This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/43ymdr3K3iMs6v29pEnuXTGVVTU.roa
File:                     43ymdr3K3iMs6v29pEnuXTGVVTU.roa (raw, json)
Hash identifier:          T6YtebG+rID15qUGedeSqtw1F5/D7XsYg2ZcZB9ldO4=
Subject key identifier:   E3:7C:A6:76:BD:CA:DE:23:2C:EA:FD:BD:A4:49:EE:5D:31:95:55:35
Certificate issuer:       /CN=dc4b4a18a7e151a37da5e4ccdaa9e7dbd88e9d93
Certificate serial:       019B79EC4FF748EF14B294192413D51A4617
Authority key identifier: DC:4B:4A:18:A7:E1:51:A3:7D:A5:E4:CC:DA:A9:E7:DB:D8:8E:9D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/43ymdr3K3iMs6v29pEnuXTGVVTU.roa
Signing time:             Thu 01 Jan 2026 14:18:08 +0000
ROA not before:           Thu 01 Jan 2026 14:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        194.5.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:4f:f7:48:ef:14:b2:94:19:24:13:d5:1a:46:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4b4a18a7e151a37da5e4ccdaa9e7dbd88e9d93
        Validity
            Not Before: Jan  1 14:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e37ca676bdcade232ceafdbda449ee5d31955535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c3:bb:b4:e7:0e:82:92:0f:6d:5a:2c:cd:d9:
                    81:26:1e:ce:41:a6:1d:3d:50:05:2f:d5:96:fa:e1:
                    0f:ea:6e:ca:b0:a2:56:03:2d:1f:08:70:95:19:b8:
                    a8:38:2f:91:8a:ee:fb:4b:e5:b1:60:e0:e6:9a:02:
                    ba:87:00:53:ce:56:03:da:64:a6:70:db:0e:a3:d7:
                    cb:6c:7e:03:6d:ec:39:d9:6d:87:b3:37:04:3e:b4:
                    8a:0d:2f:a0:51:1a:de:83:66:a9:43:81:43:89:f5:
                    98:71:5c:d2:51:4b:89:f9:61:da:1c:49:52:00:8c:
                    dc:7b:f0:a6:63:a9:1c:e2:14:66:d3:40:47:fd:57:
                    04:2d:44:a4:20:ad:90:1e:57:e5:a8:cd:81:50:05:
                    a4:39:7b:74:81:da:0b:f8:5a:64:18:28:33:55:fd:
                    12:27:09:78:e2:5e:fa:7d:b4:05:d0:5c:ec:44:f7:
                    e9:5d:e4:4e:7f:db:6c:0f:8d:51:42:8a:b9:57:4b:
                    b2:0b:0a:83:0e:10:48:67:1b:32:7b:d7:ba:f7:b2:
                    c3:33:a0:b6:99:ee:03:9e:f9:ca:8b:4d:57:00:da:
                    67:32:bf:1b:2e:c6:c1:3a:0a:c6:64:0a:28:75:96:
                    4e:8c:28:aa:e8:6c:5f:da:73:45:5f:4c:99:b5:91:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7C:A6:76:BD:CA:DE:23:2C:EA:FD:BD:A4:49:EE:5D:31:95:55:35
            X509v3 Authority Key Identifier:
                keyid:DC:4B:4A:18:A7:E1:51:A3:7D:A5:E4:CC:DA:A9:E7:DB:D8:8E:9D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EtKGKfhUaN9peTM2qnn29iOnZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/43ymdr3K3iMs6v29pEnuXTGVVTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/361a21-0b5a-4367-841e-3dd293f74e5e/1/3EtKGKfhUaN9peTM2qnn29iOnZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e8:af:4a:83:b9:5a:d2:3c:de:45:7a:58:20:d0:b8:95:42:
         45:b3:a4:97:89:ba:86:7e:db:b4:68:f2:10:a0:76:09:9b:a7:
         55:52:23:25:f7:a4:65:9c:7b:63:f6:eb:98:cd:83:f1:e7:b3:
         b4:1e:63:50:0f:1c:3d:c8:97:87:49:a7:bc:9a:0d:8f:67:e0:
         8c:9a:fb:a0:a4:b2:11:81:57:62:9b:8b:87:d3:98:38:ee:00:
         98:5a:c3:46:2f:03:23:d3:70:13:e4:12:da:b2:9c:5a:a9:03:
         ef:27:d5:ef:20:a9:99:41:45:6c:3c:14:1f:5a:59:f2:61:81:
         6e:3c:ae:0a:96:5b:80:d6:9c:1b:07:1d:58:7b:08:8c:dd:31:
         41:f6:f8:79:b8:91:25:f3:27:2e:fe:59:a6:38:6e:8b:6d:7c:
         00:f7:e9:e5:fb:c8:87:86:b2:74:cd:35:88:2a:68:31:d5:fb:
         93:b9:32:5d:50:61:4c:4b:80:2a:b1:6b:50:20:25:f6:e8:e4:
         be:6a:dd:d3:2d:49:6c:2a:2f:e2:37:0c:89:af:98:7e:f4:d0:
         21:15:51:3b:f3:f0:3f:7c:90:e1:91:06:ff:ca:3e:ed:f5:75:
         c7:b7:69:48:a0:46:fc:e1:44:0d:88:e0:1c:ef:d9:6b:a2:bf:
         cc:5b:eb:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57E/3SO8UspQZJBPVGkYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGI0YTE4YTdlMTUxYTM3ZGE1ZTRjY2RhYTllN2RiZDg4
ZTlkOTMwHhcNMjYwMTAxMTQxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdjYTY3NmJkY2FkZTIzMmNlYWZkYmRhNDQ5ZWU1ZDMxOTU1NTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcO7tOcOgpIPbVoszdmBJh7OQaYd
PVAFL9WW+uEP6m7KsKJWAy0fCHCVGbioOC+Riu77S+WxYODmmgK6hwBTzlYD2mSm
cNsOo9fLbH4Dbew52W2HszcEPrSKDS+gURreg2apQ4FDifWYcVzSUUuJ+WHaHElS
AIzce/CmY6kc4hRm00BH/VcELUSkIK2QHlflqM2BUAWkOXt0gdoL+FpkGCgzVf0S
Jwl44l76fbQF0FzsRPfpXeROf9tsD41RQoq5V0uyCwqDDhBIZxsye9e697LDM6C2
me4DnvnKi01XANpnMr8bLsbBOgrGZAoodZZOjCiq6Gxf2nNFX0yZtZHt3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON8pna9yt4jLOr9vaRJ7l0xlVU1MB8GA1UdIwQY
MBaAFNxLShin4VGjfaXkzNqp59vYjp2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0V0S0dLZmhVYU45cGVUTTJxbm4yOWlPblpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNjFhMjEtMGI1YS00MzY3LTg0MWUt
M2RkMjkzZjc0ZTVlLzEvNDN5bWRyM0szaU1zNnYyOXBFbnVYVEdWVlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNjFhMjEtMGI1YS00MzY3LTg0MWUtM2RkMjkzZjc0ZTVl
LzEvM0V0S0dLZmhVYU45cGVUTTJxbm4yOWlPblpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgUyMA0G
CSqGSIb3DQEBCwUAA4IBAQAk6K9Kg7la0jzeRXpYINC4lUJFs6SXibqGftu0aPIQ
oHYJm6dVUiMl96RlnHtj9uuYzYPx57O0HmNQDxw9yJeHSae8mg2PZ+CMmvugpLIR
gVdim4uH05g47gCYWsNGLwMj03AT5BLaspxaqQPvJ9XvIKmZQUVsPBQfWlnyYYFu
PK4KlluA1pwbBx1YewiM3TFB9vh5uJEl8ycu/lmmOG6LbXwA9+nl+8iHhrJ0zTWI
Kmgx1fuTuTJdUGFMS4AqsWtQICX26OS+at3TLUlsKi/iNwyJr5h+9NAhFVE78/A/
fJDhkQb/yj7t9XXHt2lIoEb84UQNiOAc79lror/MW+sj
-----END CERTIFICATE-----