This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/du4Uc1Tw1A4vtFUr5_RZZE4mr9c.roa
File:                     du4Uc1Tw1A4vtFUr5_RZZE4mr9c.roa (raw, json)
Hash identifier:          VHvvL6d/GOaFCBnvC8MIBYdWi2shlhJJCY1UWI68tyA=
Subject key identifier:   76:EE:14:73:54:F0:D4:0E:2F:B4:55:2B:E7:F4:59:64:4E:26:AF:D7
Certificate issuer:       /CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
Certificate serial:       019B7DC9DABE7E4997A081B72BE951598228
Authority key identifier: 29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/du4Uc1Tw1A4vtFUr5_RZZE4mr9c.roa
Signing time:             Fri 02 Jan 2026 08:18:59 +0000
ROA not before:           Fri 02 Jan 2026 08:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12306
IP address blocks:        194.56.221.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:da:be:7e:49:97:a0:81:b7:2b:e9:51:59:82:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
        Validity
            Not Before: Jan  2 08:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76ee147354f0d40e2fb4552be7f459644e26afd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6f:bb:15:07:2f:98:31:1d:46:e5:75:bf:c4:
                    03:1f:ac:9e:d1:3c:ca:6a:c0:22:29:7e:a3:23:a4:
                    a0:0e:9b:d6:0c:22:91:46:99:25:cd:f6:48:75:87:
                    4a:4c:d8:d3:b2:f5:4d:e2:27:e4:15:72:29:f7:b2:
                    87:1f:33:8b:bd:d0:be:07:ca:48:8c:8d:9c:fb:15:
                    df:23:e5:1f:8d:c5:bd:d9:e1:ef:75:ed:a9:d7:ab:
                    f5:61:c4:36:3e:d5:a0:44:5a:78:b2:0a:7a:d7:52:
                    42:d1:d5:54:3e:74:8e:78:63:a9:65:0e:b5:c4:12:
                    61:bc:41:80:a1:f6:e1:64:66:a3:7f:0c:64:3b:da:
                    8a:d8:62:59:a6:48:a3:54:fa:4f:fd:00:05:15:ce:
                    33:32:2e:22:fc:39:e0:33:9e:89:02:66:61:1d:8a:
                    4a:bd:08:46:84:dd:9b:54:1f:37:1a:5d:bf:b3:70:
                    41:aa:1c:be:39:05:c3:0b:f5:bb:1d:8a:2c:2d:73:
                    95:8d:5b:33:7c:f7:99:07:7d:dc:49:be:6b:be:47:
                    9a:37:ce:b7:4b:52:9c:05:36:97:ab:ac:87:fe:c2:
                    cb:67:3a:ff:e5:c9:2b:98:91:11:21:08:19:77:95:
                    3b:89:52:d8:1b:0d:18:f7:0b:5d:5c:db:ae:1c:bc:
                    aa:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:EE:14:73:54:F0:D4:0E:2F:B4:55:2B:E7:F4:59:64:4E:26:AF:D7
            X509v3 Authority Key Identifier:
                keyid:29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/du4Uc1Tw1A4vtFUr5_RZZE4mr9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:7a:6a:77:56:fd:08:dc:9b:76:44:ee:a9:fd:79:89:d9:54:
         42:bf:34:9c:4e:95:06:99:74:1a:bb:c7:85:8b:f7:76:a0:8d:
         6f:2a:94:cb:e9:cc:02:79:65:e0:b8:4d:5b:94:c3:59:4d:b5:
         8a:70:6a:39:f8:35:b7:5c:36:ef:1a:9c:78:78:6d:ae:86:27:
         39:d7:8e:1e:be:81:45:6f:0b:12:11:9f:bb:4d:90:40:c0:33:
         02:7f:2c:f9:e2:c4:09:b7:de:78:db:bf:4e:b2:70:6a:75:47:
         56:12:01:2b:1a:dd:b1:0b:08:84:06:0e:13:4f:df:68:e5:60:
         e3:0e:cc:b7:78:28:4c:94:c3:32:f8:6a:3b:45:b4:88:59:57:
         3b:29:05:6a:36:67:ec:69:ef:71:4c:80:38:5e:34:e7:b5:eb:
         7a:05:90:89:25:6d:95:2a:1d:02:39:91:35:86:3e:c9:d3:52:
         8c:a9:61:64:65:49:6f:bd:1f:e2:64:b5:44:c1:d8:69:c7:a7:
         ff:c5:57:82:2e:9d:d7:8d:89:1c:a3:3a:6b:dc:b7:f9:f8:52:
         3c:f6:f7:1c:a6:bf:cf:fc:86:14:7d:f3:8c:04:28:90:db:49:
         45:69:0f:67:c4:b3:05:90:37:06:d7:f6:98:98:a9:72:65:82:
         4f:f3:73:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ydq+fkmXoIG3K+lRWYIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NWE5MmI3NzhlZGRmYThkY2Q5MTdjYmI4N2NkZTMxYmEy
YzczMmYwHhcNMjYwMTAyMDgxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVlMTQ3MzU0ZjBkNDBlMmZiNDU1MmJlN2Y0NTk2NDRlMjZhZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG+7FQcvmDEdRuV1v8QDH6ye0TzK
asAiKX6jI6SgDpvWDCKRRpklzfZIdYdKTNjTsvVN4ifkFXIp97KHHzOLvdC+B8pI
jI2c+xXfI+UfjcW92eHvde2p16v1YcQ2PtWgRFp4sgp611JC0dVUPnSOeGOpZQ61
xBJhvEGAofbhZGajfwxkO9qK2GJZpkijVPpP/QAFFc4zMi4i/DngM56JAmZhHYpK
vQhGhN2bVB83Gl2/s3BBqhy+OQXDC/W7HYosLXOVjVszfPeZB33cSb5rvkeaN863
S1KcBTaXq6yH/sLLZzr/5ckrmJERIQgZd5U7iVLYGw0Y9wtdXNuuHLyq+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbuFHNU8NQOL7RVK+f0WWROJq/XMB8GA1UdIwQY
MBaAFClakrd47d+o3NkXy7h83jG6LHMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUt
ZGNkYzVjZWUyNzZmLzEvZHU0VWMxVHcxQTR2dEZVcjVfUlpaRTRtcjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUtZGNkYzVjZWUyNzZm
LzEvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjdMA0G
CSqGSIb3DQEBCwUAA4IBAQAyemp3Vv0I3Jt2RO6p/XmJ2VRCvzScTpUGmXQau8eF
i/d2oI1vKpTL6cwCeWXguE1blMNZTbWKcGo5+DW3XDbvGpx4eG2uhic5144evoFF
bwsSEZ+7TZBAwDMCfyz54sQJt954279OsnBqdUdWEgErGt2xCwiEBg4TT99o5WDj
Dsy3eChMlMMy+Go7RbSIWVc7KQVqNmfsae9xTIA4XjTntet6BZCJJW2VKh0COZE1
hj7J01KMqWFkZUlvvR/iZLVEwdhpx6f/xVeCLp3XjYkcozpr3Lf5+FI89vccpr/P
/IYUffOMBCiQ20lFaQ9nxLMFkDcG1/aYmKlyZYJP83O+
-----END CERTIFICATE-----