This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/tORFCAGU_ExqN7Mewd4Qy6LCTnI.roa
File:                     tORFCAGU_ExqN7Mewd4Qy6LCTnI.roa (raw, json)
Hash identifier:          uPuXkPZSEOXMpoFnzdu2ibc0loihcwKdhAnVhzFJMng=
Subject key identifier:   B4:E4:45:08:01:94:FC:4C:6A:37:B3:1E:C1:DE:10:CB:A2:C2:4E:72
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       019A9BC6F2EF8BEDB7BD866FEA2C381983DD
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/tORFCAGU_ExqN7Mewd4Qy6LCTnI.roa
Signing time:             Wed 19 Nov 2025 11:01:38 +0000
ROA not before:           Wed 19 Nov 2025 11:01:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        217.194.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 08:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9b:c6:f2:ef:8b:ed:b7:bd:86:6f:ea:2c:38:19:83:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Nov 19 11:01:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4e445080194fc4c6a37b31ec1de10cba2c24e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:45:cc:d4:be:86:90:b2:0b:11:42:c5:d0:50:
                    a0:ff:54:78:75:de:1a:8e:da:dc:39:13:0f:e0:68:
                    26:1b:fe:df:86:40:78:9e:39:70:86:4d:81:4d:aa:
                    29:f3:bd:ae:49:53:86:52:45:6d:8c:29:b6:6f:54:
                    8a:26:b0:b4:f7:cc:7b:d9:4d:94:bf:74:d7:e9:9f:
                    ea:96:6c:f6:55:7d:33:eb:2a:3d:e7:4c:1d:4a:66:
                    2c:c8:96:f5:d6:26:f3:3a:d1:eb:6a:83:b7:04:0a:
                    9a:70:f6:04:e4:40:80:04:27:4d:85:98:01:a9:e4:
                    ec:3e:03:9a:6c:a9:6f:be:5f:dc:cc:87:dc:e0:8b:
                    b2:1a:0e:c4:33:81:6d:19:27:86:ab:1e:b8:58:91:
                    31:98:81:8c:96:06:5d:35:01:95:0f:eb:ed:d2:fc:
                    bc:02:19:f9:06:2c:70:e5:91:43:f3:76:be:b6:2c:
                    00:2b:ab:61:7f:bc:cd:06:67:e6:6c:5b:8d:e2:79:
                    8d:03:78:89:ca:e9:e0:05:e2:cf:78:71:68:eb:30:
                    75:aa:67:bd:a1:b9:9e:7e:70:f3:c7:41:a3:1e:60:
                    53:bb:ad:f2:9e:56:32:09:b0:a4:ac:c6:b9:a1:b0:
                    e4:c3:b5:d4:a5:5a:31:d0:db:9f:fc:37:9b:6f:0e:
                    d5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E4:45:08:01:94:FC:4C:6A:37:B3:1E:C1:DE:10:CB:A2:C2:4E:72
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/tORFCAGU_ExqN7Mewd4Qy6LCTnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:4a:36:5e:af:f6:1d:92:8c:56:29:21:cd:7c:f7:5d:42:a8:
         75:ee:e5:9e:55:17:71:bb:fc:3b:35:87:f4:8f:7a:e5:63:70:
         87:66:a4:18:33:6e:54:95:88:66:8b:f4:ca:4e:3d:aa:f5:22:
         d1:b0:26:5c:cb:b7:f2:d8:a0:c5:b7:19:90:66:ff:82:f5:bd:
         21:14:b2:6b:cc:b5:91:f4:0b:5d:9f:4a:84:a9:a2:af:ce:6c:
         63:cf:ce:77:2d:65:29:f4:cc:2c:89:60:a0:d7:25:88:0b:8f:
         ea:58:5a:1a:80:16:be:ea:af:12:63:71:fa:f7:b0:e1:7c:4a:
         3a:10:8f:d1:99:96:23:89:9e:81:ab:bf:9a:94:57:36:42:56:
         99:d5:9f:7e:83:50:46:5d:36:cd:37:08:88:2f:58:ae:7d:dd:
         1e:4c:cf:2f:29:c2:a0:6a:39:1f:49:da:74:04:a4:3f:cd:17:
         4e:bb:f4:4d:c2:3c:23:5d:29:4b:f3:87:20:15:16:e3:88:f0:
         ce:99:45:6f:a5:a6:1d:58:3b:0a:82:e3:26:22:28:c4:da:65:
         69:30:66:44:49:2d:7d:79:83:c6:b7:c8:fe:c6:c4:24:4a:a1:
         0c:7e:61:c5:4d:6d:5a:62:a5:7f:19:a3:4d:01:5b:45:a4:35:
         6e:8d:07:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqbxvLvi+23vYZv6iw4GYPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjUxMTE5MTEwMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGU0NDUwODAxOTRmYzRjNmEzN2IzMWVjMWRlMTBjYmEyYzI0ZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkXM1L6GkLILEULF0FCg/1R4dd4a
jtrcORMP4GgmG/7fhkB4njlwhk2BTaop872uSVOGUkVtjCm2b1SKJrC098x72U2U
v3TX6Z/qlmz2VX0z6yo950wdSmYsyJb11ibzOtHraoO3BAqacPYE5ECABCdNhZgB
qeTsPgOabKlvvl/czIfc4IuyGg7EM4FtGSeGqx64WJExmIGMlgZdNQGVD+vt0vy8
Ahn5Bixw5ZFD83a+tiwAK6thf7zNBmfmbFuN4nmNA3iJyungBeLPeHFo6zB1qme9
obmefnDzx0GjHmBTu63ynlYyCbCkrMa5obDkw7XUpVox0Nuf/Debbw7VVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTkRQgBlPxMajezHsHeEMuiwk5yMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvdE9SRkNBR1VfRXhxTjdNZXdkNFF5NkxDVG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cKZMA0G
CSqGSIb3DQEBCwUAA4IBAQA5SjZer/YdkoxWKSHNfPddQqh17uWeVRdxu/w7NYf0
j3rlY3CHZqQYM25UlYhmi/TKTj2q9SLRsCZcy7fy2KDFtxmQZv+C9b0hFLJrzLWR
9Atdn0qEqaKvzmxjz853LWUp9MwsiWCg1yWIC4/qWFoagBa+6q8SY3H697DhfEo6
EI/RmZYjiZ6Bq7+alFc2QlaZ1Z9+g1BGXTbNNwiIL1iufd0eTM8vKcKgajkfSdp0
BKQ/zRdOu/RNwjwjXSlL84cgFRbjiPDOmUVvpaYdWDsKguMmIijE2mVpMGZESS19
eYPGt8j+xsQkSqEMfmHFTW1aYqV/GaNNAVtFpDVujQfr
-----END CERTIFICATE-----