This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r4Gas6dORhFZOdzmr54k2oh7PZE.roa
File:                     r4Gas6dORhFZOdzmr54k2oh7PZE.roa (raw, json)
Hash identifier:          ACYHZQfS0tY1ehTp1D+8/2f7umBwTrnlr28YNaTSsO4=
Subject key identifier:   AF:81:9A:B3:A7:4E:46:11:59:39:DC:E6:AF:9E:24:DA:88:7B:3D:91
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54469AF8050B527A2CBFD8F3B9C92
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r4Gas6dORhFZOdzmr54k2oh7PZE.roa
Signing time:             Thu 01 Jan 2026 22:19:47 +0000
ROA not before:           Thu 01 Jan 2026 22:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199191
IP address blocks:        62.176.68.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:44:69:af:80:50:b5:27:a2:cb:fd:8f:3b:9c:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af819ab3a74e46115939dce6af9e24da887b3d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:59:77:6d:d8:6f:c4:6a:36:51:a5:b4:29:f6:
                    41:a8:ad:fc:a2:4e:41:9e:fb:9d:69:4b:9d:e1:53:
                    57:3c:8b:af:10:91:7d:a6:8e:1a:72:3e:cf:17:dd:
                    d7:a3:38:45:47:4c:27:b3:48:43:5b:c7:3e:70:63:
                    5c:bf:9b:b1:3d:12:a5:0c:a7:eb:ea:c3:0f:07:1e:
                    ed:3d:13:8c:87:86:f3:86:95:1f:be:2a:e1:2d:43:
                    da:f4:9e:02:ab:f7:a0:e2:12:f1:a3:39:31:31:f5:
                    a4:06:a4:b9:20:c5:b1:c7:af:e7:06:b0:db:34:1e:
                    f3:c5:0e:f7:96:65:5f:c2:b0:65:ad:76:1b:c3:2c:
                    56:2a:06:b5:e5:0e:2d:c2:fa:c3:23:0b:93:63:a6:
                    37:f0:be:66:e4:51:7e:83:a8:f7:ca:9c:7a:e1:50:
                    1b:d1:ed:c7:04:55:9f:bf:73:52:d1:3d:0e:58:eb:
                    96:9f:ea:fc:0b:a9:c7:61:df:62:d6:a7:2b:11:39:
                    e6:e1:75:b1:b5:86:1d:4e:d9:68:9a:4d:38:f9:14:
                    99:5e:e7:fa:e8:94:9f:a8:46:83:29:6c:10:57:b1:
                    1f:69:a0:30:2d:61:e2:87:fc:f8:ea:82:60:1e:7b:
                    05:69:ba:3e:39:33:fb:75:c3:38:58:e6:8d:26:5f:
                    6c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:81:9A:B3:A7:4E:46:11:59:39:DC:E6:AF:9E:24:DA:88:7B:3D:91
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/r4Gas6dORhFZOdzmr54k2oh7PZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:b3:44:c2:4a:86:86:3a:b1:99:fd:dd:42:22:71:9a:d8:8b:
         ee:39:90:05:6d:d8:f2:9d:62:30:fc:8c:48:e9:25:44:76:20:
         a4:8f:2f:0d:e3:c1:6d:de:17:cf:ce:9f:c0:9b:c1:5e:4b:b3:
         71:e2:97:e6:3c:32:ff:97:15:05:24:76:f7:03:87:ff:34:79:
         67:e9:08:09:99:46:64:83:88:a1:0b:7c:3b:3a:90:d3:15:3b:
         d8:f9:16:a8:01:70:8d:ab:e2:f7:6d:0b:c1:a9:da:77:c4:f9:
         91:2a:b3:00:b0:ec:24:82:8e:b8:0f:46:6e:b3:27:02:8a:c9:
         5c:fe:19:f4:d3:83:50:65:f1:99:6d:3f:e0:24:8e:cb:0f:3e:
         52:8a:04:66:3a:0b:6a:16:47:4e:39:29:fc:4e:38:78:c4:2f:
         9b:ea:81:c8:57:71:af:18:8c:ca:8c:9a:43:26:5e:bc:66:f6:
         64:37:11:c7:8f:b7:b9:f8:6c:9b:66:27:a9:70:dc:6d:c9:fb:
         c9:2d:ce:9a:71:2c:74:01:cc:cf:85:de:f2:82:31:8c:38:c2:
         c3:ff:cc:89:1d:1d:20:40:13:16:b1:49:c0:cc:51:d5:d9:7d:
         b6:5c:e2:38:77:c1:d0:d7:cd:a7:0e:6f:72:14:4f:fd:5f:06:
         05:4b:be:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pURpr4BQtSeiy/2PO5ySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjgxOWFiM2E3NGU0NjExNTkzOWRjZTZhZjllMjRkYTg4N2IzZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1l3bdhvxGo2UaW0KfZBqK38ok5B
nvudaUud4VNXPIuvEJF9po4acj7PF93XozhFR0wns0hDW8c+cGNcv5uxPRKlDKfr
6sMPBx7tPROMh4bzhpUfvirhLUPa9J4Cq/eg4hLxozkxMfWkBqS5IMWxx6/nBrDb
NB7zxQ73lmVfwrBlrXYbwyxWKga15Q4twvrDIwuTY6Y38L5m5FF+g6j3ypx64VAb
0e3HBFWfv3NS0T0OWOuWn+r8C6nHYd9i1qcrETnm4XWxtYYdTtlomk04+RSZXuf6
6JSfqEaDKWwQV7EfaaAwLWHih/z46oJgHnsFabo+OTP7dcM4WOaNJl9sUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+BmrOnTkYRWTnc5q+eJNqIez2RMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvcjRHYXM2ZE9SaEZaT2R6bXI1NGsyb2g3UFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPrBEMA0G
CSqGSIb3DQEBCwUAA4IBAQA2s0TCSoaGOrGZ/d1CInGa2IvuOZAFbdjynWIw/IxI
6SVEdiCkjy8N48Ft3hfPzp/Am8FeS7Nx4pfmPDL/lxUFJHb3A4f/NHln6QgJmUZk
g4ihC3w7OpDTFTvY+RaoAXCNq+L3bQvBqdp3xPmRKrMAsOwkgo64D0ZusycCislc
/hn004NQZfGZbT/gJI7LDz5SigRmOgtqFkdOOSn8Tjh4xC+b6oHIV3GvGIzKjJpD
Jl68ZvZkNxHHj7e5+GybZiepcNxtyfvJLc6acSx0AczPhd7ygjGMOMLD/8yJHR0g
QBMWsUnAzFHV2X22XOI4d8HQ182nDm9yFE/9XwYFS74+
-----END CERTIFICATE-----