This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/D4w1402cKEkHHCPC0Qrp-ROm6yo.roa
File:                     D4w1402cKEkHHCPC0Qrp-ROm6yo.roa (raw, json)
Hash identifier:          EMcXFEgTqCUtUEK47llV6gmt5p0zphRz9x+4xZgTdwU=
Subject key identifier:   0F:8C:35:E3:4D:9C:28:49:07:1C:23:C2:D1:0A:E9:F9:13:A6:EB:2A
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       019B79ED1D72C19A24BDB3954C2E2E451C37
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/D4w1402cKEkHHCPC0Qrp-ROm6yo.roa
Signing time:             Thu 01 Jan 2026 14:19:01 +0000
ROA not before:           Thu 01 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57588
IP address blocks:        194.39.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1d:72:c1:9a:24:bd:b3:95:4c:2e:2e:45:1c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Jan  1 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f8c35e34d9c2849071c23c2d10ae9f913a6eb2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:69:7c:5b:a8:e1:86:c9:6a:29:35:7d:12:2a:
                    bd:76:4f:9c:08:8c:d0:a3:0f:77:c6:ec:58:64:e6:
                    ce:3b:55:e7:a8:00:eb:3d:7d:da:2e:03:28:6a:77:
                    b6:7c:3a:8b:24:e3:63:57:3b:82:b1:48:f3:f5:ff:
                    f8:73:d6:cf:5d:df:73:6e:00:99:81:78:d9:4e:a9:
                    73:b0:2e:c4:22:e6:ea:51:ec:3c:75:e2:b3:5b:bf:
                    4c:01:c9:5f:7f:e9:19:ff:70:ea:1a:01:b5:b3:ce:
                    17:24:cf:d8:7d:5b:8a:6d:d9:ce:f1:b7:16:d7:52:
                    9a:70:b0:4e:45:5c:e8:e0:90:35:dc:02:91:e0:9e:
                    53:1b:77:63:40:5e:69:39:bc:f2:60:aa:6f:96:08:
                    8b:12:16:97:3f:d3:42:5f:46:87:b3:c2:39:c8:2e:
                    54:b7:f2:c3:04:d9:7a:54:96:0b:59:4d:39:bb:31:
                    55:2f:2c:42:46:88:f5:21:f5:2b:a7:15:a1:46:10:
                    a7:3b:59:68:fc:90:20:7e:3c:c6:b1:15:56:1d:26:
                    aa:d3:4f:fb:5a:ba:e5:f7:32:d9:9b:5b:ad:4d:3d:
                    0b:7b:70:e5:a1:c8:de:a2:d6:a8:0e:4c:b4:8f:0d:
                    17:1a:37:d6:f8:58:c6:e7:24:97:36:2d:14:31:8d:
                    70:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8C:35:E3:4D:9C:28:49:07:1C:23:C2:D1:0A:E9:F9:13:A6:EB:2A
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/D4w1402cKEkHHCPC0Qrp-ROm6yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:eb:3f:17:a7:09:34:37:da:b0:53:bf:07:3f:30:51:52:f9:
         22:a5:18:4f:03:e0:cb:4c:34:ee:92:62:d9:ce:7a:30:43:2c:
         09:c5:16:ec:c3:ac:da:97:86:06:15:b2:11:3d:b3:f5:2c:2d:
         6f:44:b7:17:e4:a8:42:37:97:bb:bc:ed:6c:98:96:3b:45:75:
         ed:22:2f:2c:f9:82:9a:83:81:40:92:6d:72:54:d8:1a:55:a6:
         89:d4:00:03:0d:91:cb:0f:7f:57:04:97:58:5d:d4:4a:fc:1c:
         7f:cd:d9:0c:18:d7:47:69:16:72:fc:3b:9d:5f:2b:bc:95:24:
         13:7c:d7:ad:a1:b8:b5:8f:b7:42:c7:02:62:8c:99:b6:b9:55:
         2f:9d:45:36:41:00:f8:d6:83:06:32:aa:14:a0:54:94:40:fc:
         6c:83:b7:b5:a6:7a:d7:03:4c:29:94:33:7e:f2:22:1f:e0:1b:
         38:27:89:85:8d:e9:39:a2:f8:7d:6c:4d:7f:69:26:54:5a:47:
         0b:95:91:c1:d0:49:d8:40:89:30:6c:98:41:07:31:fa:0f:29:
         86:23:18:e6:d3:3f:a2:40:f8:3d:8c:4c:64:46:1e:14:ab:89:
         89:75:39:f8:4c:3f:cc:17:78:54:e8:96:4a:a5:8b:5a:5e:12:
         ce:f7:6f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57R1ywZokvbOVTC4uRRw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjYwMTAxMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhjMzVlMzRkOWMyODQ5MDcxYzIzYzJkMTBhZTlmOTEzYTZlYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2l8W6jhhslqKTV9Eiq9dk+cCIzQ
ow93xuxYZObOO1XnqADrPX3aLgMoane2fDqLJONjVzuCsUjz9f/4c9bPXd9zbgCZ
gXjZTqlzsC7EIubqUew8deKzW79MAclff+kZ/3DqGgG1s84XJM/YfVuKbdnO8bcW
11KacLBORVzo4JA13AKR4J5TG3djQF5pObzyYKpvlgiLEhaXP9NCX0aHs8I5yC5U
t/LDBNl6VJYLWU05uzFVLyxCRoj1IfUrpxWhRhCnO1lo/JAgfjzGsRVWHSaq00/7
Wrrl9zLZm1utTT0Le3DlocjeotaoDky0jw0XGjfW+FjG5ySXNi0UMY1wAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+MNeNNnChJBxwjwtEK6fkTpusqMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvRDR3MTQwMmNLRWtISENQQzBRcnAtUk9tNnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifkMA0G
CSqGSIb3DQEBCwUAA4IBAQBf6z8Xpwk0N9qwU78HPzBRUvkipRhPA+DLTDTukmLZ
znowQywJxRbsw6zal4YGFbIRPbP1LC1vRLcX5KhCN5e7vO1smJY7RXXtIi8s+YKa
g4FAkm1yVNgaVaaJ1AADDZHLD39XBJdYXdRK/Bx/zdkMGNdHaRZy/DudXyu8lSQT
fNetobi1j7dCxwJijJm2uVUvnUU2QQD41oMGMqoUoFSUQPxsg7e1pnrXA0wplDN+
8iIf4Bs4J4mFjek5ovh9bE1/aSZUWkcLlZHB0EnYQIkwbJhBBzH6DymGIxjm0z+i
QPg9jExkRh4Uq4mJdTn4TD/MF3hU6JZKpYtaXhLO92/M
-----END CERTIFICATE-----