This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/wFmuZt6OG-oR7DBeq01Ww8HvPa4.roa
File:                     wFmuZt6OG-oR7DBeq01Ww8HvPa4.roa (raw, json)
Hash identifier:          a0H1kPyDShFzTVMDinn/3X1ONbp+NjLhweJzA1FQdjg=
Subject key identifier:   C0:59:AE:66:DE:8E:1B:EA:11:EC:30:5E:AB:4D:56:C3:C1:EF:3D:AE
Certificate issuer:       /CN=533802e62965d4584e598d59b76a928be5afd971
Certificate serial:       019B7A5A0E38F667B335FA1A6F2798127F3E
Authority key identifier: 53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/wFmuZt6OG-oR7DBeq01Ww8HvPa4.roa
Signing time:             Thu 01 Jan 2026 16:18:00 +0000
ROA not before:           Thu 01 Jan 2026 16:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39704
IP address blocks:        141.98.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:0e:38:f6:67:b3:35:fa:1a:6f:27:98:12:7f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533802e62965d4584e598d59b76a928be5afd971
        Validity
            Not Before: Jan  1 16:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c059ae66de8e1bea11ec305eab4d56c3c1ef3dae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f3:40:db:12:49:e5:20:61:ef:8a:6e:1b:f9:
                    c6:c0:60:3e:bf:ff:15:af:0b:41:59:5d:0f:5b:5f:
                    11:d5:ab:ce:c2:76:2d:db:34:d8:bd:dc:b4:96:c7:
                    2f:8a:77:9a:c9:8a:98:0f:2d:e9:c0:f8:36:3f:35:
                    d8:78:1a:c0:15:34:20:f3:17:8d:bd:33:2f:58:d2:
                    6e:af:81:c6:7c:51:ac:ff:34:d4:47:73:fc:a8:a5:
                    9b:a8:9d:e0:37:98:de:92:02:95:bc:68:eb:8c:b8:
                    11:b8:68:25:9b:af:f5:56:5f:c5:59:3a:32:4a:3e:
                    44:54:24:ed:6e:48:cd:bb:6c:11:a6:11:57:5b:a7:
                    3c:10:8f:c0:ed:dd:c3:5e:49:da:a2:76:c2:7d:36:
                    84:ae:85:0d:b1:92:69:01:dd:59:f8:37:36:c9:2d:
                    71:8b:77:be:54:9a:60:24:41:58:8f:76:9b:89:44:
                    10:52:f1:8b:9f:69:ea:f0:b1:ff:49:df:2c:55:e1:
                    be:0c:a2:6f:a9:f0:68:b7:bd:3c:2b:45:5e:38:77:
                    c6:13:3b:aa:e3:d4:21:a3:40:aa:64:83:61:76:f9:
                    c9:fa:ea:18:d4:38:1f:41:82:bb:4c:36:8f:12:f3:
                    5f:3d:5a:1b:b1:ea:b6:16:93:b6:60:81:9e:01:57:
                    db:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:59:AE:66:DE:8E:1B:EA:11:EC:30:5E:AB:4D:56:C3:C1:EF:3D:AE
            X509v3 Authority Key Identifier:
                keyid:53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/wFmuZt6OG-oR7DBeq01Ww8HvPa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:3d:5f:4b:84:fe:12:f2:2d:54:59:91:73:f8:99:87:eb:38:
         64:8d:e9:0a:3d:4b:53:c5:de:67:54:67:a2:14:e0:f4:89:31:
         47:e4:7d:72:2d:ad:8e:e7:9f:54:18:1a:08:cd:32:c2:3a:20:
         17:9c:c7:cd:27:05:c6:06:cb:80:5c:09:2a:3b:0d:77:6f:7e:
         1a:83:5a:3d:bd:ea:15:e3:3c:eb:87:33:0a:23:fa:47:58:18:
         86:3c:3d:2d:21:c0:43:c8:21:00:13:18:cd:83:29:b0:8c:d3:
         21:74:f5:73:a6:4e:74:7a:40:5c:01:43:ba:0a:f5:29:c1:e4:
         55:f2:ea:0b:80:6f:50:2e:4a:e5:85:6c:3a:f1:b1:a6:62:53:
         3d:de:e9:72:43:54:71:0d:56:ba:c1:af:28:82:76:cb:d9:69:
         8b:50:05:b3:bf:5d:a3:51:cc:f2:cd:8e:34:e8:55:5e:58:56:
         a6:02:ef:39:f3:47:99:ba:fa:11:e3:96:f9:b3:f8:23:a8:56:
         c2:6c:d1:1c:ba:50:75:8d:6b:69:79:24:5c:5f:ab:86:8b:37:
         73:29:ea:56:5a:6e:1f:b4:4e:f7:ce:08:f2:4d:9e:32:0d:88:
         af:ae:b6:e4:03:89:6c:de:7a:e9:84:db:4d:9c:2d:3e:fa:75:
         cb:95:b0:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wg449mezNfoabyeYEn8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzgwMmU2Mjk2NWQ0NTg0ZTU5OGQ1OWI3NmE5MjhiZTVh
ZmQ5NzEwHhcNMjYwMTAxMTYxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDU5YWU2NmRlOGUxYmVhMTFlYzMwNWVhYjRkNTZjM2MxZWYzZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvNA2xJJ5SBh74puG/nGwGA+v/8V
rwtBWV0PW18R1avOwnYt2zTYvdy0lscvineayYqYDy3pwPg2PzXYeBrAFTQg8xeN
vTMvWNJur4HGfFGs/zTUR3P8qKWbqJ3gN5jekgKVvGjrjLgRuGglm6/1Vl/FWToy
Sj5EVCTtbkjNu2wRphFXW6c8EI/A7d3DXknaonbCfTaEroUNsZJpAd1Z+Dc2yS1x
i3e+VJpgJEFYj3abiUQQUvGLn2nq8LH/Sd8sVeG+DKJvqfBot708K0VeOHfGEzuq
49Qho0CqZINhdvnJ+uoY1DgfQYK7TDaPEvNfPVobseq2FpO2YIGeAVfbjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBZrmbejhvqEewwXqtNVsPB7z2uMB8GA1UdIwQY
MBaAFFM4AuYpZdRYTlmNWbdqkovlr9lxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQt
YTIzYzEzMWMwZDM4LzEvd0ZtdVp0Nk9HLW9SN0RCZXEwMVd3OEh2UGE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQtYTIzYzEzMWMwZDM4
LzEvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLkMA0G
CSqGSIb3DQEBCwUAA4IBAQCZPV9LhP4S8i1UWZFz+JmH6zhkjekKPUtTxd5nVGei
FOD0iTFH5H1yLa2O559UGBoIzTLCOiAXnMfNJwXGBsuAXAkqOw13b34ag1o9veoV
4zzrhzMKI/pHWBiGPD0tIcBDyCEAExjNgymwjNMhdPVzpk50ekBcAUO6CvUpweRV
8uoLgG9QLkrlhWw68bGmYlM93ulyQ1RxDVa6wa8ognbL2WmLUAWzv12jUczyzY40
6FVeWFamAu8580eZuvoR45b5s/gjqFbCbNEculB1jWtpeSRcX6uGizdzKepWWm4f
tE73zgjyTZ4yDYivrrbkA4ls3nrphNtNnC0++nXLlbAa
-----END CERTIFICATE-----