This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/A2ISr3AhA_OLuE4vCaltguerrGk.roa
File:                     A2ISr3AhA_OLuE4vCaltguerrGk.roa (raw, json)
Hash identifier:          XVo2mBP5vj7zEOjBJU4fz3hD0zF9gjIIidmQOyfmPm8=
Subject key identifier:   03:62:12:AF:70:21:03:F3:8B:B8:4E:2F:09:A9:6D:82:E7:AB:AC:69
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019B7E37237EE359E6D8BA9F4DF4C9201F42
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/A2ISr3AhA_OLuE4vCaltguerrGk.roa
Signing time:             Fri 02 Jan 2026 10:18:21 +0000
ROA not before:           Fri 02 Jan 2026 10:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210342
IP address blocks:        79.133.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:23:7e:e3:59:e6:d8:ba:9f:4d:f4:c9:20:1f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  2 10:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=036212af702103f38bb84e2f09a96d82e7abac69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:28:94:55:5c:b7:7f:36:3a:1c:7a:7a:18:df:
                    9e:54:b9:1e:ec:03:38:4a:c2:d3:da:ff:83:a4:ed:
                    dc:78:40:ee:29:05:16:91:95:6c:f5:d3:b9:76:01:
                    7b:ec:df:7f:00:64:0a:36:24:4a:02:d4:1e:6e:4d:
                    c7:36:bc:be:b4:81:ec:c0:eb:80:a2:97:39:ef:2b:
                    ca:0f:d3:f2:19:ea:11:1c:99:1f:45:c8:95:d4:21:
                    e9:e5:74:32:0f:81:9c:aa:30:af:0a:04:f6:9f:f3:
                    08:d9:37:19:8e:0b:d5:09:1c:c4:f2:53:b4:c3:4c:
                    bf:bb:5b:d4:56:62:44:ea:47:1a:fa:62:5d:d0:a2:
                    64:07:e5:cf:f4:84:23:9b:93:59:db:e9:40:41:b1:
                    71:4f:95:29:ec:2a:08:59:3c:0c:36:36:3d:48:f3:
                    d5:d4:86:2c:5a:3b:93:85:3a:4e:38:ad:7d:1d:eb:
                    42:36:6f:7f:ea:c7:7b:50:fd:52:90:d2:5c:cf:e4:
                    65:ff:d0:08:48:93:5f:8a:d0:ed:4f:8c:60:ae:2f:
                    8f:27:65:a3:42:04:2a:84:46:75:03:18:dd:8c:ee:
                    22:a6:c2:e2:93:c5:e9:6f:52:e6:c2:fc:a4:51:c0:
                    0d:04:11:b2:6e:31:8c:f6:6d:14:1e:7d:be:8a:0b:
                    6b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:62:12:AF:70:21:03:F3:8B:B8:4E:2F:09:A9:6D:82:E7:AB:AC:69
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/A2ISr3AhA_OLuE4vCaltguerrGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:51:20:4a:38:0e:6b:f3:ec:06:95:e4:2b:db:86:c0:1a:27:
         0b:3e:62:ba:bd:82:39:03:c6:53:bc:39:11:61:77:63:23:2e:
         61:e6:03:87:11:6c:b4:7f:f2:d6:2a:22:bb:92:77:ca:64:39:
         e7:a6:d5:35:2b:1d:c4:0a:90:f6:0b:54:ab:08:8c:e7:72:d6:
         c8:a8:55:a5:60:22:29:e4:f6:3b:57:79:d6:90:9d:fe:53:d3:
         a7:b4:db:27:2e:5d:a8:1d:f6:58:3e:8d:fc:f8:cf:62:66:ea:
         4a:e9:81:30:a1:80:89:56:94:3a:64:cc:a6:19:53:da:f5:ac:
         ca:b9:95:0d:0e:e0:14:fb:36:18:d1:56:99:ff:54:f0:3d:ac:
         df:d6:aa:92:75:b5:0c:1c:47:f5:fc:54:ec:07:3a:58:6a:e4:
         a0:e9:91:c8:bb:fa:7f:fb:14:a5:1f:d0:45:5a:78:60:6c:b1:
         03:3c:84:7f:67:03:34:2e:21:02:b8:21:93:b3:62:ed:69:db:
         d1:7c:b7:7a:f9:68:0d:09:95:31:cb:48:61:a5:18:92:33:6b:
         fb:e2:74:08:97:b6:7d:1a:fe:21:9f:9b:40:fd:c4:e6:a0:6b:
         bd:99:ac:4c:e2:74:db:56:28:6f:d7:cc:82:39:64:25:6a:7a:
         12:14:8f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+NyN+41nm2LqfTfTJIB9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjYwMTAyMTAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzYyMTJhZjcwMjEwM2YzOGJiODRlMmYwOWE5NmQ4MmU3YWJhYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiiUVVy3fzY6HHp6GN+eVLke7AM4
SsLT2v+DpO3ceEDuKQUWkZVs9dO5dgF77N9/AGQKNiRKAtQebk3HNry+tIHswOuA
opc57yvKD9PyGeoRHJkfRciV1CHp5XQyD4GcqjCvCgT2n/MI2TcZjgvVCRzE8lO0
w0y/u1vUVmJE6kca+mJd0KJkB+XP9IQjm5NZ2+lAQbFxT5Up7CoIWTwMNjY9SPPV
1IYsWjuThTpOOK19HetCNm9/6sd7UP1SkNJcz+Rl/9AISJNfitDtT4xgri+PJ2Wj
QgQqhEZ1AxjdjO4ipsLik8Xpb1LmwvykUcANBBGybjGM9m0UHn2+igtrYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANiEq9wIQPzi7hOLwmpbYLnq6xpMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvQTJJU3IzQWhBX09MdUU0dkNhbHRndWVyckdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VjMA0G
CSqGSIb3DQEBCwUAA4IBAQCmUSBKOA5r8+wGleQr24bAGicLPmK6vYI5A8ZTvDkR
YXdjIy5h5gOHEWy0f/LWKiK7knfKZDnnptU1Kx3ECpD2C1SrCIznctbIqFWlYCIp
5PY7V3nWkJ3+U9OntNsnLl2oHfZYPo38+M9iZupK6YEwoYCJVpQ6ZMymGVPa9azK
uZUNDuAU+zYY0VaZ/1TwPazf1qqSdbUMHEf1/FTsBzpYauSg6ZHIu/p/+xSlH9BF
WnhgbLEDPIR/ZwM0LiECuCGTs2LtadvRfLd6+WgNCZUxy0hhpRiSM2v74nQIl7Z9
Gv4hn5tA/cTmoGu9maxM4nTbVihv18yCOWQlanoSFI90
-----END CERTIFICATE-----