This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Wfqf17fPNrqhYEuomD94h7cLzTQ.roa
File:                     Wfqf17fPNrqhYEuomD94h7cLzTQ.roa (raw, json)
Hash identifier:          +K1HlQK29dpjLdYpqFFk3MJakrfyvQ2V89xPZB0rlNk=
Subject key identifier:   59:FA:9F:D7:B7:CF:36:BA:A1:60:4B:A8:98:3F:78:87:B7:0B:CD:34
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019B7F841B3C04BC018767E464D63C4BAC5D
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Wfqf17fPNrqhYEuomD94h7cLzTQ.roa
Signing time:             Fri 02 Jan 2026 16:22:02 +0000
ROA not before:           Fri 02 Jan 2026 16:22:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398101
IP address blocks:        92.204.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:1b:3c:04:bc:01:87:67:e4:64:d6:3c:4b:ac:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 16:22:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59fa9fd7b7cf36baa1604ba8983f7887b70bcd34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:53:ef:bf:b8:a3:92:03:1a:1a:9c:5e:f4:95:
                    c0:08:dc:84:2a:8e:cb:a4:30:ed:5c:99:47:2e:47:
                    96:ff:c1:64:4e:45:12:d2:7f:0a:9e:da:61:0f:05:
                    40:5f:99:a0:7d:11:0b:49:d6:c4:6c:35:5b:a5:bf:
                    4f:99:0c:94:22:6b:7a:cb:c1:fb:4f:42:f7:79:f9:
                    0a:35:f9:79:7e:ac:5f:a5:fb:00:8d:a2:54:fd:6a:
                    63:af:16:94:89:76:a2:1f:7e:b2:18:78:61:d2:5a:
                    1a:a3:55:b7:82:33:60:77:cd:22:8d:bd:fd:4f:f2:
                    11:f6:95:ca:f0:05:c1:79:3d:62:4a:b6:1e:47:3e:
                    bb:60:b1:81:f6:22:23:c2:b7:d3:ae:02:c3:7a:b1:
                    a2:ce:b2:76:13:3b:00:24:fb:3b:d2:e7:74:ed:42:
                    13:a7:ad:41:ac:96:b9:22:00:30:fe:f1:eb:0a:50:
                    b5:bb:af:6a:a2:4d:e9:f8:4a:35:81:74:1c:07:de:
                    5b:4c:02:0c:62:9b:25:02:8a:76:b2:22:c7:ba:49:
                    37:8b:bd:44:cb:34:93:51:dc:7b:d2:e5:be:7e:b1:
                    a3:cd:9d:4f:8c:2c:81:a7:6e:8d:91:7a:4f:26:59:
                    20:b1:4e:c6:f6:0f:52:9e:35:31:e4:2a:aa:94:4b:
                    03:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:FA:9F:D7:B7:CF:36:BA:A1:60:4B:A8:98:3F:78:87:B7:0B:CD:34
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Wfqf17fPNrqhYEuomD94h7cLzTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         72:96:b6:73:31:f2:67:e7:c0:e6:91:d4:0c:e3:cd:dd:80:7a:
         68:3d:79:4e:cc:0d:fb:c2:3b:79:1c:f2:76:56:86:f1:d6:73:
         ee:86:52:25:37:99:d8:49:c0:5a:a6:49:05:a7:20:ea:d0:ca:
         91:d9:cb:31:fe:7a:a3:95:8e:0c:26:ca:31:3f:80:be:84:1e:
         f0:b6:f6:22:4f:b2:54:a6:8a:86:58:13:e6:ef:78:fe:5a:93:
         fd:ec:e2:2d:e2:43:10:7c:7b:a2:00:4f:bd:d7:4c:64:14:0c:
         1b:e0:c0:45:21:94:7d:dd:29:8a:ba:c4:7d:41:28:e1:1c:d6:
         bf:3e:b9:ad:c6:d4:a6:3c:9a:95:c3:ed:e5:43:18:22:77:fa:
         10:63:62:15:36:77:cd:2d:03:8f:e6:82:f3:01:f0:25:6e:63:
         3a:72:44:2f:85:ea:59:a8:51:13:a5:45:56:b6:f8:3d:61:63:
         e9:b0:20:68:1f:0f:47:11:99:ce:7a:fd:c1:23:b9:29:bd:e0:
         b2:3d:7a:57:55:ba:92:44:79:7a:d3:15:f3:8f:d4:d3:11:40:
         65:21:22:45:0c:b2:f4:5b:91:7f:56:a6:f5:4a:e2:bd:d2:95:
         4c:16:dd:e4:48:bf:2c:ea:ce:d5:04:bd:ea:5a:12:c9:b2:76:
         21:09:50:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hBs8BLwBh2fkZNY8S6xdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMTAyMTYyMjAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWZhOWZkN2I3Y2YzNmJhYTE2MDRiYTg5ODNmNzg4N2I3MGJjZDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlPvv7ijkgMaGpxe9JXACNyEKo7L
pDDtXJlHLkeW/8FkTkUS0n8KntphDwVAX5mgfRELSdbEbDVbpb9PmQyUImt6y8H7
T0L3efkKNfl5fqxfpfsAjaJU/WpjrxaUiXaiH36yGHhh0loao1W3gjNgd80ijb39
T/IR9pXK8AXBeT1iSrYeRz67YLGB9iIjwrfTrgLDerGizrJ2EzsAJPs70ud07UIT
p61BrJa5IgAw/vHrClC1u69qok3p+Eo1gXQcB95bTAIMYpslAop2siLHukk3i71E
yzSTUdx70uW+frGjzZ1PjCyBp26NkXpPJlkgsU7G9g9SnjUx5CqqlEsD2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFn6n9e3zza6oWBLqJg/eIe3C800MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvV2ZxZjE3ZlBOcnFoWUV1b21EOTRoN2NMelRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXMyAMA0G
CSqGSIb3DQEBCwUAA4IBAQBylrZzMfJn58DmkdQM483dgHpoPXlOzA37wjt5HPJ2
Vobx1nPuhlIlN5nYScBapkkFpyDq0MqR2csx/nqjlY4MJsoxP4C+hB7wtvYiT7JU
poqGWBPm73j+WpP97OIt4kMQfHuiAE+910xkFAwb4MBFIZR93SmKusR9QSjhHNa/
PrmtxtSmPJqVw+3lQxgid/oQY2IVNnfNLQOP5oLzAfAlbmM6ckQvhepZqFETpUVW
tvg9YWPpsCBoHw9HEZnOev3BI7kpveCyPXpXVbqSRHl60xXzj9TTEUBlISJFDLL0
W5F/Vqb1SuK90pVMFt3kSL8s6s7VBL3qWhLJsnYhCVAa
-----END CERTIFICATE-----