This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/w4OPW1w1cwaWMj4uXqpkKkiEaKk.roa
File:                     w4OPW1w1cwaWMj4uXqpkKkiEaKk.roa (raw, json)
Hash identifier:          jUe+lcC4F+1K+YbOo4TiwqXw96cjr2eJwGRjPOVvNjo=
Subject key identifier:   C3:83:8F:5B:5C:35:73:06:96:32:3E:2E:5E:AA:64:2A:48:84:68:A9
Certificate issuer:       /CN=f4b2511fb074f5e1658535ba461e4580dbd84137
Certificate serial:       019BB31800CB6E2397C602959CBFC93A1944
Authority key identifier: F4:B2:51:1F:B0:74:F5:E1:65:85:35:BA:46:1E:45:80:DB:D8:41:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LJRH7B09eFlhTW6Rh5FgNvYQTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/w4OPW1w1cwaWMj4uXqpkKkiEaKk.roa
Signing time:             Mon 12 Jan 2026 16:44:13 +0000
ROA not before:           Mon 12 Jan 2026 16:44:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44709
IP address blocks:        193.186.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/9LJRH7B09eFlhTW6Rh5FgNvYQTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/9LJRH7B09eFlhTW6Rh5FgNvYQTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LJRH7B09eFlhTW6Rh5FgNvYQTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b3:18:00:cb:6e:23:97:c6:02:95:9c:bf:c9:3a:19:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b2511fb074f5e1658535ba461e4580dbd84137
        Validity
            Not Before: Jan 12 16:44:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3838f5b5c35730696323e2e5eaa642a488468a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:74:10:d5:db:60:7c:59:04:0b:b0:97:b6:4a:
                    b4:c1:4e:84:ec:ec:3e:17:e2:29:b3:13:dd:47:d5:
                    eb:14:11:5e:af:6b:6c:c6:55:0b:ce:71:29:5e:2e:
                    05:e4:3b:f3:b5:83:74:16:eb:9c:04:e2:e4:4b:f5:
                    59:34:b5:1b:fd:84:77:e5:10:ca:d9:57:bd:ea:2e:
                    a1:c9:1f:21:a5:f0:39:de:f0:82:e4:5b:1f:8c:8a:
                    68:10:e4:98:2d:3f:02:6e:06:e4:3c:a0:97:cb:a2:
                    eb:50:88:cb:5a:c3:61:b9:8a:84:57:f0:c9:70:ba:
                    d3:ef:39:60:89:24:ec:b7:a5:ad:55:0f:18:ee:47:
                    d5:79:7f:9b:83:ca:01:f3:fa:2b:0d:ce:51:e4:89:
                    2e:fc:08:87:89:23:35:d2:e5:ac:27:83:1b:b4:33:
                    df:40:c8:03:83:07:77:d0:2c:25:43:26:2a:de:86:
                    e0:b6:aa:fa:70:38:f0:0a:88:f5:76:1a:38:d3:9f:
                    1e:9e:bc:f8:2b:04:96:36:f5:06:b7:9c:ee:16:c5:
                    d8:d5:2a:20:57:18:17:0b:58:8a:23:d1:9d:0e:0a:
                    44:8f:bb:33:ad:38:e1:7a:24:ce:04:69:0a:85:42:
                    fe:3f:85:eb:6a:f5:fa:7d:26:8d:ad:ed:35:5e:b0:
                    af:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:83:8F:5B:5C:35:73:06:96:32:3E:2E:5E:AA:64:2A:48:84:68:A9
            X509v3 Authority Key Identifier:
                keyid:F4:B2:51:1F:B0:74:F5:E1:65:85:35:BA:46:1E:45:80:DB:D8:41:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LJRH7B09eFlhTW6Rh5FgNvYQTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/w4OPW1w1cwaWMj4uXqpkKkiEaKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/0baf51-87e3-4437-a446-0192943796c1/1/9LJRH7B09eFlhTW6Rh5FgNvYQTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f0:bc:f7:00:a1:3c:2d:e8:ce:62:ab:82:35:62:30:fd:64:
         54:97:ce:70:c2:f7:62:34:6f:ea:33:c8:6d:ed:91:a9:9d:88:
         66:93:fd:c3:34:e7:82:bc:81:7d:13:5b:e2:7b:7a:d3:e2:d8:
         35:4b:89:e5:93:7c:ca:68:ed:84:0f:9a:5e:02:aa:56:12:c8:
         28:3d:c3:6e:6f:1d:4f:e5:a3:a9:67:d4:b8:38:50:0f:3b:f9:
         c7:9c:6b:9a:95:b2:e7:89:e0:c2:80:7c:44:bf:28:cc:18:c0:
         4d:91:da:b8:d4:10:4a:ba:f5:d7:c8:08:57:54:4c:12:db:1b:
         e6:99:70:4a:97:46:45:e3:cb:de:13:59:95:1b:3e:87:55:7a:
         66:64:00:b6:fd:ff:d4:35:af:44:6c:73:8f:80:59:89:c5:88:
         4f:1a:90:2d:66:12:02:de:0a:43:6e:d5:39:a3:e8:6c:83:d6:
         32:da:78:a7:25:f5:c4:ae:20:b4:19:47:6d:3e:02:b0:f9:94:
         b5:57:74:44:60:90:24:20:ce:36:20:69:5d:be:6e:01:3b:06:
         58:45:47:dc:31:da:41:6a:ea:bf:75:85:7e:c2:a2:db:59:84:
         a0:5f:0f:2b:7e:87:2a:4e:89:57:da:d9:71:22:da:42:d8:8e:
         b0:cf:1f:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuzGADLbiOXxgKVnL/JOhlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjI1MTFmYjA3NGY1ZTE2NTg1MzViYTQ2MWU0NTgwZGJk
ODQxMzcwHhcNMjYwMTEyMTY0NDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzgzOGY1YjVjMzU3MzA2OTYzMjNlMmU1ZWFhNjQyYTQ4ODQ2OGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03QQ1dtgfFkEC7CXtkq0wU6E7Ow+
F+IpsxPdR9XrFBFer2tsxlULznEpXi4F5DvztYN0FuucBOLkS/VZNLUb/YR35RDK
2Ve96i6hyR8hpfA53vCC5FsfjIpoEOSYLT8CbgbkPKCXy6LrUIjLWsNhuYqEV/DJ
cLrT7zlgiSTst6WtVQ8Y7kfVeX+bg8oB8/orDc5R5Iku/AiHiSM10uWsJ4MbtDPf
QMgDgwd30CwlQyYq3obgtqr6cDjwCoj1dho4058enrz4KwSWNvUGt5zuFsXY1Sog
VxgXC1iKI9GdDgpEj7szrTjheiTOBGkKhUL+P4XravX6fSaNre01XrCv9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMODj1tcNXMGljI+Ll6qZCpIhGipMB8GA1UdIwQY
MBaAFPSyUR+wdPXhZYU1ukYeRYDb2EE3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxKUkg3QjA5ZUZsaFRXNlJoNUZnTnZZUVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wYmFmNTEtODdlMy00NDM3LWE0NDYt
MDE5Mjk0Mzc5NmMxLzEvdzRPUFcxdzFjd2FXTWo0dVhxcGtLa2lFYUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wYmFmNTEtODdlMy00NDM3LWE0NDYtMDE5Mjk0Mzc5NmMx
LzEvOUxKUkg3QjA5ZUZsaFRXNlJoNUZnTnZZUVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwboCMA0G
CSqGSIb3DQEBCwUAA4IBAQAa8Lz3AKE8LejOYquCNWIw/WRUl85wwvdiNG/qM8ht
7ZGpnYhmk/3DNOeCvIF9E1vie3rT4tg1S4nlk3zKaO2ED5peAqpWEsgoPcNubx1P
5aOpZ9S4OFAPO/nHnGualbLnieDCgHxEvyjMGMBNkdq41BBKuvXXyAhXVEwS2xvm
mXBKl0ZF48veE1mVGz6HVXpmZAC2/f/UNa9EbHOPgFmJxYhPGpAtZhIC3gpDbtU5
o+hsg9Yy2ninJfXEriC0GUdtPgKw+ZS1V3REYJAkIM42IGldvm4BOwZYRUfcMdpB
auq/dYV+wqLbWYSgXw8rfocqTolX2tlxItpC2I6wzx+8
-----END CERTIFICATE-----