This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/yUw1rcOt6TgtCelm2VNWDvkzOK4.roa
File:                     yUw1rcOt6TgtCelm2VNWDvkzOK4.roa (raw, json)
Hash identifier:          5OTxcGZtOq1eyipgogSlqCsPUOaG4WknyJnVBJaz5Nc=
Subject key identifier:   C9:4C:35:AD:C3:AD:E9:38:2D:09:E9:66:D9:53:56:0E:F9:33:38:AE
Certificate issuer:       /CN=703c48ed46cb79490e1662db01c31d02d02effe2
Certificate serial:       019B7DCAE11BE3DF89516E3823FB303FEC00
Authority key identifier: 70:3C:48:ED:46:CB:79:49:0E:16:62:DB:01:C3:1D:02:D0:2E:FF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/yUw1rcOt6TgtCelm2VNWDvkzOK4.roa
Signing time:             Fri 02 Jan 2026 08:20:06 +0000
ROA not before:           Fri 02 Jan 2026 08:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6893
IP address blocks:        193.110.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:e1:1b:e3:df:89:51:6e:38:23:fb:30:3f:ec:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=703c48ed46cb79490e1662db01c31d02d02effe2
        Validity
            Not Before: Jan  2 08:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c94c35adc3ade9382d09e966d953560ef93338ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9c:29:3d:53:72:1e:f6:0c:e6:32:71:74:d3:
                    5c:13:5c:c5:f8:59:bc:c0:b7:e7:f8:3e:bf:5c:da:
                    e6:fc:56:39:af:81:3c:06:b3:a7:69:18:34:1b:b5:
                    8f:86:aa:1c:4e:a9:14:14:f9:64:23:2a:be:7c:31:
                    f8:e0:53:87:80:44:e7:4b:45:f5:e8:4c:49:ad:07:
                    9a:2e:31:cc:06:ca:8a:92:9e:ab:8f:30:ca:7a:19:
                    34:1e:76:39:5b:18:a1:28:1c:3f:e1:8d:c5:10:1a:
                    6f:8e:3e:5d:fe:a8:52:98:91:c3:0c:f3:d9:20:58:
                    c9:0a:da:fb:25:03:07:5e:2e:98:3f:16:41:71:5c:
                    e6:f6:3b:4c:81:f1:89:ba:a8:7e:3d:c5:e6:94:be:
                    35:25:c5:a6:45:2a:bd:69:ec:35:94:21:58:23:a3:
                    97:e8:63:97:04:13:d8:36:db:22:c4:f8:a0:a1:fe:
                    e0:c6:04:a7:07:fe:36:58:ff:bd:90:60:ec:31:f5:
                    a7:26:6b:e0:bc:64:d2:f0:70:8a:40:fe:ef:08:e7:
                    1c:e6:5e:70:17:7c:5c:5a:cd:a5:b3:11:0b:7c:f7:
                    9a:e8:f6:75:67:6a:1b:df:3c:49:97:44:09:ee:5c:
                    25:3a:33:dd:f2:84:6b:dc:65:eb:6f:c0:0f:75:8a:
                    50:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4C:35:AD:C3:AD:E9:38:2D:09:E9:66:D9:53:56:0E:F9:33:38:AE
            X509v3 Authority Key Identifier:
                keyid:70:3C:48:ED:46:CB:79:49:0E:16:62:DB:01:C3:1D:02:D0:2E:FF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/yUw1rcOt6TgtCelm2VNWDvkzOK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:68:b1:84:ef:c9:43:94:49:d2:ac:3e:8c:37:10:04:64:98:
         82:fa:55:22:39:5f:5b:01:f4:97:56:70:2a:c0:95:0f:95:80:
         6e:14:da:18:3f:f1:9f:fb:30:47:03:9a:53:6a:f0:7a:4b:45:
         e6:89:f1:87:e8:40:4a:43:ab:eb:9a:26:e6:ec:ea:33:75:79:
         f9:fc:b8:02:cf:12:41:1c:3e:04:7a:28:4d:90:ef:90:98:ca:
         0f:dc:07:48:0b:9c:89:84:49:29:01:06:fb:ba:a9:4d:e8:3d:
         71:73:80:b1:0d:2b:63:f6:64:89:7b:61:62:b2:7a:68:78:16:
         dc:1e:57:3d:5a:e3:77:68:40:8d:86:4f:44:b2:b4:a6:87:73:
         de:96:de:2c:40:3a:2a:9d:d3:4c:a3:e6:2f:c0:22:b6:7f:94:
         65:9b:7d:f9:c8:70:3d:97:c5:a1:85:8c:d6:e2:7b:fc:fa:9b:
         d3:58:89:38:2c:e0:4a:27:02:65:fa:f9:89:7a:77:06:a2:21:
         5f:a2:49:86:3c:ed:07:d6:17:04:a0:34:50:85:20:44:94:b8:
         4a:05:6d:f5:8d:2b:c6:1a:53:f8:b3:39:15:7d:29:16:3a:3b:
         09:ae:2d:d0:5c:13:60:c7:41:15:f9:a7:73:c8:1a:c5:4c:a1:
         d0:dd:4a:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yuEb49+JUW44I/swP+wAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwM2M0OGVkNDZjYjc5NDkwZTE2NjJkYjAxYzMxZDAyZDAy
ZWZmZTIwHhcNMjYwMTAyMDgyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRjMzVhZGMzYWRlOTM4MmQwOWU5NjZkOTUzNTYwZWY5MzMzOGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJwpPVNyHvYM5jJxdNNcE1zF+Fm8
wLfn+D6/XNrm/FY5r4E8BrOnaRg0G7WPhqocTqkUFPlkIyq+fDH44FOHgETnS0X1
6ExJrQeaLjHMBsqKkp6rjzDKehk0HnY5WxihKBw/4Y3FEBpvjj5d/qhSmJHDDPPZ
IFjJCtr7JQMHXi6YPxZBcVzm9jtMgfGJuqh+PcXmlL41JcWmRSq9aew1lCFYI6OX
6GOXBBPYNtsixPigof7gxgSnB/42WP+9kGDsMfWnJmvgvGTS8HCKQP7vCOcc5l5w
F3xcWs2lsxELfPea6PZ1Z2ob3zxJl0QJ7lwlOjPd8oRr3GXrb8APdYpQfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlMNa3Drek4LQnpZtlTVg75MziuMB8GA1UdIwQY
MBaAFHA8SO1Gy3lJDhZi2wHDHQLQLv/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0R4STdVYkxlVWtPRm1MYkFjTWRBdEF1Xy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kYTFjNDMtMTkxNi00NmFlLTg0OTEt
MzU4ODNhZjlhMzIzLzEveVV3MXJjT3Q2VGd0Q2VsbTJWTldEdmt6T0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kYTFjNDMtMTkxNi00NmFlLTg0OTEtMzU4ODNhZjlhMzIz
LzEvY0R4STdVYkxlVWtPRm1MYkFjTWRBdEF1Xy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW5fMA0G
CSqGSIb3DQEBCwUAA4IBAQBqaLGE78lDlEnSrD6MNxAEZJiC+lUiOV9bAfSXVnAq
wJUPlYBuFNoYP/Gf+zBHA5pTavB6S0XmifGH6EBKQ6vrmibm7OozdXn5/LgCzxJB
HD4EeihNkO+QmMoP3AdIC5yJhEkpAQb7uqlN6D1xc4CxDStj9mSJe2FisnpoeBbc
Hlc9WuN3aECNhk9EsrSmh3Pelt4sQDoqndNMo+YvwCK2f5Rlm335yHA9l8WhhYzW
4nv8+pvTWIk4LOBKJwJl+vmJencGoiFfokmGPO0H1hcEoDRQhSBElLhKBW31jSvG
GlP4szkVfSkWOjsJri3QXBNgx0EV+adzyBrFTKHQ3Up6
-----END CERTIFICATE-----