This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/aGVq1qlHRtHSdtTipi-WJQc-N54.roa
File:                     aGVq1qlHRtHSdtTipi-WJQc-N54.roa (raw, json)
Hash identifier:          3i3XrjHk6c9zIgMhAdvBgRhhPmsJrwyTEyF51QuT+7I=
Subject key identifier:   68:65:6A:D6:A9:47:46:D1:D2:76:D4:E2:A6:2F:96:25:07:3E:37:9E
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019A6FCBC9D79A878A230EA697419F85497C
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/aGVq1qlHRtHSdtTipi-WJQc-N54.roa
Signing time:             Mon 10 Nov 2025 22:03:37 +0000
ROA not before:           Mon 10 Nov 2025 22:03:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63440
IP address blocks:        213.198.94.144/30 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Nov 2025 16:39:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6f:cb:c9:d7:9a:87:8a:23:0e:a6:97:41:9f:85:49:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Nov 10 22:03:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68656ad6a94746d1d276d4e2a62f9625073e379e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:26:64:88:95:09:86:3a:2e:4b:7e:97:cb:26:
                    b5:07:89:d7:90:bb:48:2e:ef:ce:56:4b:06:76:5a:
                    34:c8:b6:5f:a8:3f:43:14:6c:08:72:29:41:b6:2a:
                    46:cd:3c:98:23:6e:33:81:fb:85:f1:72:0c:2a:90:
                    79:45:26:09:7f:88:9f:f5:c6:3d:f1:36:22:a8:f5:
                    9a:1f:a1:46:e6:13:38:7c:86:a8:91:fc:8b:db:c7:
                    25:04:37:a4:3c:8d:dd:4b:13:98:c3:a0:e4:5e:80:
                    e3:08:60:0c:d9:8a:c8:d1:52:ae:a2:28:08:b6:ec:
                    0d:4b:d6:95:3a:dc:19:8e:86:2b:4f:15:7f:02:64:
                    cd:1a:95:5b:78:21:a0:cc:71:91:3b:42:0d:a8:af:
                    0e:a9:d9:c4:72:8f:09:4d:c7:26:1f:f5:8a:6e:65:
                    34:be:bd:dc:b9:22:7b:d8:f3:bd:ab:32:28:05:f0:
                    50:f7:66:9e:1c:51:59:84:8f:cd:01:31:3b:81:76:
                    61:20:be:d6:fe:d0:a1:55:88:a3:d3:0f:5a:86:22:
                    d2:c4:c3:48:38:ef:82:78:a1:2d:05:55:5c:a0:56:
                    92:55:fc:e0:e1:de:57:ff:c6:25:83:5c:6a:52:25:
                    42:3c:36:b4:85:67:b6:39:7f:62:ec:ef:b6:24:31:
                    d4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:65:6A:D6:A9:47:46:D1:D2:76:D4:E2:A6:2F:96:25:07:3E:37:9E
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/aGVq1qlHRtHSdtTipi-WJQc-N54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.94.144/30

    Signature Algorithm: sha256WithRSAEncryption
         b8:99:7a:12:68:7b:8c:b3:0a:5b:c1:b9:5d:2d:99:55:6e:79:
         77:35:02:d0:73:86:5f:cb:28:bd:4a:d1:22:8b:fe:88:be:3c:
         51:35:f0:4f:8c:10:8f:83:4d:77:7a:d2:3a:ee:c0:ce:e7:bd:
         55:c7:71:a1:c7:a7:03:a7:1c:e1:99:8f:a2:c9:34:75:10:8d:
         2d:d5:27:ef:18:c2:2d:46:07:3e:ad:60:bb:2d:bd:96:f9:5f:
         44:cd:e9:8b:f9:c9:31:5f:dc:f3:eb:fd:db:8a:23:ba:5d:f3:
         3c:27:95:a0:7a:5c:dc:39:33:be:af:bc:3b:cc:15:6e:25:a4:
         2a:ef:4c:6b:eb:ae:51:21:b9:a4:81:90:34:dd:8a:d4:b0:7a:
         24:43:f1:3f:2f:c3:02:6e:86:6e:60:aa:5b:4c:c0:e7:58:4e:
         d1:ef:0e:6a:11:7e:8e:a2:eb:cd:f5:b3:87:91:a2:94:d9:09:
         ce:89:4f:29:56:17:46:c8:0c:02:47:1c:8c:8c:49:2a:88:29:
         d2:31:3c:03:4a:5a:8f:82:c2:a4:58:c3:56:1b:40:ee:bb:84:
         29:66:2c:e0:fe:9e:5f:9f:8d:50:99:2c:3c:f3:2c:6e:8c:31:
         f0:9d:d9:f9:45:1e:7b:13:dc:3f:2b:4e:6c:4d:a9:20:72:e2:
         09:7e:06:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpvy8nXmoeKIw6ml0GfhUl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUxMTEwMjIwMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODY1NmFkNmE5NDc0NmQxZDI3NmQ0ZTJhNjJmOTYyNTA3M2UzNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCZkiJUJhjouS36Xyya1B4nXkLtI
Lu/OVksGdlo0yLZfqD9DFGwIcilBtipGzTyYI24zgfuF8XIMKpB5RSYJf4if9cY9
8TYiqPWaH6FG5hM4fIaokfyL28clBDekPI3dSxOYw6DkXoDjCGAM2YrI0VKuoigI
tuwNS9aVOtwZjoYrTxV/AmTNGpVbeCGgzHGRO0INqK8OqdnEco8JTccmH/WKbmU0
vr3cuSJ72PO9qzIoBfBQ92aeHFFZhI/NATE7gXZhIL7W/tChVYij0w9ahiLSxMNI
OO+CeKEtBVVcoFaSVfzg4d5X/8Ylg1xqUiVCPDa0hWe2OX9i7O+2JDHUmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGhlatapR0bR0nbU4qYvliUHPjeeMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvYUdWcTFxbEhSdEhTZHRUaXBpLVdKUWMtTjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUC1cZekDAN
BgkqhkiG9w0BAQsFAAOCAQEAuJl6Emh7jLMKW8G5XS2ZVW55dzUC0HOGX8sovUrR
Iov+iL48UTXwT4wQj4NNd3rSOu7Azue9VcdxocenA6cc4ZmPosk0dRCNLdUn7xjC
LUYHPq1guy29lvlfRM3pi/nJMV/c8+v924ojul3zPCeVoHpc3Dkzvq+8O8wVbiWk
Ku9Ma+uuUSG5pIGQNN2K1LB6JEPxPy/DAm6GbmCqW0zA51hO0e8OahF+jqLrzfWz
h5GilNkJzolPKVYXRsgMAkccjIxJKogp0jE8A0paj4LCpFjDVhtA7ruEKWYs4P6e
X5+NUJksPPMsbowx8J3Z+UUeexPcPytObE2pIHLiCX4GSg==
-----END CERTIFICATE-----