This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/42YWr5OhbKc0Pizwtc2S4hATTvI.roa
File:                     42YWr5OhbKc0Pizwtc2S4hATTvI.roa (raw, json)
Hash identifier:          DjyBYoPw3TsTXrbKpaqqcR6UDSKAlprPGT2cyckJMMA=
Subject key identifier:   E3:66:16:AF:93:A1:6C:A7:34:3E:2C:F0:B5:CD:92:E2:10:13:4E:F2
Certificate issuer:       /CN=4d70af1a99886c9101d135f54bd2bdef358b266e
Certificate serial:       019B7C80D3CF708988EFE555F9FC6EEDE5CB
Authority key identifier: 4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/42YWr5OhbKc0Pizwtc2S4hATTvI.roa
Signing time:             Fri 02 Jan 2026 02:19:36 +0000
ROA not before:           Fri 02 Jan 2026 02:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51970
IP address blocks:        84.247.22.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:d3:cf:70:89:88:ef:e5:55:f9:fc:6e:ed:e5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d70af1a99886c9101d135f54bd2bdef358b266e
        Validity
            Not Before: Jan  2 02:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e36616af93a16ca7343e2cf0b5cd92e210134ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7d:33:82:9a:e1:f7:4e:fe:da:4a:b3:0d:cf:
                    dc:2a:4a:fa:ec:42:46:e2:ac:37:33:bf:ab:74:72:
                    33:5a:fa:c2:36:7c:3d:57:44:47:83:71:94:b6:6d:
                    8e:34:93:87:97:b4:a6:8e:3e:03:e1:75:b4:99:ee:
                    53:07:0b:79:a1:e3:0a:ef:74:9c:12:64:4b:33:0c:
                    24:9a:22:db:a9:7a:2f:60:21:d0:a1:5e:c3:ab:f7:
                    7c:dc:7a:43:7f:44:f1:75:58:67:63:fd:6b:ae:1c:
                    08:eb:7a:c2:1b:c0:7f:2f:6a:cf:f7:dc:6f:1c:a5:
                    e2:82:67:f9:b4:54:85:ba:6a:f1:4d:8d:41:cb:06:
                    b1:af:3c:6f:35:34:ad:19:fd:66:84:3c:66:15:f5:
                    5e:af:dc:c0:b5:4c:a2:d8:74:08:ba:1f:6e:ad:af:
                    5d:73:f8:29:5f:08:5d:45:6d:c6:57:f8:b4:1a:04:
                    b6:4d:2b:4e:dc:33:40:47:dc:3a:86:c9:bf:1f:99:
                    38:75:79:0b:5e:de:a6:70:dd:54:dc:97:7b:79:fa:
                    99:47:7e:d5:57:f9:c1:cf:49:82:96:ca:9d:ef:0d:
                    83:bf:e9:d3:33:de:64:96:08:df:67:83:c3:48:9f:
                    ee:84:ca:4f:a5:e1:fa:55:dd:08:72:32:b1:69:49:
                    9b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:66:16:AF:93:A1:6C:A7:34:3E:2C:F0:B5:CD:92:E2:10:13:4E:F2
            X509v3 Authority Key Identifier:
                keyid:4D:70:AF:1A:99:88:6C:91:01:D1:35:F5:4B:D2:BD:EF:35:8B:26:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXCvGpmIbJEB0TX1S9K97zWLJm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/42YWr5OhbKc0Pizwtc2S4hATTvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a98fc7-7935-4eae-962a-461ab0ecee01/1/TXCvGpmIbJEB0TX1S9K97zWLJm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:cf:ed:f3:87:c2:e6:f5:a2:c0:72:57:6c:1f:98:7e:f6:ba:
         ee:4d:87:48:3f:cf:72:0d:70:f3:36:4a:85:c1:0f:da:21:a7:
         6a:82:9a:4a:2c:c4:ee:d6:b9:b3:b8:cb:84:83:80:a1:50:44:
         d4:7b:bc:eb:68:c4:75:2e:9f:5b:5f:4d:4d:1c:7e:6e:c0:d8:
         86:dd:cb:4d:b6:bb:eb:07:37:1a:da:67:69:33:f7:37:5b:22:
         ca:7f:20:95:b8:17:09:64:fa:51:a6:b7:d0:e6:b2:70:ba:8f:
         06:1b:e5:d8:c3:e9:d0:86:e8:7b:11:e1:14:b8:4a:75:f4:77:
         cf:ff:2a:3f:4e:c9:5c:08:56:51:27:8c:50:31:21:5b:5e:da:
         ae:75:27:57:c7:37:c5:5a:63:41:24:34:88:77:ae:fa:59:24:
         64:9d:42:58:a6:5a:97:69:bf:e6:71:af:21:df:00:55:97:a2:
         98:38:3b:9e:7e:57:af:15:8a:1b:5a:f6:b5:d4:7b:6a:36:d1:
         8e:8c:8b:04:9b:0b:c1:79:da:4b:e8:f3:64:94:c0:59:3a:73:
         e0:68:84:25:d4:38:b9:1a:b7:f1:93:14:74:fa:ac:28:65:d7:
         67:9d:5a:0d:5f:a6:50:7e:16:b3:d5:33:ce:e2:8f:70:43:bb:
         1e:01:02:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gNPPcImI7+VV+fxu7eXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzBhZjFhOTk4ODZjOTEwMWQxMzVmNTRiZDJiZGVmMzU4
YjI2NmUwHhcNMjYwMTAyMDIxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY2MTZhZjkzYTE2Y2E3MzQzZTJjZjBiNWNkOTJlMjEwMTM0ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3X0zgprh907+2kqzDc/cKkr67EJG
4qw3M7+rdHIzWvrCNnw9V0RHg3GUtm2ONJOHl7Smjj4D4XW0me5TBwt5oeMK73Sc
EmRLMwwkmiLbqXovYCHQoV7Dq/d83HpDf0TxdVhnY/1rrhwI63rCG8B/L2rP99xv
HKXigmf5tFSFumrxTY1BywaxrzxvNTStGf1mhDxmFfVer9zAtUyi2HQIuh9ura9d
c/gpXwhdRW3GV/i0GgS2TStO3DNAR9w6hsm/H5k4dXkLXt6mcN1U3Jd7efqZR37V
V/nBz0mClsqd7w2Dv+nTM95klgjfZ4PDSJ/uhMpPpeH6Vd0IcjKxaUmbAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONmFq+ToWynND4s8LXNkuIQE07yMB8GA1UdIwQY
MBaAFE1wrxqZiGyRAdE19UvSve81iyZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEt
NDYxYWIwZWNlZTAxLzEvNDJZV3I1T2hiS2MwUGl6d3RjMlM0aEFUVHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hOThmYzctNzkzNS00ZWFlLTk2MmEtNDYxYWIwZWNlZTAx
LzEvVFhDdkdwbUliSkVCMFRYMVM5Szk3eldMSm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcWMA0G
CSqGSIb3DQEBCwUAA4IBAQC4z+3zh8Lm9aLAcldsH5h+9rruTYdIP89yDXDzNkqF
wQ/aIadqgppKLMTu1rmzuMuEg4ChUETUe7zraMR1Lp9bX01NHH5uwNiG3ctNtrvr
Bzca2mdpM/c3WyLKfyCVuBcJZPpRprfQ5rJwuo8GG+XYw+nQhuh7EeEUuEp19HfP
/yo/TslcCFZRJ4xQMSFbXtqudSdXxzfFWmNBJDSId676WSRknUJYplqXab/mca8h
3wBVl6KYODueflevFYobWva11HtqNtGOjIsEmwvBedpL6PNklMBZOnPgaIQl1Di5
GrfxkxR0+qwoZddnnVoNX6ZQfhaz1TPO4o9wQ7seAQIw
-----END CERTIFICATE-----