This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WFTfI5tspGo4Ss0OCZAL-JGWw3k.roa
File:                     WFTfI5tspGo4Ss0OCZAL-JGWw3k.roa (raw, json)
Hash identifier:          ygHs+fWVxGVJnQRLr2/Xp2LQTIWtPolhwTvnQdcJhwg=
Subject key identifier:   58:54:DF:23:9B:6C:A4:6A:38:4A:CD:0E:09:90:0B:F8:91:96:C3:79
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       019B7834B4714ADF3790326EE6A10CBB3E38
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WFTfI5tspGo4Ss0OCZAL-JGWw3k.roa
Signing time:             Thu 01 Jan 2026 06:17:58 +0000
ROA not before:           Thu 01 Jan 2026 06:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36947
IP address blocks:        213.140.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:b4:71:4a:df:37:90:32:6e:e6:a1:0c:bb:3e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: Jan  1 06:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5854df239b6ca46a384acd0e09900bf89196c379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ef:66:18:81:5d:af:98:29:51:60:8c:b5:e1:
                    73:6a:36:71:f3:b6:7b:28:8e:c7:29:4c:ba:0c:dc:
                    49:59:8a:d3:c9:e1:ce:31:8f:70:02:1c:0b:96:db:
                    0b:e0:23:c1:99:bc:2b:6b:16:6d:10:21:0e:11:91:
                    78:85:b8:29:ee:7a:21:55:f4:fb:5b:af:f2:94:eb:
                    4b:0c:e7:87:8b:bb:5d:e7:9a:ac:b0:e2:c8:d8:92:
                    a3:c6:aa:cf:d9:b1:3d:82:d9:88:29:a2:b8:99:c2:
                    67:05:93:f1:6e:6f:7d:26:a8:c7:10:a1:bc:d2:cc:
                    d2:e5:ea:bc:b9:47:6f:cd:2c:18:26:a3:be:fb:97:
                    9d:35:a9:1d:8c:c1:8a:49:06:05:39:dc:be:23:b6:
                    1a:6a:9e:7f:ac:30:b1:11:c8:b9:ac:c1:41:e3:65:
                    6d:0a:63:c7:78:af:91:82:5e:2a:08:56:d1:db:5d:
                    94:07:4d:cd:c0:5f:e7:4b:ae:e6:6a:2b:8b:91:d8:
                    d9:17:1d:7f:b1:7b:39:6b:73:cf:21:1d:93:c6:20:
                    3b:e7:75:4c:e1:a0:3f:0b:95:59:55:95:6a:87:ee:
                    df:1e:e4:2d:5c:b1:24:73:3d:46:77:37:0d:9b:8e:
                    9d:02:5a:66:0e:f1:e2:e7:73:67:9f:15:81:44:1c:
                    12:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:54:DF:23:9B:6C:A4:6A:38:4A:CD:0E:09:90:0B:F8:91:96:C3:79
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WFTfI5tspGo4Ss0OCZAL-JGWw3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:f3:4c:bc:50:a9:2d:e0:e9:e0:56:db:22:53:6b:81:f2:c0:
         84:4e:01:82:e1:86:8e:9d:ab:6f:df:ed:43:3e:06:06:5b:01:
         a9:6a:60:97:9c:74:8d:3f:7e:51:3f:54:15:75:a8:a9:e8:a6:
         f2:fc:31:fd:f0:d2:c8:7d:f5:51:15:3d:61:2a:0d:e2:05:99:
         7b:ab:e8:01:19:07:2f:91:b8:69:0e:cf:e1:a5:46:21:c9:85:
         54:b5:b7:7d:d1:00:06:e8:6b:3d:67:58:8b:0a:9d:2c:c7:d8:
         3a:a7:51:9f:6b:c2:29:f5:33:a2:b0:3a:fa:c8:67:3d:c5:ec:
         cc:e0:98:01:e6:b7:bc:e9:a2:e8:65:f5:96:37:b6:90:f5:1c:
         c1:03:48:d2:ad:1d:cf:17:e0:8d:0e:52:e8:57:a0:b0:29:af:
         ba:b6:5d:2d:95:db:3a:d3:f4:17:5c:67:40:a7:b9:2e:e8:c7:
         84:9c:3f:0a:d1:c0:2b:80:13:19:0c:f8:46:44:70:b6:b6:6c:
         84:10:34:a4:18:5d:3a:22:c2:aa:ca:f6:3e:5c:6b:51:fa:f8:
         51:50:a8:c4:48:a2:49:3a:e6:4c:ce:d7:93:b1:c9:9d:ec:7c:
         67:51:d0:98:95:e9:58:31:14:62:dd:c5:6e:99:49:0f:90:89:
         69:ab:4b:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NLRxSt83kDJu5qEMuz44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjYwMTAxMDYxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODU0ZGYyMzliNmNhNDZhMzg0YWNkMGUwOTkwMGJmODkxOTZjMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue9mGIFdr5gpUWCMteFzajZx87Z7
KI7HKUy6DNxJWYrTyeHOMY9wAhwLltsL4CPBmbwraxZtECEOEZF4hbgp7nohVfT7
W6/ylOtLDOeHi7td55qssOLI2JKjxqrP2bE9gtmIKaK4mcJnBZPxbm99JqjHEKG8
0szS5eq8uUdvzSwYJqO++5edNakdjMGKSQYFOdy+I7Yaap5/rDCxEci5rMFB42Vt
CmPHeK+Rgl4qCFbR212UB03NwF/nS67maiuLkdjZFx1/sXs5a3PPIR2TxiA753VM
4aA/C5VZVZVqh+7fHuQtXLEkcz1GdzcNm46dAlpmDvHi53NnnxWBRBwSlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhU3yObbKRqOErNDgmQC/iRlsN5MB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvV0ZUZkk1dHNwR280U3MwT0NaQUwtSkdXdzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Yw4MA0G
CSqGSIb3DQEBCwUAA4IBAQCW80y8UKkt4OngVtsiU2uB8sCETgGC4YaOnatv3+1D
PgYGWwGpamCXnHSNP35RP1QVdaip6Kby/DH98NLIffVRFT1hKg3iBZl7q+gBGQcv
kbhpDs/hpUYhyYVUtbd90QAG6Gs9Z1iLCp0sx9g6p1Gfa8Ip9TOisDr6yGc9xezM
4JgB5re86aLoZfWWN7aQ9RzBA0jSrR3PF+CNDlLoV6CwKa+6tl0tlds60/QXXGdA
p7ku6MeEnD8K0cArgBMZDPhGRHC2tmyEEDSkGF06IsKqyvY+XGtR+vhRUKjESKJJ
OuZMzteTscmd7HxnUdCYlelYMRRi3cVumUkPkIlpq0vZ
-----END CERTIFICATE-----