This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/DkKDajpTHwTuNMIpxKTAMDGQDDo.roa
File:                     DkKDajpTHwTuNMIpxKTAMDGQDDo.roa (raw, json)
Hash identifier:          X10Ua4dlXVpqCEjX6L/K3mZaPDpI5fuPVZc9nBQdT8k=
Subject key identifier:   0E:42:83:6A:3A:53:1F:04:EE:34:C2:29:C4:A4:C0:30:31:90:0C:3A
Certificate issuer:       /CN=51aedc576bdf5600bfe4c4790385facedc46f034
Certificate serial:       019B7E38A65337E2411ED394C6ADA258DAD8
Authority key identifier: 51:AE:DC:57:6B:DF:56:00:BF:E4:C4:79:03:85:FA:CE:DC:46:F0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/DkKDajpTHwTuNMIpxKTAMDGQDDo.roa
Signing time:             Fri 02 Jan 2026 10:20:00 +0000
ROA not before:           Fri 02 Jan 2026 10:20:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29353
IP address blocks:        194.13.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:a6:53:37:e2:41:1e:d3:94:c6:ad:a2:58:da:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51aedc576bdf5600bfe4c4790385facedc46f034
        Validity
            Not Before: Jan  2 10:20:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e42836a3a531f04ee34c229c4a4c03031900c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ad:85:ed:8f:d0:41:25:cd:0b:9b:e2:c4:80:
                    b4:1d:e1:46:e2:ed:b3:aa:db:ef:8b:d4:72:05:d8:
                    7f:dd:e5:11:5f:65:57:ab:02:66:bf:43:b9:a9:9a:
                    bd:7b:08:d4:ca:96:5b:7b:ea:cd:76:94:50:0c:e5:
                    0a:7a:ae:b6:06:1f:e3:2a:30:ce:e2:a6:7f:7c:2d:
                    7d:70:2a:e7:66:d9:63:94:9b:a8:6a:0c:fc:53:4e:
                    0c:56:97:78:ca:89:bc:bd:09:54:41:c1:5f:c9:a3:
                    5e:7b:1a:49:7c:fe:26:38:09:d2:75:63:53:3b:91:
                    47:a0:2e:c0:9e:f9:1c:9f:84:a4:13:b0:39:d8:09:
                    a2:dc:12:cb:37:e3:5a:9e:08:58:78:bb:a0:58:7a:
                    02:f4:4c:cf:7e:77:28:74:06:cf:e9:26:8f:e0:56:
                    72:75:0e:fa:dc:0d:9b:a9:a4:b0:5c:2f:0f:14:a3:
                    c5:20:24:72:3d:af:9c:45:7f:13:bf:6e:8b:34:49:
                    2d:48:8d:87:b9:48:58:11:72:10:24:2b:a3:30:d8:
                    10:4b:42:9a:25:49:de:48:0c:26:78:b5:3c:5a:9b:
                    48:ec:7f:51:c7:0a:fc:f8:08:ee:a9:f5:7e:ce:86:
                    24:40:e9:aa:0c:7f:1b:8f:f4:73:0d:fe:ce:01:4a:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:42:83:6A:3A:53:1F:04:EE:34:C2:29:C4:A4:C0:30:31:90:0C:3A
            X509v3 Authority Key Identifier:
                keyid:51:AE:DC:57:6B:DF:56:00:BF:E4:C4:79:03:85:FA:CE:DC:46:F0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/DkKDajpTHwTuNMIpxKTAMDGQDDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5d3b8-bdbf-46fb-aa94-b14e599c0cc2/1/Ua7cV2vfVgC_5MR5A4X6ztxG8DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:f4:71:e8:c9:9c:98:70:76:3c:af:cf:98:f2:91:fc:37:53:
         8e:6b:b6:cd:54:2f:83:b3:f1:1a:5a:e4:44:73:2d:4f:65:fe:
         c9:5e:3a:7a:04:18:1e:4e:f1:a4:dc:8b:bd:fd:74:74:dd:a7:
         f2:50:35:39:38:7c:32:b2:3b:49:60:1f:54:64:d9:0b:e2:22:
         af:92:0a:1e:16:09:2f:3d:61:73:0d:7c:25:48:4c:dd:b7:4d:
         e4:5e:d1:4f:6a:66:e5:da:ae:69:8c:a2:fb:90:ae:8e:18:db:
         be:4c:89:cc:bb:a0:9d:2b:4a:aa:b3:e5:3e:b5:81:ee:39:b2:
         b9:78:e6:32:2e:17:b6:d3:d4:3e:a1:77:74:18:02:a7:48:9b:
         fe:62:13:e3:28:db:c3:ec:8a:44:53:14:91:4b:3b:d1:2a:d9:
         40:5a:7c:58:5c:ed:93:24:ae:c3:c7:7c:04:b9:87:3c:69:b6:
         43:66:72:93:c2:2a:13:11:1a:ae:8c:f1:b3:e2:cf:70:dc:b0:
         c3:bd:78:0e:39:26:d5:04:5c:42:7c:a6:af:d1:c6:dd:e6:b0:
         7f:a7:fa:7d:2a:1d:c0:8f:09:2a:ec:11:45:4d:10:47:f8:8c:
         46:a4:1d:bf:e4:dc:a5:80:c9:18:9d:c9:68:e0:de:f7:d6:06:
         c1:f8:2e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OKZTN+JBHtOUxq2iWNrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWVkYzU3NmJkZjU2MDBiZmU0YzQ3OTAzODVmYWNlZGM0
NmYwMzQwHhcNMjYwMTAyMTAyMDAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQyODM2YTNhNTMxZjA0ZWUzNGMyMjljNGE0YzAzMDMxOTAwYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa2F7Y/QQSXNC5vixIC0HeFG4u2z
qtvvi9RyBdh/3eURX2VXqwJmv0O5qZq9ewjUypZbe+rNdpRQDOUKeq62Bh/jKjDO
4qZ/fC19cCrnZtljlJuoagz8U04MVpd4yom8vQlUQcFfyaNeexpJfP4mOAnSdWNT
O5FHoC7Anvkcn4SkE7A52Ami3BLLN+NanghYeLugWHoC9EzPfncodAbP6SaP4FZy
dQ763A2bqaSwXC8PFKPFICRyPa+cRX8Tv26LNEktSI2HuUhYEXIQJCujMNgQS0Ka
JUneSAwmeLU8WptI7H9Rxwr8+AjuqfV+zoYkQOmqDH8bj/RzDf7OAUrzHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5Cg2o6Ux8E7jTCKcSkwDAxkAw6MB8GA1UdIwQY
MBaAFFGu3Fdr31YAv+TEeQOF+s7cRvA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWE3Y1YydmZWZ0NfNU1SNUE0WDZ6dHhHOERRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNWQzYjgtYmRiZi00NmZiLWFhOTQt
YjE0ZTU5OWMwY2MyLzEvRGtLRGFqcFRId1R1Tk1JcHhLVEFNREdRRERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNWQzYjgtYmRiZi00NmZiLWFhOTQtYjE0ZTU5OWMwY2My
LzEvVWE3Y1YydmZWZ0NfNU1SNUE0WDZ6dHhHOERRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg1vMA0G
CSqGSIb3DQEBCwUAA4IBAQAj9HHoyZyYcHY8r8+Y8pH8N1OOa7bNVC+Ds/EaWuRE
cy1PZf7JXjp6BBgeTvGk3Iu9/XR03afyUDU5OHwysjtJYB9UZNkL4iKvkgoeFgkv
PWFzDXwlSEzdt03kXtFPambl2q5pjKL7kK6OGNu+TInMu6CdK0qqs+U+tYHuObK5
eOYyLhe209Q+oXd0GAKnSJv+YhPjKNvD7IpEUxSRSzvRKtlAWnxYXO2TJK7Dx3wE
uYc8abZDZnKTwioTERqujPGz4s9w3LDDvXgOOSbVBFxCfKav0cbd5rB/p/p9Kh3A
jwkq7BFFTRBH+IxGpB2/5NylgMkYnclo4N731gbB+C64
-----END CERTIFICATE-----