This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dRTBlTUQGRhF84ZUflUCu17-jRU.roa
File:                     dRTBlTUQGRhF84ZUflUCu17-jRU.roa (raw, json)
Hash identifier:          x2WcCdAZjQfycubXSdj81t/ffAoXTBGRFPFATJqOC+w=
Subject key identifier:   75:14:C1:95:35:10:19:18:45:F3:86:54:7E:55:02:BB:5E:FE:8D:15
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       019B7AC7E269968C9127C811F18DB958D8EE
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dRTBlTUQGRhF84ZUflUCu17-jRU.roa
Signing time:             Thu 01 Jan 2026 18:17:58 +0000
ROA not before:           Thu 01 Jan 2026 18:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     702
IP address blocks:        145.4.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:e2:69:96:8c:91:27:c8:11:f1:8d:b9:58:d8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 18:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7514c1953510191845f386547e5502bb5efe8d15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:e1:b5:ef:91:41:7e:63:9b:6f:0c:a1:72:
                    e3:4f:a5:98:12:58:0a:6d:70:64:13:b0:2d:d0:36:
                    ea:0c:bd:0e:24:ca:54:f5:db:bb:a9:c3:d0:34:ad:
                    c2:2d:e3:4e:a9:16:24:01:d3:d9:af:b9:96:bd:05:
                    a0:f4:d6:03:4d:ca:a7:9a:79:a8:56:69:16:0c:a1:
                    68:a6:17:c5:82:14:1a:4d:8b:e0:0c:02:0e:6e:30:
                    0e:3c:73:cb:41:e3:a4:59:1b:de:31:2c:bb:35:0c:
                    9d:fc:35:8e:6e:d4:4b:91:b0:35:93:8a:47:70:c4:
                    1a:68:c3:e5:51:70:40:10:49:01:1f:e8:7e:65:6d:
                    61:82:e2:fc:ad:93:e1:63:47:3a:67:43:f2:e5:1e:
                    0f:6b:31:13:d8:2d:8b:6b:61:3d:c1:0e:63:ad:8f:
                    9d:53:76:cd:b7:37:52:0c:e3:06:cc:cc:b6:52:59:
                    68:f2:d7:73:5c:c8:72:07:04:eb:c3:ef:79:90:10:
                    6d:dd:56:d8:85:9f:5a:df:ff:20:49:78:77:f8:68:
                    b2:96:a1:f7:8f:2f:94:4c:0a:fd:d9:4d:ce:13:70:
                    5b:a0:ca:92:9a:64:4c:93:aa:9a:69:f1:93:6e:ea:
                    67:e9:11:13:f1:7b:18:78:17:0f:3c:72:c9:1b:40:
                    a9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:14:C1:95:35:10:19:18:45:F3:86:54:7E:55:02:BB:5E:FE:8D:15
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dRTBlTUQGRhF84ZUflUCu17-jRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7c:c9:f4:6b:21:dc:41:9e:f9:aa:4c:73:f6:77:9f:22:61:89:
         79:65:3b:4c:db:cb:6e:79:e1:8f:5e:d8:62:49:d6:79:70:fd:
         17:5b:aa:83:f7:5f:c4:04:01:2f:a9:3e:00:d8:bc:ba:79:16:
         6c:0e:1f:01:65:5f:de:1f:4c:62:df:4f:65:fc:45:7e:75:ea:
         18:7c:28:92:f8:36:2f:be:ca:dd:2b:22:76:04:f2:c2:c4:7f:
         b6:6f:fe:73:2b:66:de:81:06:39:bb:6e:aa:0a:67:ed:4f:c6:
         76:06:a9:6b:bb:71:bb:30:db:ba:f1:35:6b:c1:b5:17:60:01:
         48:b8:78:f4:33:5b:66:8e:e3:29:69:95:c8:60:e8:fe:9a:de:
         0b:88:e4:55:ff:99:32:ad:a4:2a:52:d0:16:fe:31:87:b0:da:
         ff:01:21:cd:9a:1e:6f:c1:b8:1d:df:23:e4:a1:8b:65:3a:ad:
         f4:bf:ad:c3:c0:c2:fb:9a:88:b1:b7:03:62:fd:72:db:48:35:
         fe:06:34:e6:2f:f3:7a:91:6f:b8:02:e0:7c:02:a3:98:dc:53:
         29:97:32:d8:99:9a:e4:c4:84:00:33:41:89:15:d8:7e:32:7c:
         67:05:85:6e:58:93:16:8d:42:2d:66:b0:43:8a:e0:c1:a6:b5:
         7e:ee:0c:f6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6x+JployRJ8gR8Y25WNjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjYwMTAxMTgxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE0YzE5NTM1MTAxOTE4NDVmMzg2NTQ3ZTU1MDJiYjVlZmU4ZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstfhte+RQX5jm28MoXLjT6WYElgK
bXBkE7At0DbqDL0OJMpU9du7qcPQNK3CLeNOqRYkAdPZr7mWvQWg9NYDTcqnmnmo
VmkWDKFophfFghQaTYvgDAIObjAOPHPLQeOkWRveMSy7NQyd/DWObtRLkbA1k4pH
cMQaaMPlUXBAEEkBH+h+ZW1hguL8rZPhY0c6Z0Py5R4PazET2C2La2E9wQ5jrY+d
U3bNtzdSDOMGzMy2Ullo8tdzXMhyBwTrw+95kBBt3VbYhZ9a3/8gSXh3+GiylqH3
jy+UTAr92U3OE3BboMqSmmRMk6qaafGTbupn6RET8XsYeBcPPHLJG0Cp3wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHUUwZU1EBkYRfOGVH5VArte/o0VMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvZFJUQmxUVVFHUmhGODRaVWZsVUN1MTctalJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkQQwDQYJ
KoZIhvcNAQELBQADggEBAHzJ9Gsh3EGe+apMc/Z3nyJhiXllO0zby2554Y9e2GJJ
1nlw/RdbqoP3X8QEAS+pPgDYvLp5FmwOHwFlX94fTGLfT2X8RX516hh8KJL4Ni++
yt0rInYE8sLEf7Zv/nMrZt6BBjm7bqoKZ+1PxnYGqWu7cbsw27rxNWvBtRdgAUi4
ePQzW2aO4ylplchg6P6a3guI5FX/mTKtpCpS0Bb+MYew2v8BIc2aHm/BuB3fI+Sh
i2U6rfS/rcPAwvuaiLG3A2L9cttINf4GNOYv83qRb7gC4HwCo5jcUymXMtiZmuTE
hAAzQYkV2H4yfGcFhW5YkxaNQi1msEOK4MGmtX7uDPY=
-----END CERTIFICATE-----