This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/ty8paLCk4TaEs9kfb6irUZZ4p-g.roa
File:                     ty8paLCk4TaEs9kfb6irUZZ4p-g.roa (raw, json)
Hash identifier:          E3jPnIGaX9YCeoKgK4OtXqPGRq5byhzJcS6QFpLOQV8=
Subject key identifier:   B7:2F:29:68:B0:A4:E1:36:84:B3:D9:1F:6F:A8:AB:51:96:78:A7:E8
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       019B7F83AB0C7329FD6C10916CDB61E814AB
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/ty8paLCk4TaEs9kfb6irUZZ4p-g.roa
Signing time:             Fri 02 Jan 2026 16:21:33 +0000
ROA not before:           Fri 02 Jan 2026 16:21:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209854
IP address blocks:        193.57.94.0/24 maxlen: 24
                          193.57.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:ab:0c:73:29:fd:6c:10:91:6c:db:61:e8:14:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan  2 16:21:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b72f2968b0a4e13684b3d91f6fa8ab519678a7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:61:6d:91:ab:54:65:57:f7:4a:d1:30:f2:45:
                    6c:6e:6e:a1:95:14:1f:a2:55:e7:5b:b0:fe:97:c2:
                    7e:ff:1f:d8:85:db:61:5e:dd:16:b4:42:cd:76:c6:
                    d7:ca:3f:57:17:fd:b3:c5:d1:25:84:2c:f7:4a:af:
                    dd:86:82:b1:d1:3b:3b:77:53:f4:e3:54:0d:0a:c8:
                    d6:51:21:e0:15:c0:9d:d5:9a:76:26:cd:b3:f9:b0:
                    f9:45:75:25:64:69:ef:25:c6:81:68:ff:32:48:c4:
                    a6:61:c3:60:a7:cd:9a:00:1c:e9:75:25:38:c7:3d:
                    10:67:93:15:77:69:d3:1f:92:8f:07:cd:8e:e9:dc:
                    39:e4:41:e1:cc:c7:aa:38:24:bb:9b:7c:26:70:02:
                    51:18:33:f1:aa:ad:0a:cd:76:f0:b0:76:05:d4:3d:
                    bd:35:bc:2e:ea:fd:74:56:b7:00:ed:90:74:10:c5:
                    a2:4d:ac:33:30:1c:22:75:73:29:a1:3b:af:8c:42:
                    94:2c:12:5f:89:11:30:82:a3:0c:e0:1e:50:e1:3e:
                    9a:4a:64:12:57:83:a4:13:b5:73:93:83:cb:0d:18:
                    41:f0:e8:27:a9:fc:2e:d7:0f:f1:d0:b6:c0:ed:5c:
                    2a:a0:80:fc:e6:da:07:03:03:a0:b2:6a:67:2a:d3:
                    ab:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:2F:29:68:B0:A4:E1:36:84:B3:D9:1F:6F:A8:AB:51:96:78:A7:E8
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/ty8paLCk4TaEs9kfb6irUZZ4p-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:5a:1a:ff:f4:3e:69:2f:ae:39:b7:9f:b2:7c:38:85:c7:60:
         9e:66:88:dd:f0:ab:87:7f:27:ce:74:32:95:51:9a:a0:2c:2d:
         db:c1:27:47:40:06:8f:07:67:f0:a5:25:23:72:01:b0:84:19:
         34:91:5f:b0:19:78:21:b2:9c:74:eb:15:29:aa:6c:53:38:d9:
         0a:5f:df:ff:6d:94:54:98:f3:4d:4f:85:bc:94:a6:44:71:01:
         98:31:8c:cc:c4:fc:c3:19:13:ac:d1:ee:68:c3:53:20:c1:57:
         74:b8:bf:b7:1d:62:2b:fa:cd:ff:3e:e6:b3:88:2b:c5:77:80:
         c9:b9:ca:60:93:8c:4b:52:87:ee:77:26:2d:32:ae:e4:a3:0e:
         56:03:44:ab:4f:98:db:bc:d5:95:68:70:dc:78:08:0e:19:06:
         ee:e7:44:4a:6b:57:ed:75:74:1e:31:04:7a:6b:97:fa:0e:76:
         f0:21:66:97:58:46:9f:d1:a6:62:fe:ba:8c:41:78:f2:05:b3:
         a0:42:15:9a:43:bf:e2:91:86:05:a1:97:30:91:bf:8d:02:c8:
         06:43:06:86:73:d9:da:dc:10:9c:4e:4b:0e:7a:66:e3:bc:52:
         2d:a3:a6:6d:7a:5c:78:61:ab:99:80:7d:a8:80:0c:d3:1e:6d:
         ec:b3:22:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6sMcyn9bBCRbNth6BSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjYwMTAyMTYyMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzJmMjk2OGIwYTRlMTM2ODRiM2Q5MWY2ZmE4YWI1MTk2NzhhN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmFtkatUZVf3StEw8kVsbm6hlRQf
olXnW7D+l8J+/x/YhdthXt0WtELNdsbXyj9XF/2zxdElhCz3Sq/dhoKx0Ts7d1P0
41QNCsjWUSHgFcCd1Zp2Js2z+bD5RXUlZGnvJcaBaP8ySMSmYcNgp82aABzpdSU4
xz0QZ5MVd2nTH5KPB82O6dw55EHhzMeqOCS7m3wmcAJRGDPxqq0KzXbwsHYF1D29
Nbwu6v10VrcA7ZB0EMWiTawzMBwidXMpoTuvjEKULBJfiREwgqMM4B5Q4T6aSmQS
V4OkE7Vzk4PLDRhB8Ognqfwu1w/x0LbA7VwqoID85toHAwOgsmpnKtOr7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcvKWiwpOE2hLPZH2+oq1GWeKfoMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvdHk4cGFMQ2s0VGFFczlrZmI2aXJVWlo0cC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTleMA0G
CSqGSIb3DQEBCwUAA4IBAQCAWhr/9D5pL645t5+yfDiFx2CeZojd8KuHfyfOdDKV
UZqgLC3bwSdHQAaPB2fwpSUjcgGwhBk0kV+wGXghspx06xUpqmxTONkKX9//bZRU
mPNNT4W8lKZEcQGYMYzMxPzDGROs0e5ow1MgwVd0uL+3HWIr+s3/PuaziCvFd4DJ
ucpgk4xLUofudyYtMq7kow5WA0SrT5jbvNWVaHDceAgOGQbu50RKa1ftdXQeMQR6
a5f6DnbwIWaXWEaf0aZi/rqMQXjyBbOgQhWaQ7/ikYYFoZcwkb+NAsgGQwaGc9na
3BCcTksOembjvFIto6Ztelx4YauZgH2ogAzTHm3ssyLy
-----END CERTIFICATE-----