This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/Ew6t29Ei1xqX6fCJJvzPjV0QQx8.roa
File:                     Ew6t29Ei1xqX6fCJJvzPjV0QQx8.roa (raw, json)
Hash identifier:          JiMbHLWrOkAjKxV/HgN8hcqfDizA3AaG0pNVT8kgBVI=
Subject key identifier:   13:0E:AD:DB:D1:22:D7:1A:97:E9:F0:89:26:FC:CF:8D:5D:10:43:1F
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       019B78A2A2B2DEA96BFD595D2A457F16949C
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/Ew6t29Ei1xqX6fCJJvzPjV0QQx8.roa
Signing time:             Thu 01 Jan 2026 08:18:02 +0000
ROA not before:           Thu 01 Jan 2026 08:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        192.166.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:a2:b2:de:a9:6b:fd:59:5d:2a:45:7f:16:94:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 08:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=130eaddbd122d71a97e9f08926fccf8d5d10431f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:03:0a:67:58:02:d0:9a:0e:7a:fa:78:7e:8d:
                    f6:e6:32:0f:93:d7:6f:f6:75:3a:8a:14:2f:b9:28:
                    45:13:af:99:c6:c1:7c:4e:be:c5:2e:8a:2f:0f:7c:
                    40:a0:33:ac:3b:a7:b1:7b:3f:48:1c:cc:d5:be:0a:
                    79:8d:03:d0:32:06:65:cf:d6:3f:8e:2b:bf:17:40:
                    9d:7e:c5:fa:c5:d4:02:c9:45:0e:1a:c7:5a:4b:b2:
                    21:64:ff:2c:b5:e1:3d:be:f8:e4:51:36:75:d4:ae:
                    e1:64:2f:84:30:9e:57:64:01:69:08:cc:e6:e2:8e:
                    92:cd:2a:a4:46:03:16:9f:f0:1e:c3:2e:b8:84:c2:
                    84:26:a2:9d:03:e7:03:bd:fd:05:7a:60:c0:a2:51:
                    96:2f:f8:e7:20:2f:99:99:66:e8:bc:a1:5e:db:d4:
                    d2:fb:a5:50:24:d4:b0:5a:5a:68:27:b3:d8:52:e9:
                    56:46:42:2c:1d:f7:d8:87:c0:cf:ae:31:7e:23:f6:
                    cf:94:77:2a:69:e6:cf:1f:11:5a:8b:77:f4:18:49:
                    dd:b0:1a:29:ee:43:7e:5f:aa:76:50:15:19:da:d1:
                    ae:da:28:5a:47:b0:db:62:29:cf:49:33:23:62:27:
                    75:61:9d:86:2b:ec:e1:37:e9:20:07:f4:e8:6b:c6:
                    76:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0E:AD:DB:D1:22:D7:1A:97:E9:F0:89:26:FC:CF:8D:5D:10:43:1F
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/Ew6t29Ei1xqX6fCJJvzPjV0QQx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b7:22:2c:8f:23:f2:45:7b:6a:24:35:76:fc:b1:54:e3:3d:66:
         f2:43:ec:af:30:0a:51:da:01:e4:09:10:9d:07:73:7a:3b:9c:
         12:d0:62:db:29:ee:47:a5:2f:c0:a9:b6:6d:0b:90:32:94:8d:
         64:fe:0c:f5:11:b1:97:df:f0:20:cf:1e:be:27:0d:b6:51:81:
         31:30:23:cf:2c:f6:4f:bc:f4:35:58:a4:fe:c4:df:51:b4:2d:
         39:e3:7e:c2:80:77:1c:72:7b:07:b9:5b:46:bb:9e:da:4e:f4:
         40:87:91:84:a3:c7:4b:e0:7c:ce:ed:aa:9e:78:b5:8c:2f:2c:
         e2:0a:01:d2:2f:2b:09:c2:d2:80:30:d6:a2:be:fd:8f:5b:a7:
         8c:5a:0b:0d:45:20:b9:de:8b:a4:bd:67:43:44:92:0c:a1:cd:
         6e:9f:52:01:ac:e0:ee:c2:af:e9:ee:fd:18:5d:ce:73:a2:92:
         2e:7c:99:e7:74:c3:62:4f:53:30:55:63:ac:ca:58:32:04:2e:
         91:e6:0f:a1:f8:06:30:5f:4d:21:a1:cd:3a:0a:56:54:e5:7d:
         ae:b8:d3:3b:14:b8:23:25:b4:6c:84:fe:04:03:b2:0e:0c:a4:
         16:47:45:53:d0:a2:e7:53:47:6f:63:a4:7e:ae:c6:5f:03:db:
         24:a6:06:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt4oqKy3qlr/VldKkV/FpScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjYwMTAxMDgxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBlYWRkYmQxMjJkNzFhOTdlOWYwODkyNmZjY2Y4ZDVkMTA0MzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgMKZ1gC0JoOevp4fo325jIPk9dv
9nU6ihQvuShFE6+ZxsF8Tr7FLoovD3xAoDOsO6exez9IHMzVvgp5jQPQMgZlz9Y/
jiu/F0CdfsX6xdQCyUUOGsdaS7IhZP8steE9vvjkUTZ11K7hZC+EMJ5XZAFpCMzm
4o6SzSqkRgMWn/Aewy64hMKEJqKdA+cDvf0FemDAolGWL/jnIC+ZmWbovKFe29TS
+6VQJNSwWlpoJ7PYUulWRkIsHffYh8DPrjF+I/bPlHcqaebPHxFai3f0GEndsBop
7kN+X6p2UBUZ2tGu2ihaR7DbYinPSTMjYid1YZ2GK+zhN+kgB/Toa8Z2fwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBMOrdvRItcal+nwiSb8z41dEEMfMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL0V3NnQyOUVpMXhxWDZmQ0pKdnpQalYwUVF4OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPApjgw
DQYJKoZIhvcNAQELBQADggEBALciLI8j8kV7aiQ1dvyxVOM9ZvJD7K8wClHaAeQJ
EJ0Hc3o7nBLQYtsp7kelL8Cptm0LkDKUjWT+DPURsZff8CDPHr4nDbZRgTEwI88s
9k+89DVYpP7E31G0LTnjfsKAdxxyewe5W0a7ntpO9ECHkYSjx0vgfM7tqp54tYwv
LOIKAdIvKwnC0oAw1qK+/Y9bp4xaCw1FILnei6S9Z0NEkgyhzW6fUgGs4O7Cr+nu
/RhdznOiki58med0w2JPUzBVY6zKWDIELpHmD6H4BjBfTSGhzToKVlTlfa640zsU
uCMltGyE/gQDsg4MpBZHRVPQoudTR29jpH6uxl8D2ySmBqc=
-----END CERTIFICATE-----