This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/D4tyxDwHbBDY6loeNMrI_qWSNIE.roa
File:                     D4tyxDwHbBDY6loeNMrI_qWSNIE.roa (raw, json)
Hash identifier:          VUYKqJjCtizhOmCO0vEKUF1mkjsOrBaXggAOIPV76PI=
Subject key identifier:   0F:8B:72:C4:3C:07:6C:10:D8:EA:5A:1E:34:CA:C8:FE:A5:92:34:81
Certificate issuer:       /CN=ca3bca8764946932ba2da8bdb7d13cd86895af69
Certificate serial:       019B7AC77F325853C4D963F1055D421DB4AD
Authority key identifier: CA:3B:CA:87:64:94:69:32:BA:2D:A8:BD:B7:D1:3C:D8:68:95:AF:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/D4tyxDwHbBDY6loeNMrI_qWSNIE.roa
Signing time:             Thu 01 Jan 2026 18:17:32 +0000
ROA not before:           Thu 01 Jan 2026 18:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1103
IP address blocks:        132.229.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:7f:32:58:53:c4:d9:63:f1:05:5d:42:1d:b4:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3bca8764946932ba2da8bdb7d13cd86895af69
        Validity
            Not Before: Jan  1 18:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f8b72c43c076c10d8ea5a1e34cac8fea5923481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1b:e6:fa:d2:7d:05:e6:f8:e0:16:2f:c0:8c:
                    21:5f:3f:c0:2b:eb:0b:d3:14:c4:61:b4:fa:07:75:
                    34:fd:90:4e:6e:95:59:2a:41:59:e7:5f:56:df:9a:
                    1c:b2:b4:7f:32:74:8e:75:82:30:87:49:40:f8:01:
                    c9:77:e8:52:7e:7e:f4:60:6c:90:e0:94:e9:17:c4:
                    09:3c:ea:f8:45:f6:84:a2:fc:f8:76:ce:74:d5:7b:
                    27:98:7c:96:fc:60:ee:37:79:69:0e:ff:6d:1c:6f:
                    74:3d:d8:02:8f:f9:16:03:a5:07:e4:de:43:e3:d0:
                    11:f3:64:7d:fd:8e:a4:c4:4d:3e:1d:c9:52:e4:49:
                    79:db:ae:ec:c5:d6:c8:b0:8f:1b:a4:48:10:b5:c1:
                    ec:66:b5:8b:cb:98:38:f6:82:5e:5b:53:6f:a0:23:
                    99:4b:35:63:d0:c9:3a:a8:90:91:fd:13:2f:0e:3f:
                    ff:ab:0c:79:1e:d3:53:d5:a5:8b:c2:9d:ae:ae:62:
                    71:0d:95:76:41:b8:27:f3:db:1c:6f:d5:da:67:7b:
                    15:e3:fb:5c:36:4d:ac:2f:75:f9:c7:29:9d:05:4d:
                    51:1b:74:9b:b0:d9:e6:ce:e8:d9:1d:9a:08:54:84:
                    e4:ca:0f:98:08:10:3d:e4:7e:91:93:e0:53:6e:72:
                    28:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8B:72:C4:3C:07:6C:10:D8:EA:5A:1E:34:CA:C8:FE:A5:92:34:81
            X509v3 Authority Key Identifier:
                keyid:CA:3B:CA:87:64:94:69:32:BA:2D:A8:BD:B7:D1:3C:D8:68:95:AF:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjvKh2SUaTK6Lai9t9E82GiVr2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/D4tyxDwHbBDY6loeNMrI_qWSNIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4e0f2f-40b7-44d9-9fa0-012ddeadf75e/1/yjvKh2SUaTK6Lai9t9E82GiVr2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7a:c6:7a:a3:2d:fc:72:61:e7:14:2e:18:d4:20:87:75:55:da:
         3d:c3:0e:48:e2:28:88:24:e8:67:47:1d:14:de:47:7c:a8:2a:
         d1:61:41:9d:73:20:35:7f:0e:09:b7:a2:5b:09:57:a9:30:60:
         da:a4:10:ef:ce:cc:e9:67:66:f8:47:49:7a:cb:7f:89:a2:eb:
         06:14:67:8c:39:5a:8e:43:42:2e:7b:f9:08:e3:7a:f4:10:1a:
         e2:3a:03:b9:13:1e:a5:76:5e:54:bc:6c:14:6b:02:80:e8:fb:
         e7:3f:bd:be:9c:42:cf:3b:cf:10:67:f7:51:f5:b8:a7:b4:d5:
         a8:bb:f8:8e:cc:7f:8d:f8:41:ef:e0:07:e1:84:98:64:be:56:
         77:13:0c:0f:ff:9e:d0:e4:7f:42:ab:4a:5a:e7:53:4f:9c:5c:
         52:a2:c9:6f:72:1b:a2:ee:5f:aa:ed:5b:22:f1:ee:cd:27:dd:
         2f:4b:13:a1:09:f2:d6:f1:95:ed:d8:49:27:7e:1d:e0:71:21:
         60:aa:54:cc:9a:11:e2:8b:2b:c8:aa:6d:17:94:ca:ea:8f:0e:
         ec:8c:de:46:b1:1c:43:3e:76:e5:a0:49:76:3d:15:2c:68:cc:
         42:4f:bd:4a:81:75:a3:25:fa:02:07:33:58:51:69:1d:91:6d:
         09:16:2e:69
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6x38yWFPE2WPxBV1CHbStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2JjYTg3NjQ5NDY5MzJiYTJkYThiZGI3ZDEzY2Q4Njg5
NWFmNjkwHhcNMjYwMTAxMTgxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhiNzJjNDNjMDc2YzEwZDhlYTVhMWUzNGNhYzhmZWE1OTIzNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhvm+tJ9Beb44BYvwIwhXz/AK+sL
0xTEYbT6B3U0/ZBObpVZKkFZ519W35ocsrR/MnSOdYIwh0lA+AHJd+hSfn70YGyQ
4JTpF8QJPOr4RfaEovz4ds501XsnmHyW/GDuN3lpDv9tHG90PdgCj/kWA6UH5N5D
49AR82R9/Y6kxE0+HclS5El5267sxdbIsI8bpEgQtcHsZrWLy5g49oJeW1NvoCOZ
SzVj0Mk6qJCR/RMvDj//qwx5HtNT1aWLwp2urmJxDZV2Qbgn89scb9XaZ3sV4/tc
Nk2sL3X5xymdBU1RG3SbsNnmzujZHZoIVITkyg+YCBA95H6Rk+BTbnIo1wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFA+LcsQ8B2wQ2OpaHjTKyP6lkjSBMB8GA1UdIwQY
MBaAFMo7yodklGkyui2ovbfRPNhola9pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp2S2gyU1VhVEs2TGFpOXQ5RTgyR2lWcjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80ZTBmMmYtNDBiNy00NGQ5LTlmYTAt
MDEyZGRlYWRmNzVlLzEvRDR0eXhEd0hiQkRZNmxvZU5NcklfcVdTTklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80ZTBmMmYtNDBiNy00NGQ5LTlmYTAtMDEyZGRlYWRmNzVl
LzEveWp2S2gyU1VhVEs2TGFpOXQ5RTgyR2lWcjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhOUwDQYJ
KoZIhvcNAQELBQADggEBAHrGeqMt/HJh5xQuGNQgh3VV2j3DDkjiKIgk6GdHHRTe
R3yoKtFhQZ1zIDV/Dgm3olsJV6kwYNqkEO/OzOlnZvhHSXrLf4mi6wYUZ4w5Wo5D
Qi57+QjjevQQGuI6A7kTHqV2XlS8bBRrAoDo++c/vb6cQs87zxBn91H1uKe01ai7
+I7Mf434Qe/gB+GEmGS+VncTDA//ntDkf0KrSlrnU0+cXFKiyW9yG6LuX6rtWyLx
7s0n3S9LE6EJ8tbxle3YSSd+HeBxIWCqVMyaEeKLK8iqbReUyuqPDuyM3kaxHEM+
duWgSXY9FSxozEJPvUqBdaMl+gIHM1hRaR2RbQkWLmk=
-----END CERTIFICATE-----