This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/tOm2mcjBn8Ym8qVAgXlaktzQgQQ.roa
File:                     tOm2mcjBn8Ym8qVAgXlaktzQgQQ.roa (raw, json)
Hash identifier:          QA1CzDp5HJkMD+7uuzpOHwQafKh/ybfi3Yylc1GPX2k=
Subject key identifier:   B4:E9:B6:99:C8:C1:9F:C6:26:F2:A5:40:81:79:5A:92:DC:D0:81:04
Certificate issuer:       /CN=cd86b8ce222482a14f9b13468ce57e9992684961
Certificate serial:       019B7E373CB131B548043B5DF7CC438F145D
Authority key identifier: CD:86:B8:CE:22:24:82:A1:4F:9B:13:46:8C:E5:7E:99:92:68:49:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYa4ziIkgqFPmxNGjOV-mZJoSWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/tOm2mcjBn8Ym8qVAgXlaktzQgQQ.roa
Signing time:             Fri 02 Jan 2026 10:18:27 +0000
ROA not before:           Fri 02 Jan 2026 10:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13030
IP address blocks:        193.28.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/zYa4ziIkgqFPmxNGjOV-mZJoSWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/zYa4ziIkgqFPmxNGjOV-mZJoSWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYa4ziIkgqFPmxNGjOV-mZJoSWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:3c:b1:31:b5:48:04:3b:5d:f7:cc:43:8f:14:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd86b8ce222482a14f9b13468ce57e9992684961
        Validity
            Not Before: Jan  2 10:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4e9b699c8c19fc626f2a54081795a92dcd08104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:12:47:f7:4d:11:3b:34:cd:85:d9:3a:4f:e7:
                    d2:b1:04:f1:32:9e:cf:15:b8:e9:91:70:eb:d5:9e:
                    2c:6b:c0:9d:b1:b8:c3:78:41:77:aa:41:94:4f:b3:
                    ea:29:4f:a0:8d:0b:33:98:ec:ed:0c:cf:38:f5:11:
                    48:78:a8:6e:4b:1f:e9:d0:45:b1:82:cd:f4:17:ee:
                    55:13:7f:70:ca:15:68:7c:9a:9f:bf:6d:bc:8b:90:
                    55:d6:19:55:96:91:7b:ca:fc:ba:b7:40:b0:f9:e9:
                    aa:74:22:24:e1:ff:e2:07:f5:e6:b1:a9:91:ee:b1:
                    a8:4e:25:38:6e:f5:92:d1:f9:00:c6:cd:ea:45:2b:
                    c6:97:bb:a6:26:cd:43:15:66:13:85:1e:71:d6:22:
                    8c:d0:d3:9a:74:6b:55:fa:88:3d:99:f0:e3:b0:fe:
                    9c:f6:1a:6c:dc:ae:1b:93:79:a2:58:3a:26:54:a0:
                    d0:32:b7:c0:5c:cf:69:c1:d8:e5:e7:29:6d:9a:f8:
                    f2:d4:a2:13:29:25:ec:25:9a:4c:f4:36:37:f2:26:
                    64:97:27:c0:b5:7b:76:47:9f:01:42:34:26:b3:8f:
                    7b:da:fb:d9:27:1c:69:e2:cd:4c:26:72:49:9b:5a:
                    a8:34:ea:40:39:c1:5e:77:03:47:80:7c:c0:a2:cd:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E9:B6:99:C8:C1:9F:C6:26:F2:A5:40:81:79:5A:92:DC:D0:81:04
            X509v3 Authority Key Identifier:
                keyid:CD:86:B8:CE:22:24:82:A1:4F:9B:13:46:8C:E5:7E:99:92:68:49:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYa4ziIkgqFPmxNGjOV-mZJoSWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/tOm2mcjBn8Ym8qVAgXlaktzQgQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/608114-a97a-4877-94c7-dc2d557503ee/1/zYa4ziIkgqFPmxNGjOV-mZJoSWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:77:c7:a6:9a:84:52:7a:a6:89:84:e4:a4:e2:76:a8:d5:7e:
         30:2d:01:ff:fc:f3:59:b1:59:f0:fd:dc:0f:50:a7:39:ab:c7:
         56:00:3f:c9:3d:16:51:cf:ef:12:e2:27:96:d0:b4:8e:b3:63:
         f4:dd:bd:11:f0:74:ae:72:42:41:70:8e:40:82:b3:4f:d6:ec:
         a7:f4:56:ae:b1:5e:06:e8:f3:d7:2f:82:62:10:2a:92:04:d7:
         c5:4d:f7:71:12:28:f6:47:2a:6d:8a:04:39:28:a9:38:41:5a:
         b5:89:b6:b2:03:f4:88:61:73:ce:65:e6:3a:53:db:79:96:57:
         96:d4:c4:98:74:3c:fe:1a:80:d8:81:b7:5b:e3:97:90:3e:0a:
         11:e3:10:15:94:5c:73:c9:16:db:92:92:64:90:b4:37:31:c4:
         73:a9:4a:db:01:25:9a:c9:f0:fc:96:58:fb:09:b9:e8:0f:f7:
         16:af:7b:6e:99:ec:b1:f8:d3:e1:49:fc:7d:1a:f4:71:64:d0:
         0d:1d:8c:ad:c2:6b:16:0a:8f:11:15:e2:2c:fb:7d:85:bd:c1:
         a7:96:11:bc:a1:ed:c5:bd:03:d5:3d:39:d2:96:ee:83:8e:df:
         2f:42:66:7e:f7:cb:e0:1a:80:da:e0:df:1e:21:65:1b:4d:1e:
         f5:0e:de:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+NzyxMbVIBDtd98xDjxRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODZiOGNlMjIyNDgyYTE0ZjliMTM0NjhjZTU3ZTk5OTI2
ODQ5NjEwHhcNMjYwMTAyMTAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGU5YjY5OWM4YzE5ZmM2MjZmMmE1NDA4MTc5NWE5MmRjZDA4MTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xJH900ROzTNhdk6T+fSsQTxMp7P
FbjpkXDr1Z4sa8CdsbjDeEF3qkGUT7PqKU+gjQszmOztDM849RFIeKhuSx/p0EWx
gs30F+5VE39wyhVofJqfv228i5BV1hlVlpF7yvy6t0Cw+emqdCIk4f/iB/XmsamR
7rGoTiU4bvWS0fkAxs3qRSvGl7umJs1DFWYThR5x1iKM0NOadGtV+og9mfDjsP6c
9hps3K4bk3miWDomVKDQMrfAXM9pwdjl5yltmvjy1KITKSXsJZpM9DY38iZklyfA
tXt2R58BQjQms4972vvZJxxp4s1MJnJJm1qoNOpAOcFedwNHgHzAos0TPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTptpnIwZ/GJvKlQIF5WpLc0IEEMB8GA1UdIwQY
MBaAFM2GuM4iJIKhT5sTRozlfpmSaElhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellhNHppSWtncUZQbXhOR2pPVi1tWkpvU1dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82MDgxMTQtYTk3YS00ODc3LTk0Yzct
ZGMyZDU1NzUwM2VlLzEvdE9tMm1jakJuOFltOHFWQWdYbGFrdHpRZ1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82MDgxMTQtYTk3YS00ODc3LTk0YzctZGMyZDU1NzUwM2Vl
LzEvellhNHppSWtncUZQbXhOR2pPVi1tWkpvU1dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRyRMA0G
CSqGSIb3DQEBCwUAA4IBAQB1d8emmoRSeqaJhOSk4nao1X4wLQH//PNZsVnw/dwP
UKc5q8dWAD/JPRZRz+8S4ieW0LSOs2P03b0R8HSuckJBcI5AgrNP1uyn9FausV4G
6PPXL4JiECqSBNfFTfdxEij2RyptigQ5KKk4QVq1ibayA/SIYXPOZeY6U9t5lleW
1MSYdDz+GoDYgbdb45eQPgoR4xAVlFxzyRbbkpJkkLQ3McRzqUrbASWayfD8llj7
CbnoD/cWr3tumeyx+NPhSfx9GvRxZNANHYytwmsWCo8RFeIs+32FvcGnlhG8oe3F
vQPVPTnSlu6Djt8vQmZ+98vgGoDa4N8eIWUbTR71Dt6R
-----END CERTIFICATE-----