This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/cHHYrdipeY5NlcG_Etj-ESKeV-E.roa
File:                     cHHYrdipeY5NlcG_Etj-ESKeV-E.roa (raw, json)
Hash identifier:          cMykkeb+MqrwdvTEyDZmptksYNLf1s6n3czlPS8jDMk=
Subject key identifier:   70:71:D8:AD:D8:A9:79:8E:4D:95:C1:BF:12:D8:FE:11:22:9E:57:E1
Certificate issuer:       /CN=ffa019a5c196bbd1cc17d1a8d36c4d657f3816a0
Certificate serial:       019B7EA7079AA443231BC293CF9F854618EB
Authority key identifier: FF:A0:19:A5:C1:96:BB:D1:CC:17:D1:A8:D3:6C:4D:65:7F:38:16:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6AZpcGWu9HMF9Go02xNZX84FqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/cHHYrdipeY5NlcG_Etj-ESKeV-E.roa
Signing time:             Fri 02 Jan 2026 12:20:34 +0000
ROA not before:           Fri 02 Jan 2026 12:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206980
IP address blocks:        193.32.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/_6AZpcGWu9HMF9Go02xNZX84FqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/_6AZpcGWu9HMF9Go02xNZX84FqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6AZpcGWu9HMF9Go02xNZX84FqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:07:9a:a4:43:23:1b:c2:93:cf:9f:85:46:18:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa019a5c196bbd1cc17d1a8d36c4d657f3816a0
        Validity
            Not Before: Jan  2 12:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7071d8add8a9798e4d95c1bf12d8fe11229e57e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:fe:cb:8d:48:ec:86:94:27:70:23:b9:80:
                    cf:90:cf:88:7d:96:9b:c8:eb:b5:c3:a9:d8:b8:53:
                    aa:28:a9:82:0b:1b:fb:b1:bf:fb:b5:05:c1:b0:87:
                    7b:7e:4f:72:40:01:c5:4b:fd:9b:ea:94:4b:4f:94:
                    0a:a4:77:89:f1:1e:02:60:51:49:f5:d0:22:13:83:
                    bd:3c:2d:a2:7f:72:c8:69:2b:c9:9c:8e:e0:a7:a0:
                    ac:18:b0:89:f2:87:c1:c5:e5:b4:73:b4:b5:89:29:
                    72:86:14:ef:f8:62:42:02:75:8b:7c:03:9b:1b:38:
                    f1:c4:22:7f:77:7d:30:49:5f:0e:d2:58:7f:0e:5c:
                    9f:dc:60:c3:c8:87:39:ab:16:ae:1f:ea:cb:1a:49:
                    a4:4c:13:c2:16:f5:08:f0:d8:28:0b:3a:54:6a:98:
                    b0:a2:27:89:27:ea:14:15:a6:35:7a:de:25:83:68:
                    3c:44:16:73:57:2e:5a:97:08:61:b8:73:bf:61:43:
                    f1:68:63:2e:87:53:08:e6:b3:dd:f0:b9:7d:6d:97:
                    d8:cc:f7:56:6f:af:14:0e:68:d6:7c:d3:44:8d:77:
                    e9:78:d6:43:71:bb:52:34:eb:4f:68:69:d2:4c:d3:
                    c1:be:7d:e5:85:7f:d7:af:1d:79:db:f7:f1:2c:c3:
                    74:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:71:D8:AD:D8:A9:79:8E:4D:95:C1:BF:12:D8:FE:11:22:9E:57:E1
            X509v3 Authority Key Identifier:
                keyid:FF:A0:19:A5:C1:96:BB:D1:CC:17:D1:A8:D3:6C:4D:65:7F:38:16:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6AZpcGWu9HMF9Go02xNZX84FqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/cHHYrdipeY5NlcG_Etj-ESKeV-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/c0905e-91bd-41b0-9d77-9e56f975d7e6/1/_6AZpcGWu9HMF9Go02xNZX84FqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:6c:39:ed:ba:35:e7:bb:6a:2d:29:f1:c5:45:d5:bf:d8:2e:
         55:84:9f:85:76:57:d7:da:d6:04:e0:65:fd:8d:7b:a1:5b:8d:
         6c:fe:dd:ca:9a:ad:45:92:aa:89:2d:2b:fa:77:0a:6c:4e:d7:
         c9:f9:20:cb:4d:3d:65:04:90:e2:13:22:44:d9:e6:20:2d:ec:
         ec:78:f0:21:eb:41:36:6f:d3:3d:2c:1f:19:da:28:50:f5:a6:
         f0:42:c9:87:02:72:2a:0c:e4:48:60:21:d1:22:f3:a0:1f:59:
         2a:7d:ba:33:c6:bb:d4:0c:cc:8a:af:44:9f:76:7d:fd:12:8b:
         43:3f:84:c4:7f:be:e9:f4:ad:ef:b2:fc:43:10:6e:37:e5:7d:
         d6:de:d6:25:5e:98:05:40:0d:40:66:a5:97:c0:4b:c5:d3:dc:
         90:99:b6:02:92:b1:dc:28:87:94:77:1d:41:3f:78:b6:8d:46:
         f1:09:cc:9f:8a:45:96:58:20:3a:9c:f2:f9:3a:75:b6:20:b0:
         5b:d1:b8:a2:a9:49:19:a8:9e:7d:72:ad:23:23:1c:be:22:ea:
         44:61:8c:ea:da:b5:27:bb:85:de:66:b0:73:b1:cc:33:9d:b3:
         6c:2e:69:ec:ce:e7:47:db:5e:a2:e9:b9:8e:7d:b2:6f:1e:68:
         84:85:0e:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pweapEMjG8KTz5+FRhjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTAxOWE1YzE5NmJiZDFjYzE3ZDFhOGQzNmM0ZDY1N2Yz
ODE2YTAwHhcNMjYwMTAyMTIyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDcxZDhhZGQ4YTk3OThlNGQ5NWMxYmYxMmQ4ZmUxMTIyOWU1N2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ/+y41I7IaUJ3AjuYDPkM+IfZab
yOu1w6nYuFOqKKmCCxv7sb/7tQXBsId7fk9yQAHFS/2b6pRLT5QKpHeJ8R4CYFFJ
9dAiE4O9PC2if3LIaSvJnI7gp6CsGLCJ8ofBxeW0c7S1iSlyhhTv+GJCAnWLfAOb
GzjxxCJ/d30wSV8O0lh/Dlyf3GDDyIc5qxauH+rLGkmkTBPCFvUI8NgoCzpUapiw
oieJJ+oUFaY1et4lg2g8RBZzVy5alwhhuHO/YUPxaGMuh1MI5rPd8Ll9bZfYzPdW
b68UDmjWfNNEjXfpeNZDcbtSNOtPaGnSTNPBvn3lhX/Xrx152/fxLMN0/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBx2K3YqXmOTZXBvxLY/hEinlfhMB8GA1UdIwQY
MBaAFP+gGaXBlrvRzBfRqNNsTWV/OBagMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZBWnBjR1d1OUhNRjlHbzAyeE5aWDg0RnFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9jMDkwNWUtOTFiZC00MWIwLTlkNzct
OWU1NmY5NzVkN2U2LzEvY0hIWXJkaXBlWTVObGNHX0V0ai1FU0tlVi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9jMDkwNWUtOTFiZC00MWIwLTlkNzctOWU1NmY5NzVkN2U2
LzEvXzZBWnBjR1d1OUhNRjlHbzAyeE5aWDg0RnFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSByMA0G
CSqGSIb3DQEBCwUAA4IBAQBPbDntujXnu2otKfHFRdW/2C5VhJ+FdlfX2tYE4GX9
jXuhW41s/t3Kmq1FkqqJLSv6dwpsTtfJ+SDLTT1lBJDiEyJE2eYgLezsePAh60E2
b9M9LB8Z2ihQ9abwQsmHAnIqDORIYCHRIvOgH1kqfbozxrvUDMyKr0Sfdn39EotD
P4TEf77p9K3vsvxDEG435X3W3tYlXpgFQA1AZqWXwEvF09yQmbYCkrHcKIeUdx1B
P3i2jUbxCcyfikWWWCA6nPL5OnW2ILBb0biiqUkZqJ59cq0jIxy+IupEYYzq2rUn
u4XeZrBzscwznbNsLmnszudH216i6bmOfbJvHmiEhQ6s
-----END CERTIFICATE-----