This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/TDsQsD-FogHQsn4Ec6vvY4gDP8s.roa
File:                     TDsQsD-FogHQsn4Ec6vvY4gDP8s.roa (raw, json)
Hash identifier:          U4WjlnP/gqngtBE2O7bB+uTcniNf17yLooWBWXfykbw=
Subject key identifier:   4C:3B:10:B0:3F:85:A2:01:D0:B2:7E:04:73:AB:EF:63:88:03:3F:CB
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       019B7F154D142258B5533E49A36B624CC5D6
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/TDsQsD-FogHQsn4Ec6vvY4gDP8s.roa
Signing time:             Fri 02 Jan 2026 14:21:00 +0000
ROA not before:           Fri 02 Jan 2026 14:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     158
IP address blocks:        194.237.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4d:14:22:58:b5:53:3e:49:a3:6b:62:4c:c5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  2 14:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c3b10b03f85a201d0b27e0473abef6388033fcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3d:7c:b8:1e:a4:50:38:d2:c8:99:0e:cb:89:
                    69:90:25:ab:0e:2e:86:86:29:e7:0e:c4:4c:6f:85:
                    ad:43:bd:13:6a:04:1e:d6:70:36:0d:1f:a4:2c:aa:
                    a8:2b:b0:f7:2b:1f:7f:2d:45:6d:09:2c:4d:57:52:
                    19:d0:36:40:80:01:ab:ac:c9:f0:9d:b8:8d:cd:3f:
                    67:7e:25:f2:f8:cf:06:28:2e:8f:e9:6c:8a:20:4d:
                    a8:db:8e:e8:dd:1a:d2:4f:b0:59:7a:a1:31:d1:d8:
                    63:db:7e:d6:6f:42:90:6b:8f:80:a0:0d:01:6e:c1:
                    e4:d0:73:14:8e:ce:1d:e2:ff:b3:51:d5:07:d9:c1:
                    7c:a6:9f:df:2a:0e:92:e2:05:6e:3b:39:ef:f2:55:
                    f3:88:8f:eb:7d:02:f1:53:7e:e7:05:43:87:24:6a:
                    a3:ac:9c:8f:db:85:d9:42:d4:39:dc:d3:c4:e2:55:
                    8b:bb:69:de:3b:ab:40:5d:0f:c1:5d:15:0d:da:ec:
                    b8:75:00:1e:6e:48:fd:dc:12:95:fb:ae:31:18:88:
                    21:aa:c5:c8:5c:55:58:fb:15:b2:58:c2:af:cd:f4:
                    e8:6b:74:0b:96:58:ef:0f:2e:53:4c:2f:df:4d:be:
                    dd:cc:38:89:2e:f1:5d:35:f2:e8:28:7b:03:fc:a1:
                    67:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3B:10:B0:3F:85:A2:01:D0:B2:7E:04:73:AB:EF:63:88:03:3F:CB
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/TDsQsD-FogHQsn4Ec6vvY4gDP8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.237.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:33:36:38:82:f4:54:d1:47:59:73:f2:db:49:65:89:51:6a:
         9d:20:de:6a:1f:a8:f7:2b:ee:eb:6c:f4:8c:43:58:98:2e:d6:
         cb:63:54:91:04:48:7e:f0:10:69:4b:f1:0f:d9:2a:26:e5:60:
         bc:83:1b:47:4e:a7:bb:89:d9:c2:77:89:b8:8e:f7:95:b4:b1:
         56:0e:f2:ba:7a:3e:59:aa:c1:a1:95:30:3a:e7:d2:c5:ce:99:
         ef:01:d4:e4:d1:c7:b8:63:8e:af:a1:a4:1f:38:21:a2:e1:38:
         b5:00:9e:43:25:d2:eb:6a:af:8a:17:02:03:86:84:ab:31:f3:
         2c:92:92:f9:8c:64:80:34:2c:e2:25:25:31:25:b9:2a:d8:54:
         40:22:66:37:4a:a3:de:c3:a9:a8:ba:56:ba:02:75:58:9e:58:
         4e:1a:5d:bc:0b:dd:f6:d4:e4:24:5d:d7:b1:f3:f2:bf:40:43:
         8c:d9:59:91:82:00:b3:27:5e:db:2f:c2:06:cb:7f:ce:05:50:
         bc:e5:37:c0:98:8c:3f:3f:6f:f9:72:4a:2d:02:96:db:31:75:
         ef:c8:c1:56:9b:60:64:d5:e5:9e:35:e4:13:48:90:c8:b4:be:
         93:56:2e:45:94:08:d3:a0:db:3e:25:7c:30:3a:15:1f:55:eb:
         be:0f:75:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU0UIli1Uz5Jo2tiTMXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwMTAyMTQyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNiMTBiMDNmODVhMjAxZDBiMjdlMDQ3M2FiZWY2Mzg4MDMzZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD18uB6kUDjSyJkOy4lpkCWrDi6G
hinnDsRMb4WtQ70TagQe1nA2DR+kLKqoK7D3Kx9/LUVtCSxNV1IZ0DZAgAGrrMnw
nbiNzT9nfiXy+M8GKC6P6WyKIE2o247o3RrST7BZeqEx0dhj237Wb0KQa4+AoA0B
bsHk0HMUjs4d4v+zUdUH2cF8pp/fKg6S4gVuOznv8lXziI/rfQLxU37nBUOHJGqj
rJyP24XZQtQ53NPE4lWLu2neO6tAXQ/BXRUN2uy4dQAebkj93BKV+64xGIghqsXI
XFVY+xWyWMKvzfToa3QLlljvDy5TTC/fTb7dzDiJLvFdNfLoKHsD/KFnCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEw7ELA/haIB0LJ+BHOr72OIAz/LMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvVERzUXNELUZvZ0hRc240RWM2dnZZNGdEUDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwu2OMA0G
CSqGSIb3DQEBCwUAA4IBAQByMzY4gvRU0UdZc/LbSWWJUWqdIN5qH6j3K+7rbPSM
Q1iYLtbLY1SRBEh+8BBpS/EP2Som5WC8gxtHTqe7idnCd4m4jveVtLFWDvK6ej5Z
qsGhlTA659LFzpnvAdTk0ce4Y46voaQfOCGi4Ti1AJ5DJdLraq+KFwIDhoSrMfMs
kpL5jGSANCziJSUxJbkq2FRAImY3SqPew6moula6AnVYnlhOGl28C9321OQkXdex
8/K/QEOM2VmRggCzJ17bL8IGy3/OBVC85TfAmIw/P2/5ckotApbbMXXvyMFWm2Bk
1eWeNeQTSJDItL6TVi5FlAjToNs+JXwwOhUfVeu+D3Ug
-----END CERTIFICATE-----