This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/04FSpzq4m-1XB6Xit5U77C8a4zQ.roa
File:                     04FSpzq4m-1XB6Xit5U77C8a4zQ.roa (raw, json)
Hash identifier:          mIEzNAi8bCdeISsLWc2pP3wecbIvm3THnuOD2ckxOcM=
Subject key identifier:   D3:81:52:A7:3A:B8:9B:ED:57:07:A5:E2:B7:95:3B:EC:2F:1A:E3:34
Certificate issuer:       /CN=ff99bc3d1491f8225f881164f593144b7a25c8eb
Certificate serial:       019B7F8454C4FC77E870522848DAF91C2199
Authority key identifier: FF:99:BC:3D:14:91:F8:22:5F:88:11:64:F5:93:14:4B:7A:25:C8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_5m8PRSR-CJfiBFk9ZMUS3olyOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/04FSpzq4m-1XB6Xit5U77C8a4zQ.roa
Signing time:             Fri 02 Jan 2026 16:22:17 +0000
ROA not before:           Fri 02 Jan 2026 16:22:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211371
IP address blocks:        193.162.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/_5m8PRSR-CJfiBFk9ZMUS3olyOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/_5m8PRSR-CJfiBFk9ZMUS3olyOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_5m8PRSR-CJfiBFk9ZMUS3olyOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:54:c4:fc:77:e8:70:52:28:48:da:f9:1c:21:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff99bc3d1491f8225f881164f593144b7a25c8eb
        Validity
            Not Before: Jan  2 16:22:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d38152a73ab89bed5707a5e2b7953bec2f1ae334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:15:57:be:a5:bd:33:18:f6:68:6d:9f:f0:
                    06:8d:fc:79:ce:cf:47:37:35:2b:6c:0b:79:1c:b5:
                    0b:76:e8:6d:03:39:df:0d:a0:d0:e1:24:9a:34:be:
                    a5:6d:85:ce:e8:68:d6:02:85:99:e0:39:c8:bc:89:
                    7f:ac:e6:6e:e5:7f:0c:53:cc:18:5b:28:7e:61:9b:
                    a4:f9:c9:d2:99:f8:2a:38:0c:ed:68:08:25:45:51:
                    13:2f:0f:40:20:45:a8:d9:63:89:41:4f:85:ae:6e:
                    5e:38:ae:39:65:e0:bd:56:81:7b:9a:93:6f:d1:32:
                    8f:a7:38:26:00:b9:36:c3:29:b8:2d:08:0a:ce:47:
                    4c:6f:29:67:1b:41:32:74:b1:64:3d:c7:e0:84:75:
                    11:b1:5b:38:ca:7b:a4:3f:05:cc:66:ec:e6:7c:d5:
                    fa:f7:9b:e5:bf:9b:0f:2b:78:1a:54:75:e8:e6:26:
                    e7:7f:5d:40:f3:af:ba:88:eb:2b:4c:87:37:f4:5e:
                    cf:67:dd:4c:44:a2:bb:3b:92:43:3a:7c:ba:9d:66:
                    c0:37:70:19:54:3b:0a:1b:df:3c:01:42:8a:61:85:
                    34:e7:8a:ce:1b:ad:8b:e1:bb:ed:ca:7e:25:b2:35:
                    84:12:05:5e:dd:af:61:dc:eb:c8:c3:e1:19:6f:d2:
                    2d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:81:52:A7:3A:B8:9B:ED:57:07:A5:E2:B7:95:3B:EC:2F:1A:E3:34
            X509v3 Authority Key Identifier:
                keyid:FF:99:BC:3D:14:91:F8:22:5F:88:11:64:F5:93:14:4B:7A:25:C8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_5m8PRSR-CJfiBFk9ZMUS3olyOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/04FSpzq4m-1XB6Xit5U77C8a4zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/da3406-04f9-47b0-a119-b88afef13367/1/_5m8PRSR-CJfiBFk9ZMUS3olyOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:2b:3c:17:6d:ed:f3:a0:12:1a:12:04:80:bf:1a:8c:a3:f4:
         de:42:4c:b0:25:04:19:98:39:7f:47:01:c7:7b:2b:4b:0a:13:
         0e:87:09:e8:63:87:bb:34:f7:f1:2d:78:bf:87:bc:71:be:6e:
         70:0b:05:35:63:cf:ab:81:2a:cb:1b:f2:da:8e:41:bf:51:04:
         5e:0f:76:cf:09:ee:97:fd:db:b5:01:bc:72:6f:c8:db:0e:e9:
         72:ab:f3:b1:bb:87:f7:81:ef:3b:87:91:51:e2:45:1b:3c:6b:
         a1:47:de:5c:bd:8a:43:3d:12:2a:a8:75:9e:19:7c:c1:b0:e0:
         c9:f0:ff:9d:5a:be:7d:59:c7:fd:7c:e2:b0:6d:89:55:f5:72:
         56:81:02:31:2f:57:8b:4a:24:b7:f9:1a:3d:6e:4f:4b:12:0b:
         a2:a6:bb:d7:f0:3f:92:fb:db:3f:54:b3:d4:08:9d:2f:57:b9:
         74:5c:03:d5:6f:22:b9:6b:83:67:45:85:30:40:ec:46:33:f9:
         be:22:8c:06:c3:90:9f:20:bf:e7:a0:a4:62:5c:cc:66:d5:d5:
         17:e3:25:05:98:ac:a9:9f:b0:16:40:0c:b9:5c:4a:28:27:e9:
         25:5c:7c:db:28:f4:ed:1e:dc:46:be:90:9b:cc:d3:a6:ad:e1:
         01:2f:71:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hFTE/HfocFIoSNr5HCGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOTliYzNkMTQ5MWY4MjI1Zjg4MTE2NGY1OTMxNDRiN2Ey
NWM4ZWIwHhcNMjYwMTAyMTYyMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgxNTJhNzNhYjg5YmVkNTcwN2E1ZTJiNzk1M2JlYzJmMWFlMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/EVV76lvTMY9mhtn/AGjfx5zs9H
NzUrbAt5HLULduhtAznfDaDQ4SSaNL6lbYXO6GjWAoWZ4DnIvIl/rOZu5X8MU8wY
Wyh+YZuk+cnSmfgqOAztaAglRVETLw9AIEWo2WOJQU+Frm5eOK45ZeC9VoF7mpNv
0TKPpzgmALk2wym4LQgKzkdMbylnG0EydLFkPcfghHURsVs4ynukPwXMZuzmfNX6
95vlv5sPK3gaVHXo5ibnf11A86+6iOsrTIc39F7PZ91MRKK7O5JDOny6nWbAN3AZ
VDsKG988AUKKYYU054rOG62L4bvtyn4lsjWEEgVe3a9h3OvIw+EZb9ItLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOBUqc6uJvtVwel4reVO+wvGuM0MB8GA1UdIwQY
MBaAFP+ZvD0UkfgiX4gRZPWTFEt6JcjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzVtOFBSU1ItQ0pmaUJGazlaTVVTM29seU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9kYTM0MDYtMDRmOS00N2IwLWExMTkt
Yjg4YWZlZjEzMzY3LzEvMDRGU3B6cTRtLTFYQjZYaXQ1VTc3QzhhNHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9kYTM0MDYtMDRmOS00N2IwLWExMTktYjg4YWZlZjEzMzY3
LzEvXzVtOFBSU1ItQ0pmaUJGazlaTVVTM29seU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaIuMA0G
CSqGSIb3DQEBCwUAA4IBAQCVKzwXbe3zoBIaEgSAvxqMo/TeQkywJQQZmDl/RwHH
eytLChMOhwnoY4e7NPfxLXi/h7xxvm5wCwU1Y8+rgSrLG/LajkG/UQReD3bPCe6X
/du1Abxyb8jbDulyq/Oxu4f3ge87h5FR4kUbPGuhR95cvYpDPRIqqHWeGXzBsODJ
8P+dWr59Wcf9fOKwbYlV9XJWgQIxL1eLSiS3+Ro9bk9LEguiprvX8D+S+9s/VLPU
CJ0vV7l0XAPVbyK5a4NnRYUwQOxGM/m+IowGw5CfIL/noKRiXMxm1dUX4yUFmKyp
n7AWQAy5XEooJ+klXHzbKPTtHtxGvpCbzNOmreEBL3FJ
-----END CERTIFICATE-----