This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/wx4jf3r0v_RD4WGbwjNb9_66YeA.roa
File:                     wx4jf3r0v_RD4WGbwjNb9_66YeA.roa (raw, json)
Hash identifier:          Yg61lLQnPGGlaDhOZEVebkyWouHjvzVXcfasCV97MNE=
Subject key identifier:   C3:1E:23:7F:7A:F4:BF:F4:43:E1:61:9B:C2:33:5B:F7:FE:BA:61:E0
Certificate issuer:       /CN=028fdf719d47a10033451a83384a6db68dbd5b0f
Certificate serial:       019B797DDD2055E650DEFA3D1839BD320314
Authority key identifier: 02:8F:DF:71:9D:47:A1:00:33:45:1A:83:38:4A:6D:B6:8D:BD:5B:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/wx4jf3r0v_RD4WGbwjNb9_66YeA.roa
Signing time:             Thu 01 Jan 2026 12:17:30 +0000
ROA not before:           Thu 01 Jan 2026 12:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6735
IP address blocks:        194.113.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:dd:20:55:e6:50:de:fa:3d:18:39:bd:32:03:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=028fdf719d47a10033451a83384a6db68dbd5b0f
        Validity
            Not Before: Jan  1 12:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c31e237f7af4bff443e1619bc2335bf7feba61e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:2f:8a:4d:ac:96:2c:8c:3a:09:8d:d4:11:52:
                    ac:29:c1:ce:c7:1c:d5:68:76:6d:0d:48:d4:de:b0:
                    4d:0c:9f:30:fd:7b:0f:35:c4:9e:e2:ca:b4:63:06:
                    d2:c5:34:2c:a8:18:b8:f7:fe:ed:51:2b:ef:45:40:
                    07:f8:76:2e:7f:08:cc:2a:c0:7d:62:cd:ca:8f:6b:
                    1a:31:fe:bc:3f:3c:57:06:3b:03:56:6a:05:9e:ff:
                    ae:cf:3e:b1:cb:52:97:4d:32:bb:66:21:d6:39:45:
                    c2:ba:67:1b:d7:b6:01:79:68:5f:b0:cc:28:c8:93:
                    62:3e:49:95:66:ba:1e:43:25:27:40:a7:3d:aa:fe:
                    b1:2e:a4:6e:64:1b:0d:b4:b8:e8:a2:99:a9:e3:0a:
                    70:4d:a5:b8:4c:6f:32:90:3a:29:8d:7e:59:36:6a:
                    5b:95:db:b8:03:4b:d6:bc:4b:f2:0e:ef:36:15:2b:
                    19:09:50:41:89:16:2e:09:d6:21:b0:8d:d5:4e:28:
                    0f:1f:f1:f0:0d:86:d0:cf:56:62:65:6b:b3:a7:7e:
                    80:2b:fe:84:57:12:81:ce:45:38:85:b7:cc:42:d4:
                    79:57:fa:88:40:a1:2b:96:97:3d:22:72:ff:f1:3c:
                    fe:d5:6f:b0:15:e0:f2:b2:50:f3:aa:17:fe:f8:4e:
                    1c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:1E:23:7F:7A:F4:BF:F4:43:E1:61:9B:C2:33:5B:F7:FE:BA:61:E0
            X509v3 Authority Key Identifier:
                keyid:02:8F:DF:71:9D:47:A1:00:33:45:1A:83:38:4A:6D:B6:8D:BD:5B:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ao_fcZ1HoQAzRRqDOEptto29Ww8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/wx4jf3r0v_RD4WGbwjNb9_66YeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d49d52-50b1-4948-b1f7-055a9cad8df7/1/Ao_fcZ1HoQAzRRqDOEptto29Ww8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:07:6e:56:a2:bc:c5:10:49:74:a7:12:4a:08:6b:d1:f5:44:
         70:d8:cc:19:00:5b:6e:e5:8e:c4:e9:1a:8a:28:59:e2:f6:7d:
         a0:ff:e4:0a:53:27:ad:52:a9:b3:16:84:47:16:2f:a5:ab:bf:
         c1:c2:4f:9d:fb:26:6e:77:ab:ee:07:44:51:63:46:1d:94:59:
         bf:d3:07:07:47:a5:bc:9a:33:d1:b1:4c:49:0f:1b:3c:73:38:
         dd:c5:69:c4:0b:bd:02:97:0d:7f:57:44:56:ab:4c:96:b7:32:
         11:d7:74:90:35:fd:f3:a4:b7:54:6e:ab:98:fa:3e:68:c8:73:
         4f:63:36:5b:13:29:0c:1d:ea:d2:92:75:fc:65:73:35:cc:1d:
         46:26:b1:18:28:9a:df:77:23:bb:a4:fa:aa:83:f3:8e:8f:2e:
         21:7c:bb:6c:76:76:4c:ea:7d:22:61:e9:6c:a0:a2:5c:b1:02:
         22:24:83:a8:9b:63:4f:f6:7d:b6:05:cf:2d:86:96:6c:f8:dd:
         68:58:1e:a8:95:c6:2a:b9:07:e5:38:33:27:ae:7a:00:ba:bc:
         f5:c5:c4:14:17:33:ff:86:f4:a2:33:6f:8e:dc:60:cf:37:a6:
         66:ac:e5:12:e4:02:64:1e:fd:ea:7e:ba:cd:04:6b:a9:b3:cc:
         77:af:48:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fd0gVeZQ3vo9GDm9MgMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOGZkZjcxOWQ0N2ExMDAzMzQ1MWE4MzM4NGE2ZGI2OGRi
ZDViMGYwHhcNMjYwMTAxMTIxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzFlMjM3ZjdhZjRiZmY0NDNlMTYxOWJjMjMzNWJmN2ZlYmE2MWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9C+KTayWLIw6CY3UEVKsKcHOxxzV
aHZtDUjU3rBNDJ8w/XsPNcSe4sq0YwbSxTQsqBi49/7tUSvvRUAH+HYufwjMKsB9
Ys3Kj2saMf68PzxXBjsDVmoFnv+uzz6xy1KXTTK7ZiHWOUXCumcb17YBeWhfsMwo
yJNiPkmVZroeQyUnQKc9qv6xLqRuZBsNtLjoopmp4wpwTaW4TG8ykDopjX5ZNmpb
ldu4A0vWvEvyDu82FSsZCVBBiRYuCdYhsI3VTigPH/HwDYbQz1ZiZWuzp36AK/6E
VxKBzkU4hbfMQtR5V/qIQKErlpc9InL/8Tz+1W+wFeDyslDzqhf++E4cpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMeI3969L/0Q+Fhm8IzW/f+umHgMB8GA1UdIwQY
MBaAFAKP33GdR6EAM0UagzhKbbaNvVsPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9fZmNaMUhvUUF6UlJxRE9FcHR0bzI5V3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9kNDlkNTItNTBiMS00OTQ4LWIxZjct
MDU1YTljYWQ4ZGY3LzEvd3g0amYzcjB2X1JENFdHYndqTmI5XzY2WWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9kNDlkNTItNTBiMS00OTQ4LWIxZjctMDU1YTljYWQ4ZGY3
LzEvQW9fZmNaMUhvUUF6UlJxRE9FcHR0bzI5V3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnF1MA0G
CSqGSIb3DQEBCwUAA4IBAQBDB25WorzFEEl0pxJKCGvR9URw2MwZAFtu5Y7E6RqK
KFni9n2g/+QKUyetUqmzFoRHFi+lq7/Bwk+d+yZud6vuB0RRY0YdlFm/0wcHR6W8
mjPRsUxJDxs8czjdxWnEC70Clw1/V0RWq0yWtzIR13SQNf3zpLdUbquY+j5oyHNP
YzZbEykMHerSknX8ZXM1zB1GJrEYKJrfdyO7pPqqg/OOjy4hfLtsdnZM6n0iYels
oKJcsQIiJIOom2NP9n22Bc8thpZs+N1oWB6olcYquQflODMnrnoAurz1xcQUFzP/
hvSiM2+O3GDPN6ZmrOUS5AJkHv3qfrrNBGups8x3r0jm
-----END CERTIFICATE-----