This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tLGnhAIC6ZN0NadnxDi2_JuJZ-Q.roa
File:                     tLGnhAIC6ZN0NadnxDi2_JuJZ-Q.roa (raw, json)
Hash identifier:          5+H8G5njuGNTIg3kKgsXyb6j51R0z1yDnkjkGtIzjR4=
Subject key identifier:   B4:B1:A7:84:02:02:E9:93:74:35:A7:67:C4:38:B6:FC:9B:89:67:E4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F854C14FAC4D5224ABF7EC41A9BA0C8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tLGnhAIC6ZN0NadnxDi2_JuJZ-Q.roa
Signing time:             Fri 02 Jan 2026 16:23:20 +0000
ROA not before:           Fri 02 Jan 2026 16:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        193.124.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:4c:14:fa:c4:d5:22:4a:bf:7e:c4:1a:9b:a0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4b1a7840202e9937435a767c438b6fc9b8967e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:09:f1:92:0d:1d:87:62:94:1e:65:68:bb:9d:
                    ae:b6:c8:9d:b4:09:1d:76:19:65:86:fe:a5:4a:42:
                    45:ee:18:08:2b:24:c4:21:a9:53:be:6f:e4:e6:45:
                    0e:00:c2:f4:e5:32:1d:f2:57:23:c9:8c:4c:30:14:
                    12:fb:0c:b9:43:49:04:ae:d5:0d:14:c0:b8:7d:4b:
                    68:b2:ea:73:c0:3f:33:1d:18:3d:1e:03:ce:27:d7:
                    2c:1a:ef:ff:1b:e2:91:6c:ae:34:24:8b:af:57:39:
                    51:1d:3e:01:d1:af:f3:c6:bc:af:cf:41:7a:e8:3f:
                    51:42:5e:07:1c:c0:6f:03:0f:c0:8a:21:04:93:0f:
                    1f:b1:eb:b6:16:5e:6d:9a:b6:d3:5c:04:54:04:2e:
                    00:24:3e:d9:03:93:84:ee:96:9a:31:1e:78:1f:e4:
                    33:32:3c:58:60:25:63:0c:8d:87:1c:26:8b:63:87:
                    d3:73:de:dd:91:1e:f0:3f:c9:95:9a:c7:db:28:74:
                    8c:8a:07:6c:fb:e6:59:6b:88:78:bc:29:0c:4f:08:
                    d1:19:53:cb:0c:f2:85:72:b3:1b:3c:a3:b3:f1:ba:
                    81:b4:f7:de:e4:d6:2d:fe:1b:b7:65:79:db:8f:a7:
                    f9:26:31:a3:9d:f9:9a:03:15:01:73:12:2b:ff:c7:
                    6b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B1:A7:84:02:02:E9:93:74:35:A7:67:C4:38:B6:FC:9B:89:67:E4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tLGnhAIC6ZN0NadnxDi2_JuJZ-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:6f:ad:7f:4a:af:8c:ab:55:34:15:ae:4d:fc:44:02:2b:ce:
         82:c4:f2:b2:88:00:72:ae:cf:c5:80:68:00:55:42:ea:29:3f:
         5c:10:72:d9:c1:d9:e9:e4:88:50:6c:b5:de:5f:52:dd:b5:19:
         9d:92:3d:a5:7a:9c:cc:60:b5:8b:7d:f0:07:e6:4b:b1:00:e2:
         fc:fb:16:e5:80:05:7d:43:84:a6:91:1c:85:18:f8:aa:67:18:
         33:08:44:3e:48:f5:d5:c7:ee:40:ae:a1:36:22:17:ee:10:30:
         cc:de:b5:de:1d:02:d5:05:64:aa:96:38:45:1a:e1:c4:38:de:
         4e:3a:f3:ab:f6:69:0c:98:05:45:67:24:5d:ea:06:f8:75:67:
         07:50:3d:a5:9b:1d:32:f9:ca:27:34:ea:17:8c:6f:74:d2:a0:
         00:c0:00:2c:ad:fc:37:44:ac:9e:1d:19:f7:ef:0b:25:65:a8:
         2b:32:84:00:55:26:61:98:e3:63:ed:c1:21:b8:28:ba:a3:e7:
         e2:5e:67:36:51:e7:3a:52:94:2a:b7:04:ea:d1:24:fb:01:61:
         62:bf:92:fa:8a:36:f6:d6:7e:ba:16:0c:2c:e9:51:8e:1b:f3:
         0b:8f:17:da:ec:a7:cf:ee:f2:a1:cd:72:c6:21:89:04:85:e7:
         f0:93:19:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUwU+sTVIkq/fsQam6DIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGIxYTc4NDAyMDJlOTkzNzQzNWE3NjdjNDM4YjZmYzliODk2N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAnxkg0dh2KUHmVou52utsidtAkd
dhllhv6lSkJF7hgIKyTEIalTvm/k5kUOAML05TId8lcjyYxMMBQS+wy5Q0kErtUN
FMC4fUtosupzwD8zHRg9HgPOJ9csGu//G+KRbK40JIuvVzlRHT4B0a/zxryvz0F6
6D9RQl4HHMBvAw/AiiEEkw8fseu2Fl5tmrbTXARUBC4AJD7ZA5OE7paaMR54H+Qz
MjxYYCVjDI2HHCaLY4fTc97dkR7wP8mVmsfbKHSMigds++ZZa4h4vCkMTwjRGVPL
DPKFcrMbPKOz8bqBtPfe5NYt/hu3ZXnbj6f5JjGjnfmaAxUBcxIr/8drEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSxp4QCAumTdDWnZ8Q4tvybiWfkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdExHbmhBSUM2Wk4wTmFkbnhEaTJfSnVKWi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXyFMA0G
CSqGSIb3DQEBCwUAA4IBAQAVb61/Sq+Mq1U0Fa5N/EQCK86CxPKyiAByrs/FgGgA
VULqKT9cEHLZwdnp5IhQbLXeX1LdtRmdkj2lepzMYLWLffAH5kuxAOL8+xblgAV9
Q4SmkRyFGPiqZxgzCEQ+SPXVx+5ArqE2IhfuEDDM3rXeHQLVBWSqljhFGuHEON5O
OvOr9mkMmAVFZyRd6gb4dWcHUD2lmx0y+conNOoXjG900qAAwAAsrfw3RKyeHRn3
7wslZagrMoQAVSZhmONj7cEhuCi6o+fiXmc2Uec6UpQqtwTq0ST7AWFiv5L6ijb2
1n66Fgws6VGOG/MLjxfa7KfP7vKhzXLGIYkEhefwkxn8
-----END CERTIFICATE-----