This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/baWpJacH22lwvMp-0Q3sr_wlZMw.roa
File:                     baWpJacH22lwvMp-0Q3sr_wlZMw.roa (raw, json)
Hash identifier:          sRCadDkwVNmCUfiGTkcWKw2SuyKd0BdUjPjB7kA8SyA=
Subject key identifier:   6D:A5:A9:25:A7:07:DB:69:70:BC:CA:7E:D1:0D:EC:AF:FC:25:64:CC
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B79107FBBFEC1C24CDEBE44B45A3540A5
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/baWpJacH22lwvMp-0Q3sr_wlZMw.roa
Signing time:             Thu 01 Jan 2026 10:18:02 +0000
ROA not before:           Thu 01 Jan 2026 10:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6220
IP address blocks:        213.198.48.0/24 maxlen: 24
                          213.198.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:7f:bb:fe:c1:c2:4c:de:be:44:b4:5a:35:40:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6da5a925a707db6970bcca7ed10decaffc2564cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:43:12:1f:14:a2:cb:fc:ca:47:7f:93:38:83:
                    d3:a4:77:9f:bb:de:b7:f6:25:62:78:9e:b9:8c:c1:
                    01:85:42:45:41:3f:13:c3:e8:3c:1e:9d:bc:fc:05:
                    6b:8f:0f:6f:6c:c8:03:42:f0:b0:f1:e2:6b:e1:d7:
                    29:a9:87:23:3d:2e:f0:3f:e7:38:f6:8a:a3:fb:27:
                    b6:9a:85:5c:12:73:cc:ae:23:ef:0a:b7:2b:e9:e0:
                    b0:a0:d3:1f:b0:d4:fd:31:40:e4:a2:4d:d1:f8:b8:
                    cf:26:2f:75:c6:38:3a:6b:15:7c:12:76:20:70:a4:
                    e9:4f:d7:9e:37:e2:b7:0c:e3:9f:28:5c:a3:df:14:
                    b0:7a:47:c3:0c:d9:a7:0c:f1:33:5a:49:fc:84:60:
                    e0:a3:53:e6:bb:3f:1c:39:9c:1e:fd:f3:b6:82:60:
                    65:bd:e7:f4:26:b8:da:b1:15:0e:28:22:b6:16:7c:
                    da:a5:06:15:b4:19:c8:c1:66:ad:a1:5d:42:c8:6e:
                    a7:d4:7c:d6:e3:74:d8:58:9e:2f:06:9a:dd:0b:11:
                    25:0d:fe:31:f0:78:bf:49:38:93:e1:2e:ab:71:3c:
                    fc:4d:76:c3:76:fc:e6:c6:c9:95:77:40:d1:a0:53:
                    27:12:fc:dd:85:ba:ad:f0:aa:7a:4e:06:04:b7:76:
                    42:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A5:A9:25:A7:07:DB:69:70:BC:CA:7E:D1:0D:EC:AF:FC:25:64:CC
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/baWpJacH22lwvMp-0Q3sr_wlZMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:6a:7c:d7:82:dc:37:3b:11:a5:c3:e7:58:23:84:b8:30:b6:
         e4:df:81:53:12:41:d8:01:4c:75:74:ea:74:4e:dc:6f:11:81:
         74:c1:82:aa:e7:39:ca:04:90:97:ac:41:a2:df:37:15:b5:04:
         37:54:40:9a:94:98:29:a0:e5:02:cb:88:d1:59:91:bf:3a:59:
         f9:68:3f:25:0a:5c:7e:15:3b:7a:57:59:60:2d:27:24:20:75:
         01:3a:be:ce:62:37:96:c3:ea:25:f0:d5:84:d5:0c:65:4c:25:
         27:c2:55:6a:6a:ce:94:69:6a:b7:f7:07:12:8a:20:a4:43:37:
         0a:4b:5e:a2:5b:cc:d9:78:95:48:88:18:45:5f:4a:16:a1:59:
         19:98:96:75:44:40:83:3c:bd:5a:ac:c5:29:93:78:86:a5:e0:
         3e:c5:eb:7e:c5:f8:6c:8e:6f:68:f3:f9:04:ee:e8:d3:f5:2a:
         b5:d1:a5:e6:78:51:3e:fa:c4:e6:3c:6a:f6:a0:e1:5f:17:c0:
         ed:f1:f1:4c:99:e8:49:08:3a:91:22:15:cd:ab:a9:91:18:ad:
         67:90:eb:f1:e5:6e:76:52:43:4e:7e:bb:af:04:fd:46:5c:3e:
         35:f5:97:09:4f:35:3a:9a:98:fe:cb:08:44:2c:aa:c3:e7:87:
         4e:18:ed:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EH+7/sHCTN6+RLRaNUClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGE1YTkyNWE3MDdkYjY5NzBiY2NhN2VkMTBkZWNhZmZjMjU2NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUMSHxSiy/zKR3+TOIPTpHefu963
9iVieJ65jMEBhUJFQT8Tw+g8Hp28/AVrjw9vbMgDQvCw8eJr4dcpqYcjPS7wP+c4
9oqj+ye2moVcEnPMriPvCrcr6eCwoNMfsNT9MUDkok3R+LjPJi91xjg6axV8EnYg
cKTpT9eeN+K3DOOfKFyj3xSwekfDDNmnDPEzWkn8hGDgo1Pmuz8cOZwe/fO2gmBl
vef0JrjasRUOKCK2FnzapQYVtBnIwWatoV1CyG6n1HzW43TYWJ4vBprdCxElDf4x
8Hi/STiT4S6rcTz8TXbDdvzmxsmVd0DRoFMnEvzdhbqt8Kp6TgYEt3ZCWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2lqSWnB9tpcLzKftEN7K/8JWTMMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvYmFXcEphY0gyMmx3dk1wLTBRM3NyX3dsWk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1cYwMA0G
CSqGSIb3DQEBCwUAA4IBAQA2anzXgtw3OxGlw+dYI4S4MLbk34FTEkHYAUx1dOp0
TtxvEYF0wYKq5znKBJCXrEGi3zcVtQQ3VECalJgpoOUCy4jRWZG/Oln5aD8lClx+
FTt6V1lgLSckIHUBOr7OYjeWw+ol8NWE1QxlTCUnwlVqas6UaWq39wcSiiCkQzcK
S16iW8zZeJVIiBhFX0oWoVkZmJZ1RECDPL1arMUpk3iGpeA+xet+xfhsjm9o8/kE
7ujT9Sq10aXmeFE++sTmPGr2oOFfF8Dt8fFMmehJCDqRIhXNq6mRGK1nkOvx5W52
UkNOfruvBP1GXD419ZcJTzU6mpj+ywhELKrD54dOGO3P
-----END CERTIFICATE-----