This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ctbsw4D6oWX-An4odqL9ZPDxCow.roa
File:                     ctbsw4D6oWX-An4odqL9ZPDxCow.roa (raw, json)
Hash identifier:          EK7BVitWZylgQlJDsbGdNmIJWOPX1XIbssYMftGa4LM=
Subject key identifier:   72:D6:EC:C3:80:FA:A1:65:FE:02:7E:28:76:A2:FD:64:F0:F1:0A:8C
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019B791037576D01B9428E1A90ADF33E6A31
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ctbsw4D6oWX-An4odqL9ZPDxCow.roa
Signing time:             Thu 01 Jan 2026 10:17:44 +0000
ROA not before:           Thu 01 Jan 2026 10:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        213.182.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:37:57:6d:01:b9:42:8e:1a:90:ad:f3:3e:6a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  1 10:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72d6ecc380faa165fe027e2876a2fd64f0f10a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:86:88:b9:75:b7:09:89:39:3f:18:07:e8:a8:
                    6f:e5:a7:4d:93:a4:0e:3e:73:bd:f1:aa:48:0f:89:
                    ca:7c:7a:e9:77:1b:47:5f:5d:2e:d5:80:fb:ee:a3:
                    5e:ad:76:d3:85:b9:44:23:ea:0c:ad:1e:9d:d4:31:
                    38:60:ad:dd:44:c0:c9:75:8c:97:db:14:ba:1f:61:
                    90:66:05:72:30:00:e1:12:01:56:3a:42:9c:e5:e8:
                    50:aa:30:18:9d:68:4b:a0:95:d4:c5:d5:eb:6e:f1:
                    f8:54:32:7c:df:78:62:4a:5d:aa:84:43:db:ee:70:
                    ab:e8:5f:ba:ed:94:88:cd:09:40:0b:34:7d:b3:55:
                    06:62:8a:2b:72:c5:e2:72:2d:00:71:e4:88:d7:e0:
                    12:e0:b8:dd:83:57:29:7b:bf:08:71:77:29:26:e2:
                    9d:c2:dd:f3:74:e8:a2:e6:31:e3:44:93:91:24:5c:
                    43:b5:4d:bc:08:8d:f7:1f:87:3c:97:f1:21:48:90:
                    8d:ac:8c:5d:96:5f:26:d2:cc:56:f0:77:4e:13:6d:
                    f5:7a:25:77:2c:d4:5d:98:5b:8f:0e:47:ff:3a:76:
                    51:db:3d:5d:52:8f:14:40:39:55:a6:68:27:6a:21:
                    ea:e6:08:20:2e:77:c2:f4:82:b8:b0:be:16:74:ac:
                    10:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D6:EC:C3:80:FA:A1:65:FE:02:7E:28:76:A2:FD:64:F0:F1:0A:8C
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ctbsw4D6oWX-An4odqL9ZPDxCow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:5f:e6:9a:2b:61:c4:35:ac:8e:2e:ed:b8:87:e3:6f:f6:07:
         e1:92:b4:f0:d1:f1:78:24:50:b1:b5:5f:77:76:44:6a:65:6b:
         86:ad:ec:93:c3:48:99:2e:d1:e7:c6:a3:98:a2:da:a1:f3:3c:
         52:da:4c:9b:f2:7a:19:5c:5b:60:6b:04:08:74:0a:77:b6:45:
         d5:a0:22:02:2e:56:b2:1b:72:4c:ff:02:42:b4:ba:1a:02:38:
         d3:ce:67:11:17:ac:1d:60:57:55:67:20:e5:8c:9b:94:96:13:
         9d:7a:f8:4e:33:8c:b9:3d:09:1a:a9:bc:3e:64:af:2c:38:b5:
         a6:20:7c:bd:5b:21:f3:a2:e9:d0:e7:01:93:97:2b:ee:ed:a5:
         fb:40:1a:39:37:f1:23:6e:76:78:01:b4:fb:91:cd:2f:20:0e:
         99:a1:0a:5b:a4:56:80:22:c0:1a:11:28:7e:db:3b:14:fe:b1:
         8a:91:14:92:f2:f3:b4:46:ed:93:e4:81:12:e1:6f:1b:39:cb:
         5c:03:94:ff:54:51:4c:84:41:1d:49:f4:f5:98:c3:06:3e:4a:
         32:3a:3e:47:7b:57:50:be:96:47:30:53:d8:c1:ab:9e:64:fe:
         0a:a9:19:85:c2:59:8b:a1:f5:9c:10:2f:fa:78:f0:48:d8:4c:
         c0:d4:68:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EDdXbQG5Qo4akK3zPmoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwMTAxMTAxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQ2ZWNjMzgwZmFhMTY1ZmUwMjdlMjg3NmEyZmQ2NGYwZjEwYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4aIuXW3CYk5PxgH6Khv5adNk6QO
PnO98apID4nKfHrpdxtHX10u1YD77qNerXbThblEI+oMrR6d1DE4YK3dRMDJdYyX
2xS6H2GQZgVyMADhEgFWOkKc5ehQqjAYnWhLoJXUxdXrbvH4VDJ833hiSl2qhEPb
7nCr6F+67ZSIzQlACzR9s1UGYoorcsXici0AceSI1+AS4Ljdg1cpe78IcXcpJuKd
wt3zdOii5jHjRJORJFxDtU28CI33H4c8l/EhSJCNrIxdll8m0sxW8HdOE231eiV3
LNRdmFuPDkf/OnZR2z1dUo8UQDlVpmgnaiHq5gggLnfC9IK4sL4WdKwQgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLW7MOA+qFl/gJ+KHai/WTw8QqMMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvY3Ric3c0RDZvV1gtQW40b2RxTDlaUER4Q293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbbMA0G
CSqGSIb3DQEBCwUAA4IBAQBaX+aaK2HENayOLu24h+Nv9gfhkrTw0fF4JFCxtV93
dkRqZWuGreyTw0iZLtHnxqOYotqh8zxS2kyb8noZXFtgawQIdAp3tkXVoCICLlay
G3JM/wJCtLoaAjjTzmcRF6wdYFdVZyDljJuUlhOdevhOM4y5PQkaqbw+ZK8sOLWm
IHy9WyHzounQ5wGTlyvu7aX7QBo5N/EjbnZ4AbT7kc0vIA6ZoQpbpFaAIsAaESh+
2zsU/rGKkRSS8vO0Ru2T5IES4W8bOctcA5T/VFFMhEEdSfT1mMMGPkoyOj5He1dQ
vpZHMFPYwaueZP4KqRmFwlmLofWcEC/6ePBI2EzA1Ghr
-----END CERTIFICATE-----