This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/tReXn8Dciv9ZrketnGB4KOJBScs.roa
File:                     tReXn8Dciv9ZrketnGB4KOJBScs.roa (raw, json)
Hash identifier:          buhjAgY3VULRuE7YA380tj4KDs2mLiIUMIoSaUHUGwA=
Subject key identifier:   B5:17:97:9F:C0:DC:8A:FF:59:AE:47:AD:9C:60:78:28:E2:41:49:CB
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B775953B3E225258578A5F5DC865CE0AA
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/tReXn8Dciv9ZrketnGB4KOJBScs.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49948
IP address blocks:        86.104.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:53:b3:e2:25:25:85:78:a5:f5:dc:86:5c:e0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b517979fc0dc8aff59ae47ad9c607828e24149cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:33:1a:c5:b5:98:95:ae:85:c2:44:b7:aa:4b:
                    60:d6:4f:5e:05:17:58:5a:44:51:61:3d:85:8b:b8:
                    be:8f:2f:07:27:b4:78:00:bb:82:d5:96:c0:05:69:
                    4a:28:9c:5f:43:56:0a:ce:41:5b:f0:65:fa:72:f6:
                    c3:46:8a:da:5d:bb:cc:37:d7:dc:8d:f6:4b:60:57:
                    a8:36:76:5a:88:0a:cb:52:5a:8f:2c:76:17:f2:a7:
                    2b:b4:0c:1a:a8:00:03:db:a7:4b:e7:b7:8f:e8:8f:
                    59:0f:33:d2:7e:17:a7:ac:8c:2c:af:7c:ea:61:7e:
                    50:41:99:e8:2a:f1:84:9e:eb:05:0c:d7:69:8b:b9:
                    cf:86:19:60:1b:a4:67:6e:d0:47:0b:8c:c2:a3:72:
                    1c:d2:21:d8:3a:59:4c:7b:00:f3:cf:27:48:69:a9:
                    4d:28:7f:9b:2d:bd:c9:cb:dd:b5:a5:a9:cf:eb:fd:
                    aa:aa:48:fe:6c:53:31:08:b9:6f:28:be:ea:d1:2c:
                    5c:73:c7:5c:82:2b:e8:60:63:84:d4:e8:5a:79:b7:
                    08:e7:d7:c2:10:37:e0:e5:a1:23:f8:c4:9e:f1:fc:
                    06:9a:c3:ba:35:0f:d7:a9:3a:8d:df:1b:e3:74:02:
                    39:ba:f4:4e:e2:5f:a6:d0:46:c6:c0:61:ba:1d:49:
                    92:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:17:97:9F:C0:DC:8A:FF:59:AE:47:AD:9C:60:78:28:E2:41:49:CB
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/tReXn8Dciv9ZrketnGB4KOJBScs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ca:1b:17:89:3b:b4:0a:6d:58:6b:32:89:c0:b1:70:9a:16:
         0a:5e:88:51:33:05:a6:20:4f:ad:53:1f:ee:f4:7e:e1:a6:6d:
         70:a4:98:c1:ea:34:d1:41:b1:43:4e:c8:67:36:c5:6f:4b:a4:
         85:3d:af:3c:dd:51:66:9d:35:01:57:5b:35:0e:17:e1:02:40:
         aa:09:65:d7:54:7c:b5:59:27:d7:5e:77:b8:fd:13:ca:31:4e:
         a3:6f:2d:8a:05:9b:75:d5:5b:0a:fc:f2:31:08:75:12:fe:cf:
         f1:7e:7a:dd:79:c6:ab:b7:fc:55:94:06:25:cb:cb:11:54:5f:
         00:e8:64:0c:d8:af:fb:a2:ca:7f:c1:08:a4:7d:0d:7d:6a:b9:
         7c:5b:e8:36:10:4a:8d:38:be:b0:27:8b:bd:1d:4b:76:44:3f:
         c7:26:2f:1a:28:f7:a6:77:11:c9:ad:92:20:35:76:67:00:d5:
         da:43:5c:7a:b7:9f:bf:1b:48:50:55:c3:47:f6:43:c6:bb:3f:
         30:2b:79:f4:44:fb:1d:0b:9f:44:1f:a2:30:17:aa:60:bf:43:
         5a:58:9b:62:9f:a8:a1:e2:b8:10:a3:d1:6a:17:47:ff:38:9b:
         3f:17:0b:9b:e0:c2:5d:4c:79:55:32:45:f7:0e:0a:96:52:5d:
         3b:0b:e9:9f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WVOz4iUlhXil9dyGXOCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE3OTc5ZmMwZGM4YWZmNTlhZTQ3YWQ5YzYwNzgyOGUyNDE0OWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDMaxbWYla6FwkS3qktg1k9eBRdY
WkRRYT2Fi7i+jy8HJ7R4ALuC1ZbABWlKKJxfQ1YKzkFb8GX6cvbDRoraXbvMN9fc
jfZLYFeoNnZaiArLUlqPLHYX8qcrtAwaqAAD26dL57eP6I9ZDzPSfhenrIwsr3zq
YX5QQZnoKvGEnusFDNdpi7nPhhlgG6RnbtBHC4zCo3Ic0iHYOllMewDzzydIaalN
KH+bLb3Jy921panP6/2qqkj+bFMxCLlvKL7q0Sxcc8dcgivoYGOE1OhaebcI59fC
EDfg5aEj+MSe8fwGmsO6NQ/XqTqN3xvjdAI5uvRO4l+m0EbGwGG6HUmS1QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLUXl5/A3Ir/Wa5HrZxgeCjiQUnLMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3RSZVhuOERjaXY5WnJrZXRuR0I0S09KQlNjcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWaOYw
DQYJKoZIhvcNAQELBQADggEBAEPKGxeJO7QKbVhrMonAsXCaFgpeiFEzBaYgT61T
H+70fuGmbXCkmMHqNNFBsUNOyGc2xW9LpIU9rzzdUWadNQFXWzUOF+ECQKoJZddU
fLVZJ9ded7j9E8oxTqNvLYoFm3XVWwr88jEIdRL+z/F+et15xqu3/FWUBiXLyxFU
XwDoZAzYr/uiyn/BCKR9DX1quXxb6DYQSo04vrAni70dS3ZEP8cmLxoo96Z3Ecmt
kiA1dmcA1dpDXHq3n78bSFBVw0f2Q8a7PzArefRE+x0Ln0QfojAXqmC/Q1pYm2Kf
qKHiuBCj0WoXR/84mz8XC5vgwl1MeVUyRfcOCpZSXTsL6Z8=
-----END CERTIFICATE-----