This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/f4bD2j2ZctfyMRffHbpMKHwXRSU.roa
File:                     f4bD2j2ZctfyMRffHbpMKHwXRSU.roa (raw, json)
Hash identifier:          rtGJzd+eO3rg+u8EKiSavSngCqzv1WolCN9nYYZQY64=
Subject key identifier:   7F:86:C3:DA:3D:99:72:D7:F2:31:17:DF:1D:BA:4C:28:7C:17:45:25
Certificate issuer:       /CN=7c86f13a9b721cd1869fbb974ee53d90022eaa2c
Certificate serial:       019B7758EE74BE7B4697CA7DF5019F3AED45
Authority key identifier: 7C:86:F1:3A:9B:72:1C:D1:86:9F:BB:97:4E:E5:3D:90:02:2E:AA:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/f4bD2j2ZctfyMRffHbpMKHwXRSU.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215596
IP address blocks:        193.35.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ee:74:be:7b:46:97:ca:7d:f5:01:9f:3a:ed:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c86f13a9b721cd1869fbb974ee53d90022eaa2c
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f86c3da3d9972d7f23117df1dba4c287c174525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:32:1b:81:1a:79:8f:7f:02:a9:81:94:18:
                    45:be:d3:2f:71:7c:e9:bb:6d:81:5f:a9:be:05:9f:
                    a6:6a:85:f1:23:2b:ec:b1:ff:58:d2:c9:37:e4:bf:
                    ff:a0:3a:f0:11:ea:d2:ab:a5:4f:9a:41:23:66:0e:
                    36:f6:68:7c:d0:11:0c:c0:d0:6d:cd:97:92:fb:c0:
                    43:b9:ae:0a:02:8c:72:6a:b7:a2:2e:f0:6e:57:fe:
                    aa:ca:99:ba:c9:c7:4f:f0:32:d3:bd:4c:56:c4:02:
                    95:6b:ae:18:6d:f1:65:04:01:cb:1b:fa:be:57:60:
                    8f:e4:6a:f5:0b:31:68:1e:28:86:66:73:80:81:54:
                    3e:d7:a5:57:4b:1d:e5:b8:f4:ef:38:1a:e3:6b:9e:
                    19:17:81:6b:10:d7:39:4d:49:4f:42:ed:dd:c6:e6:
                    d0:41:6d:e2:9d:58:bf:95:ec:95:e8:e9:40:ec:11:
                    39:9d:3f:ff:b3:f8:61:50:99:76:87:c0:ea:16:11:
                    b6:c5:c8:ec:fe:fc:83:48:31:96:8c:de:cc:77:de:
                    14:87:87:9b:a5:85:3c:bf:62:58:d3:04:14:54:48:
                    e4:a6:6c:26:54:97:79:70:11:d1:64:e0:bd:6e:cb:
                    ad:99:e0:97:20:59:37:ea:9d:dc:af:cd:f1:8d:7c:
                    18:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:86:C3:DA:3D:99:72:D7:F2:31:17:DF:1D:BA:4C:28:7C:17:45:25
            X509v3 Authority Key Identifier:
                keyid:7C:86:F1:3A:9B:72:1C:D1:86:9F:BB:97:4E:E5:3D:90:02:2E:AA:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fIbxOptyHNGGn7uXTuU9kAIuqiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/f4bD2j2ZctfyMRffHbpMKHwXRSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/607721-00ff-4581-80e5-6fa84402d6a0/1/fIbxOptyHNGGn7uXTuU9kAIuqiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:38:aa:5b:7c:c5:c5:7a:f7:9f:b5:c7:1f:b8:99:75:3a:2b:
         ae:fd:47:45:e2:95:0a:79:bc:a8:f0:9c:74:97:4b:6d:2a:dd:
         6e:5d:3c:10:90:0b:4f:1d:6b:a1:6e:b0:d3:fd:dc:29:9b:db:
         91:fd:cb:42:54:e8:49:ce:e9:c8:4c:41:b1:71:e0:be:21:a8:
         e4:dc:d8:bd:9a:56:d2:e5:df:42:8a:22:1a:4b:a9:18:2f:87:
         8c:04:9b:86:e1:e8:48:a7:8e:f4:4b:eb:05:fc:d1:88:49:d1:
         70:6d:c8:dc:ce:98:e6:b7:01:8b:dd:89:9c:9b:4c:57:ce:04:
         e6:3e:b8:ef:b5:cc:ad:5e:7f:a9:c1:08:c0:3d:57:66:9c:44:
         50:bf:81:77:b3:53:ef:b3:fe:31:53:fd:27:a7:f6:97:a4:08:
         2b:3f:fd:70:0f:81:f7:4f:22:38:4a:fe:b2:73:1a:22:c9:ec:
         eb:8e:50:95:70:0b:30:03:1e:f5:5d:7e:dc:10:2c:db:7a:b9:
         2c:c9:31:26:fb:5d:76:e5:43:5c:fa:eb:c4:a6:3d:0e:97:1a:
         c2:7a:25:7c:dc:d7:b0:8a:6c:9e:b1:6b:9f:5e:83:50:25:35:
         4c:08:07:27:15:fe:71:8b:e2:af:8e:ed:79:8b:8f:6b:51:f4:
         b8:d8:ed:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WO50vntGl8p99QGfOu1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjODZmMTNhOWI3MjFjZDE4NjlmYmI5NzRlZTUzZDkwMDIy
ZWFhMmMwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjg2YzNkYTNkOTk3MmQ3ZjIzMTE3ZGYxZGJhNGMyODdjMTc0NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqboyG4EaeY9/AqmBlBhFvtMvcXzp
u22BX6m+BZ+maoXxIyvssf9Y0sk35L//oDrwEerSq6VPmkEjZg429mh80BEMwNBt
zZeS+8BDua4KAoxyareiLvBuV/6qypm6ycdP8DLTvUxWxAKVa64YbfFlBAHLG/q+
V2CP5Gr1CzFoHiiGZnOAgVQ+16VXSx3luPTvOBrja54ZF4FrENc5TUlPQu3dxubQ
QW3inVi/leyV6OlA7BE5nT//s/hhUJl2h8DqFhG2xcjs/vyDSDGWjN7Md94Uh4eb
pYU8v2JY0wQUVEjkpmwmVJd5cBHRZOC9bsutmeCXIFk36p3cr83xjXwYzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+Gw9o9mXLX8jEX3x26TCh8F0UlMB8GA1UdIwQY
MBaAFHyG8TqbchzRhp+7l07lPZACLqosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZklieE9wdHlITkdHbjd1WFR1VTlrQUl1cWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MDc3MjEtMDBmZi00NTgxLTgwZTUt
NmZhODQ0MDJkNmEwLzEvZjRiRDJqMlpjdGZ5TVJmZkhicE1LSHdYUlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MDc3MjEtMDBmZi00NTgxLTgwZTUtNmZhODQ0MDJkNmEw
LzEvZklieE9wdHlITkdHbjd1WFR1VTlrQUl1cWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPRMA0G
CSqGSIb3DQEBCwUAA4IBAQBgOKpbfMXFeveftccfuJl1Oiuu/UdF4pUKebyo8Jx0
l0ttKt1uXTwQkAtPHWuhbrDT/dwpm9uR/ctCVOhJzunITEGxceC+Iajk3Ni9mlbS
5d9CiiIaS6kYL4eMBJuG4ehIp470S+sF/NGISdFwbcjczpjmtwGL3Ymcm0xXzgTm
PrjvtcytXn+pwQjAPVdmnERQv4F3s1Pvs/4xU/0np/aXpAgrP/1wD4H3TyI4Sv6y
cxoiyezrjlCVcAswAx71XX7cECzberksyTEm+1125UNc+uvEpj0OlxrCeiV83New
imyesWufXoNQJTVMCAcnFf5xi+Kvju15i49rUfS42O1z
-----END CERTIFICATE-----