This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/tSi7rgFlmfh1P4HXVwQwVPU47ak.roa
File:                     tSi7rgFlmfh1P4HXVwQwVPU47ak.roa (raw, json)
Hash identifier:          a+hi0S0VRR6DQeW+YfoSxvunfpCb33mxDCeififJ5+A=
Subject key identifier:   B5:28:BB:AE:01:65:99:F8:75:3F:81:D7:57:04:30:54:F5:38:ED:A9
Certificate issuer:       /CN=082100f0b1991d80a46421d9fe5147f2d55ac930
Certificate serial:       019B79EC3365C98D051E4AFF5C652470F33C
Authority key identifier: 08:21:00:F0:B1:99:1D:80:A4:64:21:D9:FE:51:47:F2:D5:5A:C9:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/tSi7rgFlmfh1P4HXVwQwVPU47ak.roa
Signing time:             Thu 01 Jan 2026 14:18:01 +0000
ROA not before:           Thu 01 Jan 2026 14:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33915
IP address blocks:        193.105.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:33:65:c9:8d:05:1e:4a:ff:5c:65:24:70:f3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082100f0b1991d80a46421d9fe5147f2d55ac930
        Validity
            Not Before: Jan  1 14:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b528bbae016599f8753f81d757043054f538eda9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5e:7a:5c:b9:0d:77:05:90:be:20:d6:b4:ca:
                    f0:69:91:52:21:75:45:c1:8e:ef:f5:fb:f3:eb:97:
                    a8:b9:a7:aa:c1:6a:29:ff:d4:62:dc:ee:cc:ff:45:
                    68:c2:9c:d9:36:40:8d:76:13:fd:36:b1:e9:43:3c:
                    0b:f9:4a:6f:ee:13:49:84:57:f9:85:a4:a3:58:16:
                    a7:0f:ee:3f:a5:92:31:74:e2:53:21:78:ac:2e:fe:
                    a8:11:59:fe:a2:b2:52:aa:0b:a8:8d:c4:c1:38:d5:
                    c3:f6:24:f7:5b:fc:51:77:11:f7:b1:af:31:c4:d0:
                    84:44:79:87:7a:cd:10:90:d4:b8:b9:2f:8f:af:0f:
                    d3:0b:ae:db:84:78:0d:57:18:d5:48:38:10:e0:15:
                    f5:e1:10:59:ce:d7:e0:79:da:27:4d:d2:a6:29:89:
                    ba:51:7a:a3:bf:e4:ac:1d:07:61:57:f2:4b:bd:32:
                    73:42:eb:07:84:31:77:03:da:46:ed:02:56:fe:04:
                    96:c7:e8:75:c9:3e:86:a8:80:aa:7d:51:bd:2e:ad:
                    d2:38:0b:4e:4c:54:9d:9c:14:36:74:65:77:e8:13:
                    c8:4a:6b:2c:47:c0:b7:89:c7:79:f2:72:94:21:78:
                    1b:ee:a8:2f:46:a6:be:79:84:6c:26:83:e3:18:19:
                    ac:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:28:BB:AE:01:65:99:F8:75:3F:81:D7:57:04:30:54:F5:38:ED:A9
            X509v3 Authority Key Identifier:
                keyid:08:21:00:F0:B1:99:1D:80:A4:64:21:D9:FE:51:47:F2:D5:5A:C9:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/tSi7rgFlmfh1P4HXVwQwVPU47ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:5b:c2:ba:d3:8a:a1:ce:dc:38:a9:97:55:d1:c0:d1:de:38:
         e0:79:a7:84:7f:b3:29:4b:eb:21:d8:51:0c:0b:a4:72:d9:47:
         4e:49:16:2b:26:6f:7f:ce:a2:a8:45:0d:b5:db:56:26:67:15:
         3c:db:7a:9e:b9:de:ec:46:4e:50:b1:7b:87:6d:ba:5d:6d:68:
         34:6c:24:4d:8c:a4:1d:e0:93:bb:f4:f5:e8:b5:07:6f:58:80:
         10:b2:46:49:2b:a4:ba:13:af:99:f2:02:79:b2:f7:ec:76:c1:
         bb:db:a2:0a:1a:09:b6:c4:23:c6:51:2b:89:cf:50:a8:9e:ce:
         4a:76:60:21:1a:77:c4:ee:f5:2f:83:a0:6d:7c:1e:45:35:23:
         54:bf:af:7e:af:2d:97:ea:53:89:86:6b:66:b0:57:e2:10:bc:
         2f:84:6a:83:3a:f0:9f:c8:ac:e9:d3:84:58:bb:4e:39:9c:cc:
         c9:2a:43:fc:75:8b:01:d3:5c:98:8b:95:09:84:5c:ff:72:62:
         f1:79:3f:69:4b:8b:9e:50:87:e7:d0:b7:42:23:03:ef:b4:71:
         48:52:96:70:64:53:5c:9d:8a:c4:a2:94:2e:ed:77:7d:81:be:
         3e:19:66:6b:38:a6:ea:7e:06:e9:46:88:28:fa:e3:8b:94:5e:
         53:aa:58:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57DNlyY0FHkr/XGUkcPM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MjEwMGYwYjE5OTFkODBhNDY0MjFkOWZlNTE0N2YyZDU1
YWM5MzAwHhcNMjYwMTAxMTQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTI4YmJhZTAxNjU5OWY4NzUzZjgxZDc1NzA0MzA1NGY1MzhlZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul56XLkNdwWQviDWtMrwaZFSIXVF
wY7v9fvz65eouaeqwWop/9Ri3O7M/0VowpzZNkCNdhP9NrHpQzwL+Upv7hNJhFf5
haSjWBanD+4/pZIxdOJTIXisLv6oEVn+orJSqguojcTBONXD9iT3W/xRdxH3sa8x
xNCERHmHes0QkNS4uS+Prw/TC67bhHgNVxjVSDgQ4BX14RBZztfgedonTdKmKYm6
UXqjv+SsHQdhV/JLvTJzQusHhDF3A9pG7QJW/gSWx+h1yT6GqICqfVG9Lq3SOAtO
TFSdnBQ2dGV36BPISmssR8C3icd58nKUIXgb7qgvRqa+eYRsJoPjGBmsqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUou64BZZn4dT+B11cEMFT1OO2pMB8GA1UdIwQY
MBaAFAghAPCxmR2ApGQh2f5RR/LVWskwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0NFQThMR1pIWUNrWkNIWl9sRkg4dFZheVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80NmNmMmMtNWJlYS00ODYxLThlNWQt
NDA5ODlkMGRmYzVjLzEvdFNpN3JnRmxtZmgxUDRIWFZ3UXdWUFU0N2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80NmNmMmMtNWJlYS00ODYxLThlNWQtNDA5ODlkMGRmYzVj
LzEvQ0NFQThMR1pIWUNrWkNIWl9sRkg4dFZheVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlsMA0G
CSqGSIb3DQEBCwUAA4IBAQBGW8K604qhztw4qZdV0cDR3jjgeaeEf7MpS+sh2FEM
C6Ry2UdOSRYrJm9/zqKoRQ2121YmZxU823qeud7sRk5QsXuHbbpdbWg0bCRNjKQd
4JO79PXotQdvWIAQskZJK6S6E6+Z8gJ5svfsdsG726IKGgm2xCPGUSuJz1Cons5K
dmAhGnfE7vUvg6BtfB5FNSNUv69+ry2X6lOJhmtmsFfiELwvhGqDOvCfyKzp04RY
u045nMzJKkP8dYsB01yYi5UJhFz/cmLxeT9pS4ueUIfn0LdCIwPvtHFIUpZwZFNc
nYrEopQu7Xd9gb4+GWZrOKbqfgbpRogo+uOLlF5Tqlj1
-----END CERTIFICATE-----