This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DDdPvQ1-Zf2JUiDbzilsq5VWBDE.roa
File:                     DDdPvQ1-Zf2JUiDbzilsq5VWBDE.roa (raw, json)
Hash identifier:          tu0mtsIeHr6xE2TAIhODxsQSnUfnxT+eLMkTQUaYwBY=
Subject key identifier:   0C:37:4F:BD:0D:7E:65:FD:89:52:20:DB:CE:29:6C:AB:95:56:04:31
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019B7EA75CA2CF361668AE984C941593FC30
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DDdPvQ1-Zf2JUiDbzilsq5VWBDE.roa
Signing time:             Fri 02 Jan 2026 12:20:56 +0000
ROA not before:           Fri 02 Jan 2026 12:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208949
IP address blocks:        160.19.94.0/24 maxlen: 24
                          160.19.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 Jan 2026 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:5c:a2:cf:36:16:68:ae:98:4c:94:15:93:fc:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  2 12:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c374fbd0d7e65fd895220dbce296cab95560431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:d3:f8:30:8e:1d:0d:e4:86:91:c0:33:31:
                    05:8d:d9:03:62:89:1e:a2:15:2b:ad:fe:49:d6:53:
                    d4:95:25:64:e0:06:5a:82:08:42:41:f3:d2:5d:3e:
                    34:a8:c2:e9:a1:cf:b9:29:bb:7a:b0:aa:f5:41:ca:
                    2e:84:80:67:4c:dd:dd:e8:0a:19:9a:97:b6:8b:ab:
                    e6:69:cf:6c:b3:89:15:1b:b5:1d:32:b6:9e:22:fb:
                    97:a5:fb:e7:ca:13:78:f4:bc:43:a0:88:c6:80:e0:
                    eb:af:b5:02:17:9c:31:d1:87:79:2a:71:41:30:fb:
                    9d:69:b8:43:f8:0f:60:4e:8b:40:fe:bd:17:95:8b:
                    a2:f4:d8:c9:2d:c7:a1:a4:58:50:d0:a3:04:fa:31:
                    dd:b7:65:c3:04:7a:8d:ee:39:dc:80:f4:89:20:7f:
                    05:a9:c5:6b:71:36:f7:44:06:fe:73:c2:71:d3:b3:
                    5b:9f:81:21:48:52:38:31:0e:ff:61:9e:f3:98:90:
                    3f:63:65:15:0d:f7:44:18:71:e3:bd:33:4a:3d:2f:
                    2c:97:d1:52:dc:cf:5a:ef:51:6d:48:c6:bd:79:f3:
                    67:f6:ad:7d:24:d8:36:d7:49:31:05:ea:26:9c:cc:
                    83:a9:fd:85:d1:c0:f1:da:42:c3:2d:0d:d2:b5:0f:
                    2b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:37:4F:BD:0D:7E:65:FD:89:52:20:DB:CE:29:6C:AB:95:56:04:31
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DDdPvQ1-Zf2JUiDbzilsq5VWBDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:8a:67:af:f3:80:e0:28:1a:8e:ae:d7:fe:35:7d:8e:7e:92:
         93:42:8e:6b:03:26:16:1a:83:24:fb:da:81:44:3e:8c:d0:9b:
         14:dc:a5:50:62:3e:03:f3:3f:b0:d5:fe:08:47:5c:a1:c1:44:
         2f:ab:9c:46:3a:3d:73:9d:13:83:4f:e2:2a:07:a7:0d:e4:b9:
         4f:77:9e:fa:88:d2:d6:1f:79:79:ba:f5:29:44:c9:ba:7e:55:
         df:e4:5f:36:86:aa:8c:89:d4:b2:9f:fa:0b:be:50:f9:39:b0:
         3c:ab:d5:7a:98:28:77:73:65:90:c5:bf:32:f2:4d:cd:ac:88:
         f5:7a:84:87:d6:10:14:df:12:0b:0d:5e:ae:4e:b3:46:46:fb:
         87:cb:7e:ec:95:98:ad:f0:4b:0b:ab:df:ae:38:62:14:e9:7b:
         a7:2a:01:26:d0:7e:88:eb:f8:c8:53:04:44:57:ff:b3:40:e8:
         69:d2:fa:72:f8:11:2c:96:af:f5:9f:7d:8c:94:56:58:22:f4:
         c5:40:c3:3d:a0:7c:57:57:3b:cd:e8:2b:57:04:07:41:a9:46:
         79:5e:76:8b:9f:48:b5:33:3f:9f:41:13:c5:e9:c9:7a:7c:b5:
         d9:3c:23:37:fd:f8:8e:ed:79:3f:76:b1:35:3d:dd:d8:b1:5b:
         b8:33:76:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+p1yizzYWaK6YTJQVk/wwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMTAyMTIyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM3NGZiZDBkN2U2NWZkODk1MjIwZGJjZTI5NmNhYjk1NTYwNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDXT+DCOHQ3khpHAMzEFjdkDYoke
ohUrrf5J1lPUlSVk4AZagghCQfPSXT40qMLpoc+5Kbt6sKr1QcouhIBnTN3d6AoZ
mpe2i6vmac9ss4kVG7UdMraeIvuXpfvnyhN49LxDoIjGgODrr7UCF5wx0Yd5KnFB
MPudabhD+A9gTotA/r0XlYui9NjJLcehpFhQ0KME+jHdt2XDBHqN7jncgPSJIH8F
qcVrcTb3RAb+c8Jx07Nbn4EhSFI4MQ7/YZ7zmJA/Y2UVDfdEGHHjvTNKPS8sl9FS
3M9a71FtSMa9efNn9q19JNg210kxBeomnMyDqf2F0cDx2kLDLQ3StQ8r8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAw3T70NfmX9iVIg284pbKuVVgQxMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRERkUHZRMS1aZjJKVWlEYnppbHNxNVZXQkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoBNeMA0G
CSqGSIb3DQEBCwUAA4IBAQA6imev84DgKBqOrtf+NX2OfpKTQo5rAyYWGoMk+9qB
RD6M0JsU3KVQYj4D8z+w1f4IR1yhwUQvq5xGOj1znRODT+IqB6cN5LlPd576iNLW
H3l5uvUpRMm6flXf5F82hqqMidSyn/oLvlD5ObA8q9V6mCh3c2WQxb8y8k3NrIj1
eoSH1hAU3xILDV6uTrNGRvuHy37slZit8EsLq9+uOGIU6XunKgEm0H6I6/jIUwRE
V/+zQOhp0vpy+BEslq/1n32MlFZYIvTFQMM9oHxXVzvN6CtXBAdBqUZ5XnaLn0i1
Mz+fQRPF6cl6fLXZPCM3/fiO7Xk/drE1Pd3YsVu4M3a9
-----END CERTIFICATE-----