This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/WaiBRN4zqeNTstFb2Bj7FDDnj4A.roa
File:                     WaiBRN4zqeNTstFb2Bj7FDDnj4A.roa (raw, json)
Hash identifier:          R2F3HKnWVo0NsS1fo82XPlwTKBu5M4Ho2YxFKIfZuWs=
Subject key identifier:   59:A8:81:44:DE:33:A9:E3:53:B2:D1:5B:D8:18:FB:14:30:E7:8F:80
Certificate issuer:       /CN=dce6e13e413baf381b625131e924e947843436f5
Certificate serial:       019B7BA50CCABD3469C9B1F03D45E6D8592C
Authority key identifier: DC:E6:E1:3E:41:3B:AF:38:1B:62:51:31:E9:24:E9:47:84:34:36:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ObhPkE7rzgbYlEx6STpR4Q0NvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/WaiBRN4zqeNTstFb2Bj7FDDnj4A.roa
Signing time:             Thu 01 Jan 2026 22:19:32 +0000
ROA not before:           Thu 01 Jan 2026 22:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6730
IP address blocks:        194.1.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/3ObhPkE7rzgbYlEx6STpR4Q0NvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/3ObhPkE7rzgbYlEx6STpR4Q0NvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ObhPkE7rzgbYlEx6STpR4Q0NvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:0c:ca:bd:34:69:c9:b1:f0:3d:45:e6:d8:59:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce6e13e413baf381b625131e924e947843436f5
        Validity
            Not Before: Jan  1 22:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59a88144de33a9e353b2d15bd818fb1430e78f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6f:38:32:9e:26:0c:a5:6d:d6:ca:6d:18:b1:
                    9f:da:8e:11:84:35:f8:da:3e:5c:1f:fa:f0:2f:eb:
                    17:43:c6:b9:cf:37:6c:64:0e:86:12:b6:1e:fa:fc:
                    7f:79:03:05:a4:21:82:6e:8e:e5:1d:3b:97:b4:8d:
                    75:0c:bb:18:c1:cc:99:95:2d:82:a2:3f:4a:0c:b5:
                    0a:01:40:7e:7b:c9:7f:66:b0:df:7f:12:3e:a6:82:
                    b1:d9:9f:f0:f6:ce:ef:92:e6:8a:ac:3a:b6:ce:03:
                    b9:a0:5f:32:96:28:4c:fa:ed:ce:94:73:fe:2b:19:
                    af:e0:d2:e4:41:3b:28:b9:c5:84:7f:f3:3e:4d:a1:
                    0b:27:3e:86:c0:39:cb:37:03:94:2c:ff:63:eb:79:
                    22:4f:25:46:78:8e:15:17:4f:ba:7e:86:b8:b8:43:
                    ec:a2:9d:ca:cd:8a:b8:f5:44:64:c8:76:57:ef:14:
                    02:2f:4b:53:f5:f5:a8:32:de:59:06:d3:68:10:17:
                    3f:c2:0c:f7:3f:a5:6b:21:5f:49:77:84:ab:6f:96:
                    5e:1c:7d:d5:70:b7:05:c8:61:a7:ad:f0:8c:79:db:
                    c2:8b:f9:1a:15:0d:91:5d:8c:6e:3d:31:f5:61:0d:
                    48:12:08:01:35:1a:40:09:14:f8:f6:a1:6f:0f:ac:
                    64:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A8:81:44:DE:33:A9:E3:53:B2:D1:5B:D8:18:FB:14:30:E7:8F:80
            X509v3 Authority Key Identifier:
                keyid:DC:E6:E1:3E:41:3B:AF:38:1B:62:51:31:E9:24:E9:47:84:34:36:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ObhPkE7rzgbYlEx6STpR4Q0NvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/WaiBRN4zqeNTstFb2Bj7FDDnj4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9a4ef5-42fa-435f-a8fe-b1f4fc7522a0/1/3ObhPkE7rzgbYlEx6STpR4Q0NvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ca:53:78:04:85:82:11:b5:74:e4:07:5a:3e:58:89:64:4c:
         cf:09:80:f1:66:47:1c:f1:b4:b3:c2:f1:46:67:fe:70:05:0e:
         f0:c8:a1:27:d2:35:00:4b:93:b4:05:ab:71:9b:db:b8:ff:6b:
         44:cf:64:c1:d3:04:22:29:31:bd:74:72:dd:99:d8:f2:34:9c:
         de:70:f6:26:74:2d:b9:af:54:60:45:61:6e:11:ab:75:01:3b:
         12:57:89:f2:58:b0:0d:e0:66:ea:59:e5:34:92:a3:67:61:e7:
         8a:7e:a2:f9:4d:f7:8d:8b:24:d5:f3:c7:06:47:e3:9b:d0:62:
         ae:e0:88:b3:ac:43:64:f7:4a:19:74:66:90:10:92:bd:82:64:
         64:7c:c8:b3:1f:ae:be:de:0f:7a:2c:9a:12:a0:17:b5:3c:cc:
         e6:91:44:5b:05:1a:4b:17:df:c8:dd:86:e2:8f:70:33:e0:79:
         c1:c2:8b:ba:06:41:0d:82:cb:93:40:97:5a:f7:54:3e:01:92:
         7f:df:ca:df:b9:63:0e:d0:99:a1:3f:73:eb:b9:5a:5a:0e:bf:
         56:14:73:ae:ca:6f:e8:1c:0a:c0:5e:97:d3:fa:12:a5:83:0e:
         9a:e9:d6:94:e8:6e:a4:c5:79:41:c0:31:ca:7f:55:0a:e4:b2:
         87:94:1b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQzKvTRpybHwPUXm2FksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTZlMTNlNDEzYmFmMzgxYjYyNTEzMWU5MjRlOTQ3ODQz
NDM2ZjUwHhcNMjYwMTAxMjIxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE4ODE0NGRlMzNhOWUzNTNiMmQxNWJkODE4ZmIxNDMwZTc4ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm84Mp4mDKVt1sptGLGf2o4RhDX4
2j5cH/rwL+sXQ8a5zzdsZA6GErYe+vx/eQMFpCGCbo7lHTuXtI11DLsYwcyZlS2C
oj9KDLUKAUB+e8l/ZrDffxI+poKx2Z/w9s7vkuaKrDq2zgO5oF8ylihM+u3OlHP+
Kxmv4NLkQTsoucWEf/M+TaELJz6GwDnLNwOULP9j63kiTyVGeI4VF0+6foa4uEPs
op3KzYq49URkyHZX7xQCL0tT9fWoMt5ZBtNoEBc/wgz3P6VrIV9Jd4Srb5ZeHH3V
cLcFyGGnrfCMedvCi/kaFQ2RXYxuPTH1YQ1IEggBNRpACRT49qFvD6xktwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmogUTeM6njU7LRW9gY+xQw54+AMB8GA1UdIwQY
MBaAFNzm4T5BO684G2JRMekk6UeENDb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09iaFBrRTdyemdiWWxFeDZTVHBSNFEwTnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi85YTRlZjUtNDJmYS00MzVmLWE4ZmUt
YjFmNGZjNzUyMmEwLzEvV2FpQlJONHpxZU5Uc3RGYjJCajdGRERuajRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi85YTRlZjUtNDJmYS00MzVmLWE4ZmUtYjFmNGZjNzUyMmEw
LzEvM09iaFBrRTdyemdiWWxFeDZTVHBSNFEwTnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgH1MA0G
CSqGSIb3DQEBCwUAA4IBAQBPylN4BIWCEbV05AdaPliJZEzPCYDxZkcc8bSzwvFG
Z/5wBQ7wyKEn0jUAS5O0Batxm9u4/2tEz2TB0wQiKTG9dHLdmdjyNJzecPYmdC25
r1RgRWFuEat1ATsSV4nyWLAN4GbqWeU0kqNnYeeKfqL5TfeNiyTV88cGR+Ob0GKu
4IizrENk90oZdGaQEJK9gmRkfMizH66+3g96LJoSoBe1PMzmkURbBRpLF9/I3Ybi
j3Az4HnBwou6BkENgsuTQJda91Q+AZJ/38rfuWMO0JmhP3PruVpaDr9WFHOuym/o
HArAXpfT+hKlgw6a6daU6G6kxXlBwDHKf1UK5LKHlBsG
-----END CERTIFICATE-----