This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DbYXCoxKEVnzYPpMLG_9Rfc5Fps.roa
File:                     DbYXCoxKEVnzYPpMLG_9Rfc5Fps.roa (raw, json)
Hash identifier:          ZQBeFKwJhvivre0jqjP8rEYf0B7VpLZ65SIei02VlDs=
Subject key identifier:   0D:B6:17:0A:8C:4A:11:59:F3:60:FA:4C:2C:6F:FD:45:F7:39:16:9B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F855F1F06772F99127ED3E018472BE5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DbYXCoxKEVnzYPpMLG_9Rfc5Fps.roa
Signing time:             Fri 02 Jan 2026 16:23:25 +0000
ROA not before:           Fri 02 Jan 2026 16:23:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200113
IP address blocks:        194.87.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:5f:1f:06:77:2f:99:12:7e:d3:e0:18:47:2b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0db6170a8c4a1159f360fa4c2c6ffd45f739169b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:72:a5:fd:3d:57:c8:64:6f:1d:b6:7f:73:66:
                    aa:5e:ae:4d:92:69:86:f4:7a:4b:57:a3:22:09:b5:
                    8d:b6:cd:34:ad:00:e8:23:32:89:90:35:47:3d:94:
                    52:36:ef:3e:25:94:16:98:f2:79:02:ba:17:2f:66:
                    31:05:b0:9d:84:66:fb:04:3b:cb:19:e2:88:d3:77:
                    00:15:66:e2:84:65:0c:05:99:d9:01:46:3d:f9:a0:
                    74:e3:20:ef:40:07:1f:5d:dc:3b:16:12:f2:c5:23:
                    6b:ae:1a:bb:72:06:43:48:3a:24:27:7f:eb:31:f5:
                    a1:c8:1a:79:3e:5a:4c:9b:74:3d:be:9a:06:b9:f2:
                    56:e1:86:cb:85:75:32:83:11:b0:4d:8b:39:ec:42:
                    3a:b2:e0:3d:33:14:ba:e9:bf:9d:45:b5:d6:7a:69:
                    50:e7:e6:65:b3:27:3d:87:98:38:3a:6e:ae:78:fb:
                    bb:65:56:26:8e:d2:7a:6e:c2:62:5e:51:b9:5b:cd:
                    25:57:f8:d2:32:98:a1:ff:f9:22:4d:3f:4b:90:6d:
                    40:cd:53:3e:e4:03:6b:5d:d9:7c:85:76:a5:d7:2f:
                    b6:20:10:42:a4:b2:02:fa:a1:27:44:ac:2f:54:8d:
                    79:97:e8:76:85:73:bb:51:7a:f6:d8:8d:00:c4:e9:
                    ce:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B6:17:0A:8C:4A:11:59:F3:60:FA:4C:2C:6F:FD:45:F7:39:16:9B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DbYXCoxKEVnzYPpMLG_9Rfc5Fps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ff:61:64:c6:37:8a:80:8a:b8:fb:f5:69:92:0c:53:8f:75:
         fc:41:d8:d2:aa:e0:c0:d6:a5:0e:6a:52:5d:3a:f0:4e:3e:b8:
         be:cb:3b:98:ff:23:42:72:9c:79:36:d1:06:58:8c:38:d6:11:
         2b:ce:69:a0:fa:ce:ca:68:b6:d7:03:67:4a:51:eb:60:8a:97:
         8c:38:89:35:9d:5f:e7:33:c4:9d:c7:7d:8b:62:6f:e5:77:69:
         3a:c1:20:9c:1b:36:8e:6a:85:3d:43:a0:ff:5a:f8:1b:2f:b3:
         ed:67:17:c0:06:08:19:99:c3:d2:40:91:66:fc:79:8b:91:da:
         c1:74:e0:eb:72:63:35:a2:22:3d:cf:1e:c6:8b:18:3d:5a:dc:
         76:76:34:51:04:e7:b6:32:87:f7:0e:bf:28:10:cc:4d:06:36:
         35:bb:a3:b0:65:98:ad:43:49:b9:c5:21:85:8f:84:15:da:8f:
         72:8d:b9:96:82:e6:59:1d:56:c1:fa:61:1f:2b:19:b7:36:84:
         0d:29:a1:4d:7a:1b:09:31:dd:0a:df:92:ed:37:a2:d8:c3:a0:
         09:d4:dc:a9:98:c1:ed:e8:6f:87:e9:25:9b:a5:1c:18:a0:dc:
         d0:ef:89:86:13:8a:75:5b:b1:bb:06:30:36:74:b6:a8:f3:3a:
         81:25:d0:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hV8fBncvmRJ+0+AYRyvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI2MTcwYThjNGExMTU5ZjM2MGZhNGMyYzZmZmQ0NWY3MzkxNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXKl/T1XyGRvHbZ/c2aqXq5NkmmG
9HpLV6MiCbWNts00rQDoIzKJkDVHPZRSNu8+JZQWmPJ5AroXL2YxBbCdhGb7BDvL
GeKI03cAFWbihGUMBZnZAUY9+aB04yDvQAcfXdw7FhLyxSNrrhq7cgZDSDokJ3/r
MfWhyBp5PlpMm3Q9vpoGufJW4YbLhXUygxGwTYs57EI6suA9MxS66b+dRbXWemlQ
5+Zlsyc9h5g4Om6uePu7ZVYmjtJ6bsJiXlG5W80lV/jSMpih//kiTT9LkG1AzVM+
5ANrXdl8hXal1y+2IBBCpLIC+qEnRKwvVI15l+h2hXO7UXr22I0AxOnOVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA22FwqMShFZ82D6TCxv/UX3ORabMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRGJZWENveEtFVm56WVBwTUxHXzlSZmM1RnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlf7MA0G
CSqGSIb3DQEBCwUAA4IBAQAo/2FkxjeKgIq4+/VpkgxTj3X8QdjSquDA1qUOalJd
OvBOPri+yzuY/yNCcpx5NtEGWIw41hErzmmg+s7KaLbXA2dKUetgipeMOIk1nV/n
M8Sdx32LYm/ld2k6wSCcGzaOaoU9Q6D/WvgbL7PtZxfABggZmcPSQJFm/HmLkdrB
dODrcmM1oiI9zx7Gixg9Wtx2djRRBOe2Mof3Dr8oEMxNBjY1u6OwZZitQ0m5xSGF
j4QV2o9yjbmWguZZHVbB+mEfKxm3NoQNKaFNehsJMd0K35LtN6LYw6AJ1NypmMHt
6G+H6SWbpRwYoNzQ74mGE4p1W7G7BjA2dLao8zqBJdC0
-----END CERTIFICATE-----