This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/aD4aJMmaQg_1w8VUSr55ba35-_4.roa
File:                     aD4aJMmaQg_1w8VUSr55ba35-_4.roa (raw, json)
Hash identifier:          3Ez4Ad6m2JnI3XnTs61pJ+5b17Kb2kmyt6ZM1f7rwSI=
Subject key identifier:   68:3E:1A:24:C9:9A:42:0F:F5:C3:C5:54:4A:BE:79:6D:AD:F9:FB:FE
Certificate issuer:       /CN=e2454c456ce68ba8fecad542aab9610b1ecc12e2
Certificate serial:       019B7A5B436D1254CEB95FE881B445B5BF55
Authority key identifier: E2:45:4C:45:6C:E6:8B:A8:FE:CA:D5:42:AA:B9:61:0B:1E:CC:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4kVMRWzmi6j-ytVCqrlhCx7MEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/aD4aJMmaQg_1w8VUSr55ba35-_4.roa
Signing time:             Thu 01 Jan 2026 16:19:19 +0000
ROA not before:           Thu 01 Jan 2026 16:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        193.161.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/4kVMRWzmi6j-ytVCqrlhCx7MEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/4kVMRWzmi6j-ytVCqrlhCx7MEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4kVMRWzmi6j-ytVCqrlhCx7MEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:43:6d:12:54:ce:b9:5f:e8:81:b4:45:b5:bf:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2454c456ce68ba8fecad542aab9610b1ecc12e2
        Validity
            Not Before: Jan  1 16:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=683e1a24c99a420ff5c3c5544abe796dadf9fbfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0e:99:f9:b9:fc:f2:12:19:9b:0e:a6:81:a1:
                    a4:8b:d8:6f:6d:55:70:45:d1:8b:92:64:04:75:f6:
                    86:2c:26:ba:a0:b0:7b:4d:cf:52:94:90:17:89:81:
                    70:27:f2:d1:19:3b:5d:cf:77:81:c3:1d:c2:fd:1f:
                    ec:e0:4c:74:ca:b2:c3:26:40:3a:6c:25:d2:4a:0f:
                    71:ed:04:38:05:2f:c1:54:cb:85:44:a2:4f:99:39:
                    54:a3:cf:dd:8d:19:76:70:ef:e1:a9:e6:fa:36:27:
                    c7:8e:5e:a1:54:28:ee:b1:4a:59:82:fe:92:49:6a:
                    40:e7:78:b7:d4:58:0a:3f:f5:71:0b:1a:12:37:0f:
                    12:a7:f5:7e:66:7d:5d:7b:41:38:d6:b9:26:79:74:
                    9d:93:ed:64:95:2e:52:57:e2:87:72:dd:8a:a5:e7:
                    87:f2:08:0a:79:d3:d7:60:70:d0:ef:c6:80:4f:54:
                    92:c4:0f:7e:dd:e8:46:aa:67:ae:5d:63:7d:ee:7d:
                    8b:70:dd:93:56:ce:13:65:7b:a9:3c:11:31:71:96:
                    c0:21:10:5f:af:0b:97:8d:b9:83:b8:af:b5:3f:3d:
                    41:35:5f:7d:af:fb:00:2b:22:c0:de:5f:1f:6b:16:
                    59:72:24:15:11:a2:39:aa:5b:c3:25:07:34:0d:b9:
                    46:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3E:1A:24:C9:9A:42:0F:F5:C3:C5:54:4A:BE:79:6D:AD:F9:FB:FE
            X509v3 Authority Key Identifier:
                keyid:E2:45:4C:45:6C:E6:8B:A8:FE:CA:D5:42:AA:B9:61:0B:1E:CC:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4kVMRWzmi6j-ytVCqrlhCx7MEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/aD4aJMmaQg_1w8VUSr55ba35-_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64ed62-a8ef-4802-a1b4-9f97b0fc4832/1/4kVMRWzmi6j-ytVCqrlhCx7MEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:bb:44:b1:89:92:11:5e:6e:fb:e6:0d:3c:96:23:d1:18:56:
         aa:14:a0:de:fd:b5:45:ee:50:79:ce:5e:56:65:0c:18:b6:3e:
         ac:ed:41:3c:49:16:0f:f8:4d:70:b1:6f:e1:36:08:16:72:dc:
         21:a8:33:d1:7a:cc:ca:36:c3:5c:82:20:06:83:26:5c:d7:c6:
         a2:a9:d8:73:8b:5b:2a:3a:a0:73:03:f8:8b:06:3d:94:b4:fd:
         b7:b1:c6:8b:f3:19:76:42:e1:58:73:88:33:2a:bd:fe:a2:f7:
         a6:8f:25:03:1a:dc:1e:22:40:8a:04:7d:26:26:92:ff:76:74:
         0d:9d:e4:16:dd:67:26:46:d5:55:16:b8:91:8b:f8:fa:cc:76:
         a1:70:b9:c0:2c:e7:47:3c:ae:69:ce:2e:df:8e:9c:10:b3:07:
         6f:b5:27:ab:75:4a:a9:f2:a4:02:c9:4c:d5:e4:75:c0:5f:6c:
         fe:e8:fc:62:cb:a0:fb:1c:0d:1a:d1:2a:15:51:73:c7:f3:20:
         45:48:77:1a:e1:33:3a:c5:5a:a2:87:e7:57:2c:7c:a8:1d:f8:
         b0:69:79:76:28:b1:cf:41:c6:01:5d:cb:0b:65:c5:b0:3a:b8:
         a7:bc:9c:bc:12:83:9d:ef:dc:50:22:9d:0c:c8:7e:0f:87:f8:
         83:73:de:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W0NtElTOuV/ogbRFtb9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNDU0YzQ1NmNlNjhiYThmZWNhZDU0MmFhYjk2MTBiMWVj
YzEyZTIwHhcNMjYwMTAxMTYxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODNlMWEyNGM5OWE0MjBmZjVjM2M1NTQ0YWJlNzk2ZGFkZjlmYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ6Z+bn88hIZmw6mgaGki9hvbVVw
RdGLkmQEdfaGLCa6oLB7Tc9SlJAXiYFwJ/LRGTtdz3eBwx3C/R/s4Ex0yrLDJkA6
bCXSSg9x7QQ4BS/BVMuFRKJPmTlUo8/djRl2cO/hqeb6NifHjl6hVCjusUpZgv6S
SWpA53i31FgKP/VxCxoSNw8Sp/V+Zn1de0E41rkmeXSdk+1klS5SV+KHct2KpeeH
8ggKedPXYHDQ78aAT1SSxA9+3ehGqmeuXWN97n2LcN2TVs4TZXupPBExcZbAIRBf
rwuXjbmDuK+1Pz1BNV99r/sAKyLA3l8faxZZciQVEaI5qlvDJQc0DblGawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGg+GiTJmkIP9cPFVEq+eW2t+fv+MB8GA1UdIwQY
MBaAFOJFTEVs5ouo/srVQqq5YQsezBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGtWTVJXem1pNmoteXRWQ3FybGhDeDdNRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS82NGVkNjItYThlZi00ODAyLWExYjQt
OWY5N2IwZmM0ODMyLzEvYUQ0YUpNbWFRZ18xdzhWVVNyNTViYTM1LV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS82NGVkNjItYThlZi00ODAyLWExYjQtOWY5N2IwZmM0ODMy
LzEvNGtWTVJXem1pNmoteXRWQ3FybGhDeDdNRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaHQMA0G
CSqGSIb3DQEBCwUAA4IBAQADu0SxiZIRXm775g08liPRGFaqFKDe/bVF7lB5zl5W
ZQwYtj6s7UE8SRYP+E1wsW/hNggWctwhqDPReszKNsNcgiAGgyZc18aiqdhzi1sq
OqBzA/iLBj2UtP23scaL8xl2QuFYc4gzKr3+ovemjyUDGtweIkCKBH0mJpL/dnQN
neQW3WcmRtVVFriRi/j6zHahcLnALOdHPK5pzi7fjpwQswdvtSerdUqp8qQCyUzV
5HXAX2z+6Pxiy6D7HA0a0SoVUXPH8yBFSHca4TM6xVqih+dXLHyoHfiwaXl2KLHP
QcYBXcsLZcWwOrinvJy8EoOd79xQIp0MyH4Ph/iDc96t
-----END CERTIFICATE-----