4f:7f:cb:7e:af:5a:
                    e0:78:0e:d2:a6:e0:38:5d:74:ca:17:b1:f1:c2:48:
                    fb:ff:e1:39:77:8a:08:8c:48:46:76:ee:a6:ec:65:
                    b3:6c:63:52:c8:c4:50:3a:0e:4e:8d:ce:cf:9d:a2:
                    f4:cb:5e:4d:1d:d4:e0:37:47:bb:70:fd:1a:d5:5d:
                    19:3c:b1:72:e3:9a:b9:63:f3:df:d3:02:f4:2e:12:
                    15:a2:16:79:f4:75:26:4f:bb:47:5d:41:21:d2:49:
                    f6:9b:95:d4:1c:e6:f4:30:3d:4f:4b:d3:e1:8e:b4:
                    cb:59:d8:a1:6b:ed:cd:24:a8:39:97:77:27:35:04:
                    7c:86:7f:8b:c5:ea:8c:97:bc:65:3f:81:8b:fb:7e:
                    4a:15:03:4e:d1:b1:94:21:6d:15:24:c6:a9:79:64:
                    72:fc:b9:f4:2f:38:66:34:d4:a7:a7:77:5c:fb:57:
                    f1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:80:AD:CE:F8:07:39:F8:C4:EB:5C:CF:92:67:5A:39:B8:6E:17:FC
            X509v3 Authority Key Identifier:
                keyid:BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/sICtzvgHOfjE61zPkmdaObhuF_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:89:e8:05:8b:75:b5:70:a0:34:a6:e9:f1:30:62:02:05:79:
         6d:16:48:02:9f:23:ff:2f:28:0b:ca:e2:2a:ce:14:cd:cf:85:
         9f:db:92:b7:b8:9b:fd:e9:03:8e:28:46:00:4b:96:6a:d4:d4:
         d3:8b:d5:19:05:e2:ae:53:5a:22:10:40:5f:df:6b:41:c2:09:
         73:10:b6:60:2b:d8:ea:d7:4d:77:4a:a3:b0:6d:af:d8:7b:c3:
         1c:1b:ce:60:6a:cc:20:0d:43:a4:5a:c9:d1:77:37:bb:6b:25:
         25:f8:70:7c:ce:33:62:4c:d4:ac:28:e7:96:76:26:8b:be:02:
         18:f3:b4:4f:54:22:df:68:c7:f9:cb:4e:f8:9d:85:55:0c:04:
         8d:46:f9:59:c2:db:c0:b7:39:0c:a7:8f:bb:61:81:28:45:71:
         c8:c1:9c:8f:cd:53:7d:6b:bc:d5:d6:69:d6:9b:a6:94:62:cd:
         3f:20:32:e5:02:9e:d4:b0:af:c8:c4:56:63:a8:d7:7a:8e:73:
         52:d0:a4:14:82:05:2a:3b:a3:9c:a6:57:f8:7d:95:f8:5c:19:
         5a:16:e1:f8:c5:30:fd:b9:f6:fa:3e:41:02:6d:f3:5a:77:e3:
         c8:f7:15:0b:1b:c8:1c:69:41:a1:8e:f6:b8:43:d1:d1:7d:0c:
         11:6a:ca:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gNBWhrGGRiHQeJ1EY3YKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNWI2NTE3OTExMTlmOGViYWEzYmUyNmYxYzc1NmI4NjMw
OWJlOGUwHhcNMjYwMTAyMDIxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDgwYWRjZWY4MDczOWY4YzRlYjVjY2Y5MjY3NWEzOWI4NmUxN2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9z8z4NDEjXhsDzDLEaQkfE9VXFP
crpxsa8p3Zeiz5zhBjC163ETnb9emFz6MlHS0Q7tGexiOxzTJYnpHb4lrkoke9Wz
5YN+tGRQwgknvaILDt1Pf8t+r1rgeA7SpuA4XXTKF7Hxwkj7/+E5d4oIjEhGdu6m
7GWzbGNSyMRQOg5Ojc7PnaL0y15NHdTgN0e7cP0a1V0ZPLFy45q5Y/Pf0wL0LhIV
ohZ59HUmT7tHXUEh0kn2m5XUHOb0MD1PS9PhjrTLWdiha+3NJKg5l3cnNQR8hn+L
xeqMl7xlP4GL+35KFQNO0bGUIW0VJMapeWRy/Ln0LzhmNNSnp3dc+1fx2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCArc74Bzn4xOtcz5JnWjm4bhf8MB8GA1UdIwQY
MBaAFLpbZReREZ+OuqO+JvHHVrhjCb6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQt
MTk2ZjhmMDY0ZWU0LzEvc0lDdHp2Z0hPZmpFNjF6UGttZGFPYmh1Rl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQtMTk2ZjhmMDY0ZWU0
LzEvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCGMA0G
CSqGSIb3DQEBCwUAA4IBAQBBiegFi3W1cKA0punxMGICBXltFkgCnyP/LygLyuIq
zhTNz4Wf25K3uJv96QOOKEYAS5Zq1NTTi9UZBeKuU1oiEEBf32tBwglzELZgK9jq
1013SqOwba/Ye8McG85gaswgDUOkWsnRdze7ayUl+HB8zjNiTNSsKOeWdiaLvgIY
87RPVCLfaMf5y074nYVVDASNRvlZwtvAtzkMp4+7YYEoRXHIwZyPzVN9a7zV1mnW
m6aUYs0/IDLlAp7UsK/IxFZjqNd6jnNS0KQUggUqO6Ocplf4fZX4XBlaFuH4xTD9
ufb6PkECbfNad+PI9xULG8gcaUGhjva4Q9HRfQwRasrk
-----END CERTIFICATE-----