This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/Wn-ZLE8xGx2iUZq_8EgFIe3BY1M.roa
File:                     Wn-ZLE8xGx2iUZq_8EgFIe3BY1M.roa (raw, json)
Hash identifier:          SwGxPAdfidv7O5nNS+nKj4I72Qs5sJPeTh9qbwfsZWo=
Subject key identifier:   5A:7F:99:2C:4F:31:1B:1D:A2:51:9A:BF:F0:48:05:21:ED:C1:63:53
Certificate issuer:       /CN=3d8a553e05f0319bf452fa206c14ccda87304654
Certificate serial:       019B77C71FCB199738555598170D02F1D20C
Authority key identifier: 3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/Wn-ZLE8xGx2iUZq_8EgFIe3BY1M.roa
Signing time:             Thu 01 Jan 2026 04:18:17 +0000
ROA not before:           Thu 01 Jan 2026 04:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43324
IP address blocks:        94.158.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:1f:cb:19:97:38:55:55:98:17:0d:02:f1:d2:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8a553e05f0319bf452fa206c14ccda87304654
        Validity
            Not Before: Jan  1 04:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a7f992c4f311b1da2519abff0480521edc16353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:fc:04:73:fc:ef:05:75:a5:11:0a:30:dc:
                    64:ba:17:1f:71:45:72:0c:f0:b4:9b:d5:43:9c:e2:
                    0f:28:72:c8:89:06:f7:fc:5e:21:dd:0a:9f:45:4a:
                    08:0e:7c:f1:d8:dd:22:d7:1b:ed:f4:39:80:01:f7:
                    95:91:89:1a:95:52:79:ee:f3:98:08:b1:3e:0a:1a:
                    74:a1:2c:88:a2:bb:18:ba:f3:87:30:97:20:51:b8:
                    cc:83:be:21:f1:63:3a:4c:da:88:38:8e:44:5e:6c:
                    ca:a2:08:57:9d:24:23:f7:a8:ca:ff:17:7f:fd:53:
                    9e:0d:dd:91:ef:7c:b0:d1:77:90:db:77:5d:f5:99:
                    43:49:9d:0e:e8:12:da:12:fd:33:1e:a3:28:f4:17:
                    77:02:07:20:22:60:13:d1:36:36:df:8e:cd:3d:32:
                    62:64:1a:86:15:6c:a2:3f:93:1f:52:aa:c4:b0:6a:
                    50:58:e2:93:36:04:dd:b5:76:5a:b6:09:c4:2d:74:
                    84:c0:3a:ac:65:8c:e8:58:fb:81:33:ec:58:66:a1:
                    23:e3:4d:e5:f3:57:38:f7:0b:92:28:b7:e5:d7:c7:
                    69:7d:e6:35:6c:fa:fc:12:32:f6:b3:cb:d5:a0:8c:
                    67:1f:36:03:26:f7:e5:20:ce:dc:10:55:25:9d:52:
                    b7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:7F:99:2C:4F:31:1B:1D:A2:51:9A:BF:F0:48:05:21:ED:C1:63:53
            X509v3 Authority Key Identifier:
                keyid:3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/Wn-ZLE8xGx2iUZq_8EgFIe3BY1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:76:f6:ac:60:f8:53:d3:7f:8c:a3:bb:a3:7c:26:06:b5:87:
         7f:32:cb:73:92:a2:0f:58:12:3d:dc:cd:81:2c:df:2b:cc:64:
         88:9e:05:54:90:f8:14:db:10:c5:4f:08:9d:e9:56:24:35:ed:
         7c:bd:85:d7:d1:45:20:6f:27:37:e3:5b:69:6e:90:e8:9d:bd:
         00:c7:87:00:29:fe:01:88:3c:7b:ca:f1:54:2f:2c:64:84:b9:
         0b:80:88:6a:17:b7:df:b1:c6:0d:d1:1b:80:f2:89:69:7b:81:
         fe:21:3a:0d:cc:e9:42:6a:d9:ee:14:7c:84:f8:db:0c:d7:da:
         4f:18:73:59:3e:c8:7a:25:ee:80:1b:f2:04:74:de:33:90:91:
         f7:4d:1d:c7:82:91:b0:31:fd:84:ca:8c:83:49:bb:a4:47:d3:
         1b:f6:61:30:83:2f:0b:ad:c7:70:bb:d5:9b:ae:ff:ad:c5:3f:
         74:8c:a0:ca:84:21:b7:5f:df:7f:cd:7b:ef:64:43:d1:9b:a9:
         eb:84:00:7f:57:15:18:a7:15:fa:ce:56:0c:a5:30:cf:0b:2e:
         e9:43:ed:4e:87:70:07:42:2b:99:42:30:23:3d:34:2e:e2:2b:
         74:36:27:10:8c:b0:0c:db:ef:86:37:9e:c6:33:8a:e0:2f:ed:
         31:ff:4c:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xx/LGZc4VVWYFw0C8dIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGE1NTNlMDVmMDMxOWJmNDUyZmEyMDZjMTRjY2RhODcz
MDQ2NTQwHhcNMjYwMTAxMDQxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTdmOTkyYzRmMzExYjFkYTI1MTlhYmZmMDQ4MDUyMWVkYzE2MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3r8BHP87wV1pREKMNxkuhcfcUVy
DPC0m9VDnOIPKHLIiQb3/F4h3QqfRUoIDnzx2N0i1xvt9DmAAfeVkYkalVJ57vOY
CLE+Chp0oSyIorsYuvOHMJcgUbjMg74h8WM6TNqIOI5EXmzKoghXnSQj96jK/xd/
/VOeDd2R73yw0XeQ23dd9ZlDSZ0O6BLaEv0zHqMo9Bd3AgcgImAT0TY2347NPTJi
ZBqGFWyiP5MfUqrEsGpQWOKTNgTdtXZatgnELXSEwDqsZYzoWPuBM+xYZqEj403l
81c49wuSKLfl18dpfeY1bPr8EjL2s8vVoIxnHzYDJvflIM7cEFUlnVK38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFp/mSxPMRsdolGav/BIBSHtwWNTMB8GA1UdIwQY
MBaAFD2KVT4F8DGb9FL6IGwUzNqHMEZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1Mjct
MGZiNDgyM2Y1Yjg3LzEvV24tWkxFOHhHeDJpVVpxXzhFZ0ZJZTNCWTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1MjctMGZiNDgyM2Y1Yjg3
LzEvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp75MA0G
CSqGSIb3DQEBCwUAA4IBAQAYdvasYPhT03+Mo7ujfCYGtYd/MstzkqIPWBI93M2B
LN8rzGSIngVUkPgU2xDFTwid6VYkNe18vYXX0UUgbyc341tpbpDonb0Ax4cAKf4B
iDx7yvFULyxkhLkLgIhqF7ffscYN0RuA8olpe4H+IToNzOlCatnuFHyE+NsM19pP
GHNZPsh6Je6AG/IEdN4zkJH3TR3HgpGwMf2EyoyDSbukR9Mb9mEwgy8Lrcdwu9Wb
rv+txT90jKDKhCG3X99/zXvvZEPRm6nrhAB/VxUYpxX6zlYMpTDPCy7pQ+1Oh3AH
QiuZQjAjPTQu4it0NicQjLAM2++GN57GM4rgL+0x/0wk
-----END CERTIFICATE-----