This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/esYBbdHlmzNrFPaZHG9t4u-VPHc.roa
File:                     esYBbdHlmzNrFPaZHG9t4u-VPHc.roa (raw, json)
Hash identifier:          lkNqbXeTq7xSvC4HTyeLweRSSMj+JVz2/1P8Io014A8=
Subject key identifier:   7A:C6:01:6D:D1:E5:9B:33:6B:14:F6:99:1C:6F:6D:E2:EF:95:3C:77
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       019B7AC94900A679884579E1A8678A3F3032
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/esYBbdHlmzNrFPaZHG9t4u-VPHc.roa
Signing time:             Thu 01 Jan 2026 18:19:30 +0000
ROA not before:           Thu 01 Jan 2026 18:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6774
IP address blocks:        80.231.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:49:00:a6:79:88:45:79:e1:a8:67:8a:3f:30:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  1 18:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ac6016dd1e59b336b14f6991c6f6de2ef953c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f8:88:de:7f:ce:e2:3e:dd:06:20:3f:db:d0:
                    f5:f4:40:c8:78:4d:e8:9d:ad:17:8b:20:6b:ff:e8:
                    ac:92:24:d2:d7:9d:eb:7b:e4:45:4d:b4:5f:43:11:
                    9e:55:98:b1:c8:05:5b:55:75:b5:52:f6:7d:ae:7d:
                    1e:2a:c5:f3:6b:91:71:fa:44:7f:b3:d5:0d:36:c2:
                    bd:79:b7:3b:93:80:a6:f6:87:58:bb:60:f0:53:18:
                    7c:90:87:47:50:38:d1:9e:09:26:a1:96:b2:9f:35:
                    5e:93:3d:2e:dd:03:04:a4:e1:03:af:e5:47:1f:d1:
                    45:fa:f6:54:3a:07:af:96:90:69:93:a8:4d:d1:06:
                    a0:80:46:a5:2b:75:3b:45:55:35:a6:94:3e:e1:cf:
                    73:ec:cb:d6:56:f7:d5:96:ae:33:6c:ad:97:a4:ec:
                    32:b9:0d:b3:8a:3f:1f:54:c5:b6:76:c1:c3:d1:f0:
                    75:3a:32:9d:3b:16:b2:7f:db:a3:d9:ef:cc:90:c3:
                    d3:d8:43:fc:86:35:b7:e0:55:86:15:16:07:42:23:
                    9a:32:62:5d:02:c7:f3:01:f0:97:d7:ba:dc:ae:f7:
                    d3:43:75:21:31:64:d6:f0:86:1f:f2:23:6e:fe:1e:
                    ef:d2:b9:c5:00:cd:fb:fc:cc:45:93:93:77:6c:2a:
                    17:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C6:01:6D:D1:E5:9B:33:6B:14:F6:99:1C:6F:6D:E2:EF:95:3C:77
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/esYBbdHlmzNrFPaZHG9t4u-VPHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:69:95:c8:cc:64:30:b2:6e:7b:3b:5c:47:5e:2b:8b:ac:7a:
         4f:5f:42:1d:d1:21:58:f4:78:3c:a3:4d:cf:cd:b6:df:68:f2:
         8b:86:3a:e3:0e:a5:81:92:c6:78:9d:39:84:36:67:ce:3b:01:
         c7:68:44:e0:46:4b:8b:ae:da:ff:31:06:da:4c:b2:59:b3:36:
         fe:35:97:6a:fc:72:00:b2:e0:82:7e:7a:d4:fd:e6:46:55:94:
         da:2d:9c:d3:02:b7:9c:30:24:66:dd:98:4e:ab:51:24:75:10:
         36:2f:34:e3:02:36:87:48:51:f5:7c:70:7a:58:6c:65:a5:2e:
         a5:4b:d5:b7:9d:a3:d4:19:0c:33:7b:cb:2b:78:7f:d7:d1:71:
         9e:b2:81:0a:99:ec:49:62:94:46:48:79:dc:ec:cd:e7:da:b7:
         e6:d7:38:66:63:9e:3e:65:d7:df:74:5e:cd:46:4f:18:d8:53:
         d1:8f:e2:57:90:71:71:33:fd:d8:5f:91:f9:9d:14:ac:ac:e6:
         f5:70:66:d9:52:79:88:23:86:28:3c:63:9b:76:22:23:3e:da:
         9b:46:0a:dc:0c:20:c9:46:dc:60:66:84:49:12:61:4c:84:a5:
         d3:1f:cb:be:af:f0:69:1d:12:c8:7e:6e:f0:3a:4c:d8:63:f0:
         72:65:49:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yUkApnmIRXnhqGeKPzAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjYwMTAxMTgxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM2MDE2ZGQxZTU5YjMzNmIxNGY2OTkxYzZmNmRlMmVmOTUzYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PiI3n/O4j7dBiA/29D19EDIeE3o
na0XiyBr/+iskiTS153re+RFTbRfQxGeVZixyAVbVXW1UvZ9rn0eKsXza5Fx+kR/
s9UNNsK9ebc7k4Cm9odYu2DwUxh8kIdHUDjRngkmoZaynzVekz0u3QMEpOEDr+VH
H9FF+vZUOgevlpBpk6hN0QaggEalK3U7RVU1ppQ+4c9z7MvWVvfVlq4zbK2XpOwy
uQ2zij8fVMW2dsHD0fB1OjKdOxayf9uj2e/MkMPT2EP8hjW34FWGFRYHQiOaMmJd
AsfzAfCX17rcrvfTQ3UhMWTW8IYf8iNu/h7v0rnFAM37/MxFk5N3bCoXRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrGAW3R5ZszaxT2mRxvbeLvlTx3MB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvZXNZQmJkSGxtek5yRlBhWkhHOXQ0dS1WUEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOc1MA0G
CSqGSIb3DQEBCwUAA4IBAQB1aZXIzGQwsm57O1xHXiuLrHpPX0Id0SFY9Hg8o03P
zbbfaPKLhjrjDqWBksZ4nTmENmfOOwHHaETgRkuLrtr/MQbaTLJZszb+NZdq/HIA
suCCfnrU/eZGVZTaLZzTArecMCRm3ZhOq1EkdRA2LzTjAjaHSFH1fHB6WGxlpS6l
S9W3naPUGQwze8sreH/X0XGesoEKmexJYpRGSHnc7M3n2rfm1zhmY54+ZdffdF7N
Rk8Y2FPRj+JXkHFxM/3YX5H5nRSsrOb1cGbZUnmII4YoPGObdiIjPtqbRgrcDCDJ
RtxgZoRJEmFMhKXTH8u+r/BpHRLIfm7wOkzYY/ByZUlm
-----END CERTIFICATE-----