This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/dX-rNWvNzQQp4mkv-p-E7vQ4jvE.roa
File:                     dX-rNWvNzQQp4mkv-p-E7vQ4jvE.roa (raw, json)
Hash identifier:          tzroMUcOp9V01Z5SuKmv3L+kiGKSKimIDzFfo75M/VM=
Subject key identifier:   75:7F:AB:35:6B:CD:CD:04:29:E2:69:2F:FA:9F:84:EE:F4:38:8E:F1
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019B7C11F2B74A4CFAE2210285A27AE7A57E
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/dX-rNWvNzQQp4mkv-p-E7vQ4jvE.roa
Signing time:             Fri 02 Jan 2026 00:18:29 +0000
ROA not before:           Fri 02 Jan 2026 00:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4546
IP address blocks:        213.41.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:f2:b7:4a:4c:fa:e2:21:02:85:a2:7a:e7:a5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 00:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=757fab356bcdcd0429e2692ffa9f84eef4388ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:91:e2:68:a7:67:c4:26:c1:37:89:af:2a:38:
                    32:55:39:f9:f8:2c:48:38:7d:54:fd:dd:2a:67:be:
                    ca:4e:a3:9b:d2:5b:1f:fc:61:6d:88:22:8c:6f:a8:
                    9f:96:2b:5d:0d:9d:72:d0:f2:1a:f8:8b:ee:90:d3:
                    fd:d7:b2:b1:b6:17:21:82:7a:4c:0b:e6:5d:60:6e:
                    ad:5d:3f:fa:2f:82:1f:81:4a:72:cd:bb:61:76:c5:
                    92:9d:ce:a9:46:c8:ed:41:a3:c7:b8:98:54:e5:21:
                    06:95:11:92:f9:21:0f:b8:fa:7d:f4:c8:56:0c:6d:
                    30:92:40:07:63:5e:63:1d:14:32:9a:38:fd:e2:cc:
                    7b:4c:07:11:89:d1:92:53:a3:5a:f7:d2:fc:a4:95:
                    68:7d:1f:12:d8:10:be:c3:6c:65:44:30:25:44:99:
                    e6:3a:6d:22:d2:19:e8:38:86:76:e2:77:61:d3:f6:
                    7c:4e:5e:f6:af:4b:2f:4d:f5:4b:29:af:fe:45:e0:
                    4e:c3:a2:c2:db:37:20:56:fd:f8:f3:78:79:fc:dc:
                    49:25:53:33:21:25:30:82:97:e0:09:33:f4:03:8b:
                    c9:49:25:5b:29:bd:23:e5:55:68:f0:94:75:84:b5:
                    a2:40:fb:aa:6f:c5:81:29:81:fb:a3:22:3d:94:c1:
                    40:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7F:AB:35:6B:CD:CD:04:29:E2:69:2F:FA:9F:84:EE:F4:38:8E:F1
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/dX-rNWvNzQQp4mkv-p-E7vQ4jvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.41.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:83:c1:ae:0a:51:e6:5b:d7:ed:ef:bb:07:31:f6:14:dc:6a:
         24:73:bb:88:a7:7f:da:41:7d:6f:c6:2f:49:a3:8c:84:4f:d2:
         cb:4e:9c:aa:5c:6d:ee:a3:25:14:7d:bf:06:c6:90:77:e1:3f:
         93:a9:b6:cf:0a:3c:3d:3e:c5:48:2b:8a:e1:5a:b6:9a:f2:42:
         05:d2:40:b1:33:72:ca:ea:ad:52:b7:38:fd:3f:58:8f:97:cf:
         2c:61:77:68:f5:4c:1b:40:25:ca:1a:a3:65:35:74:be:8c:24:
         64:f4:c4:20:42:40:c0:43:6d:42:49:a7:cc:60:51:e7:a4:7a:
         4e:57:0b:6e:94:e0:3d:3c:18:cc:28:90:75:fa:99:47:c2:f6:
         85:1b:c7:ed:5f:12:75:4c:5b:5d:92:2a:71:aa:85:cb:93:2c:
         0a:ed:fb:3c:53:5f:69:4e:71:57:f4:9f:87:c4:44:45:d7:56:
         48:3b:a2:83:31:01:9c:b3:76:02:48:62:4d:e9:30:54:d3:1b:
         48:ac:c7:16:18:e5:67:c7:ad:15:34:92:77:d6:62:9d:17:36:
         ba:5f:7f:5e:23:24:e3:1b:50:92:65:19:51:ee:2a:d5:d2:bf:
         54:7e:58:09:6a:a1:4c:57:a8:d6:c2:1d:58:3c:e7:1d:4b:57:
         8c:4b:2f:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EfK3Skz64iEChaJ656V+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwMTAyMDAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdmYWIzNTZiY2RjZDA0MjllMjY5MmZmYTlmODRlZWY0Mzg4ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpHiaKdnxCbBN4mvKjgyVTn5+CxI
OH1U/d0qZ77KTqOb0lsf/GFtiCKMb6iflitdDZ1y0PIa+IvukNP917KxthchgnpM
C+ZdYG6tXT/6L4IfgUpyzbthdsWSnc6pRsjtQaPHuJhU5SEGlRGS+SEPuPp99MhW
DG0wkkAHY15jHRQymjj94sx7TAcRidGSU6Na99L8pJVofR8S2BC+w2xlRDAlRJnm
Om0i0hnoOIZ24ndh0/Z8Tl72r0svTfVLKa/+ReBOw6LC2zcgVv3483h5/NxJJVMz
ISUwgpfgCTP0A4vJSSVbKb0j5VVo8JR1hLWiQPuqb8WBKYH7oyI9lMFA8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHV/qzVrzc0EKeJpL/qfhO70OI7xMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvZFgtck5Xdk56UVFwNG1rdi1wLUU3dlE0anZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SlbMA0G
CSqGSIb3DQEBCwUAA4IBAQBpg8GuClHmW9ft77sHMfYU3Gokc7uIp3/aQX1vxi9J
o4yET9LLTpyqXG3uoyUUfb8GxpB34T+TqbbPCjw9PsVIK4rhWraa8kIF0kCxM3LK
6q1Stzj9P1iPl88sYXdo9UwbQCXKGqNlNXS+jCRk9MQgQkDAQ21CSafMYFHnpHpO
VwtulOA9PBjMKJB1+plHwvaFG8ftXxJ1TFtdkipxqoXLkywK7fs8U19pTnFX9J+H
xERF11ZIO6KDMQGcs3YCSGJN6TBU0xtIrMcWGOVnx60VNJJ31mKdFza6X39eIyTj
G1CSZRlR7irV0r9UflgJaqFMV6jWwh1YPOcdS1eMSy+b
-----END CERTIFICATE-----