This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/_T6zV2ELZWjUdtaXJfX-mXC7l2M.roa
File:                     _T6zV2ELZWjUdtaXJfX-mXC7l2M.roa (raw, json)
Hash identifier:          Di+3zjNxD4VBkQkrMYOgpBTt4aXpGzdYOnM8KOhwPZo=
Subject key identifier:   FD:3E:B3:57:61:0B:65:68:D4:76:D6:97:25:F5:FE:99:70:BB:97:63
Certificate issuer:       /CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
Certificate serial:       019B77C6D146C34B60FF7B8FE5A844CFAC7D
Authority key identifier: 4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/_T6zV2ELZWjUdtaXJfX-mXC7l2M.roa
Signing time:             Thu 01 Jan 2026 04:17:57 +0000
ROA not before:           Thu 01 Jan 2026 04:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20777
IP address blocks:        194.125.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d1:46:c3:4b:60:ff:7b:8f:e5:a8:44:cf:ac:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9a3b9e10232095c18d2644440ce5c58a138b35
        Validity
            Not Before: Jan  1 04:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd3eb357610b6568d476d69725f5fe9970bb9763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9d:89:56:65:29:13:a7:d5:7b:3e:25:da:8d:
                    b9:63:48:50:97:17:fc:6c:2f:7b:b1:1a:28:ac:de:
                    4e:66:a3:5c:26:b8:d3:6b:6b:97:4c:9a:f8:9b:45:
                    eb:b6:12:9f:e7:5a:85:24:21:d9:6c:b7:1b:06:9a:
                    78:00:9c:8e:10:62:a3:05:b9:c1:73:76:6d:22:fb:
                    3b:18:ab:02:ca:93:6e:6a:67:c3:a8:1a:aa:b9:64:
                    a3:c4:af:94:89:af:d6:e8:17:d4:e8:c5:1d:7b:a9:
                    88:41:fc:52:2f:2d:34:e8:dc:47:54:80:7e:ba:94:
                    19:e8:b4:48:25:75:be:0b:56:5a:2a:db:2c:2e:fe:
                    b4:b6:57:5d:f3:e5:06:8d:9f:f8:70:1b:ec:f7:ce:
                    08:bf:40:1f:57:3e:3e:a0:fd:ad:05:d4:63:b1:4f:
                    90:09:62:21:08:8b:75:56:98:c9:ee:74:b8:66:d2:
                    71:83:bd:1d:56:12:6c:e4:85:aa:91:83:ea:57:92:
                    c1:f0:22:bb:bd:ab:46:71:c3:53:88:4d:fc:98:69:
                    7c:3a:0e:93:c8:0b:2b:c6:48:80:73:fb:78:04:54:
                    f7:27:3e:87:8e:8b:dc:64:34:61:b1:9f:28:c3:19:
                    c6:a0:00:9f:11:ca:60:d1:ef:75:96:3b:d6:54:0d:
                    1f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3E:B3:57:61:0B:65:68:D4:76:D6:97:25:F5:FE:99:70:BB:97:63
            X509v3 Authority Key Identifier:
                keyid:4B:9A:3B:9E:10:23:20:95:C1:8D:26:44:44:0C:E5:C5:8A:13:8B:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5o7nhAjIJXBjSZERAzlxYoTizU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/_T6zV2ELZWjUdtaXJfX-mXC7l2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f21ee0-d730-45db-97bd-c34be03c15db/1/S5o7nhAjIJXBjSZERAzlxYoTizU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.125.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c8:a0:4c:8d:13:9f:78:0d:cd:af:06:b5:f2:0b:f4:77:bf:
         7b:61:2d:89:01:d4:b0:81:b6:b8:5e:73:0f:71:49:6e:f2:0a:
         a0:95:50:b5:16:b9:67:33:3b:8e:dd:3d:a6:67:c7:c8:f5:ac:
         c9:99:74:14:9c:d5:e3:14:ae:aa:7a:41:5d:0b:28:81:fb:b8:
         2d:0c:9e:07:1f:39:4d:28:9a:d9:0f:4f:6e:2c:e4:f4:f8:bc:
         e0:8e:8e:97:ec:ee:dc:f1:d3:4b:8c:ce:3b:06:0b:b9:b7:bb:
         4c:f7:6f:2a:34:09:60:83:9e:ba:31:8f:bb:26:6f:25:24:8e:
         ab:88:46:be:49:a4:6e:7d:54:5a:ed:37:ad:cb:29:58:24:2e:
         9a:a9:9f:b0:7f:e7:a1:a7:2c:0f:ac:ba:03:89:e8:02:a8:dc:
         e4:72:4d:a2:01:04:85:a1:94:93:cb:d5:7f:7f:ab:b6:ba:b4:
         c8:fc:29:82:5f:40:ea:7a:d9:b5:77:83:f1:c4:8d:7a:97:5f:
         f5:b7:04:f7:28:88:45:dc:b9:e8:6e:ec:d2:62:ff:e3:0f:88:
         dd:c8:64:d5:72:ad:9e:06:eb:89:21:7c:2a:81:3b:a5:0d:a1:
         d9:36:cc:b0:c2:87:6d:fe:22:ad:ab:c5:36:06:db:47:63:8a:
         7c:17:0c:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xtFGw0tg/3uP5ahEz6x9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWEzYjllMTAyMzIwOTVjMThkMjY0NDQ0MGNlNWM1OGEx
MzhiMzUwHhcNMjYwMTAxMDQxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDNlYjM1NzYxMGI2NTY4ZDQ3NmQ2OTcyNWY1ZmU5OTcwYmI5NzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4p2JVmUpE6fVez4l2o25Y0hQlxf8
bC97sRoorN5OZqNcJrjTa2uXTJr4m0XrthKf51qFJCHZbLcbBpp4AJyOEGKjBbnB
c3ZtIvs7GKsCypNuamfDqBqquWSjxK+Uia/W6BfU6MUde6mIQfxSLy006NxHVIB+
upQZ6LRIJXW+C1ZaKtssLv60tldd8+UGjZ/4cBvs984Iv0AfVz4+oP2tBdRjsU+Q
CWIhCIt1VpjJ7nS4ZtJxg70dVhJs5IWqkYPqV5LB8CK7vatGccNTiE38mGl8Og6T
yAsrxkiAc/t4BFT3Jz6HjovcZDRhsZ8owxnGoACfEcpg0e91ljvWVA0fSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0+s1dhC2Vo1HbWlyX1/plwu5djMB8GA1UdIwQY
MBaAFEuaO54QIyCVwY0mREQM5cWKE4s1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQt
YzM0YmUwM2MxNWRiLzEvX1Q2elYyRUxaV2pVZHRhWEpmWC1tWEM3bDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mMjFlZTAtZDczMC00NWRiLTk3YmQtYzM0YmUwM2MxNWRi
LzEvUzVvN25oQWpJSlhCalNaRVJBemx4WW9UaXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn3xMA0G
CSqGSIb3DQEBCwUAA4IBAQBxyKBMjROfeA3Nrwa18gv0d797YS2JAdSwgba4XnMP
cUlu8gqglVC1FrlnMzuO3T2mZ8fI9azJmXQUnNXjFK6qekFdCyiB+7gtDJ4HHzlN
KJrZD09uLOT0+Lzgjo6X7O7c8dNLjM47Bgu5t7tM928qNAlgg566MY+7Jm8lJI6r
iEa+SaRufVRa7TetyylYJC6aqZ+wf+ehpywPrLoDiegCqNzkck2iAQSFoZSTy9V/
f6u2urTI/CmCX0Dqetm1d4PxxI16l1/1twT3KIhF3LnobuzSYv/jD4jdyGTVcq2e
BuuJIXwqgTulDaHZNsywwodt/iKtq8U2BttHY4p8Fwxo
-----END CERTIFICATE-----