This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iTupdxlNS7lRbV453U0dY4Q2I48.roa
File:                     iTupdxlNS7lRbV453U0dY4Q2I48.roa (raw, json)
Hash identifier:          H8dsT4FVyfDWagzGlkH4mLElF8mL3ULRr+DU826KfLg=
Subject key identifier:   89:3B:A9:77:19:4D:4B:B9:51:6D:5E:39:DD:4D:1D:63:84:36:23:8F
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019BC21D4EBCDB635B02662C7C8507CBF7D1
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iTupdxlNS7lRbV453U0dY4Q2I48.roa
Signing time:             Thu 15 Jan 2026 14:44:19 +0000
ROA not before:           Thu 15 Jan 2026 14:44:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47204
IP address blocks:        194.61.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c2:1d:4e:bc:db:63:5b:02:66:2c:7c:85:07:cb:f7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan 15 14:44:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=893ba977194d4bb9516d5e39dd4d1d638436238f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5c:9c:8c:e0:2c:4c:45:e5:64:be:56:97:dd:
                    98:d4:3e:e3:9a:f2:5c:5c:d6:e6:80:38:7f:b3:df:
                    6b:54:f7:e8:02:a4:5e:26:d1:49:a6:cd:aa:4d:00:
                    99:27:16:7c:53:68:29:98:10:66:01:79:c4:d6:0b:
                    0c:64:aa:da:47:df:87:86:9c:00:5e:7e:a9:30:bc:
                    fd:d2:81:a0:84:0c:7f:15:19:d8:29:b3:70:c6:74:
                    99:7d:cb:35:f8:e3:31:80:35:9c:81:39:20:a2:3e:
                    a5:a0:5b:e9:9c:e9:45:8c:5c:05:79:d7:44:1f:d8:
                    aa:0b:c7:b8:eb:19:85:7e:84:a4:ac:f1:7c:66:74:
                    53:e5:5f:02:fd:7e:dd:f0:83:7a:c2:9e:08:50:0b:
                    17:a1:f4:5e:14:c1:f1:8f:8e:9b:67:be:7b:5e:5e:
                    7f:c6:11:28:60:3f:5e:af:66:e6:76:60:ae:69:a3:
                    e3:35:f4:64:d6:76:15:65:38:76:8c:22:9a:52:a0:
                    2e:43:1b:57:e3:b5:42:02:cc:b5:63:99:31:20:54:
                    37:51:6f:8a:2d:fb:f1:b7:2f:a0:41:e9:2d:7f:22:
                    ef:ec:57:50:67:df:36:c4:f7:af:d6:f8:c7:82:87:
                    86:c3:d5:34:4e:a9:4f:41:72:d1:cc:d3:4c:f1:32:
                    d7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:3B:A9:77:19:4D:4B:B9:51:6D:5E:39:DD:4D:1D:63:84:36:23:8F
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iTupdxlNS7lRbV453U0dY4Q2I48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8a:0e:13:78:07:e3:33:2c:b4:24:c6:71:e9:fb:39:5f:b4:
         4c:9a:c2:73:68:3b:1c:9a:f1:72:4f:a8:92:91:b5:79:9e:19:
         6a:7f:04:04:4c:ea:8e:21:16:1e:59:64:62:e0:30:3e:bc:31:
         01:e2:a8:6e:64:bf:c3:ed:8c:ea:53:db:ba:51:02:21:97:b4:
         5c:61:fd:41:a6:7a:5e:f1:7b:e7:ca:b8:22:de:fd:4f:3d:ad:
         e1:a0:ff:f0:e2:4c:db:91:50:fe:e5:92:3f:c2:d6:1b:02:75:
         0f:41:13:2d:ed:e6:89:36:39:e1:6e:72:2e:ed:27:02:59:aa:
         68:68:c2:49:74:24:58:5a:c1:d4:ca:90:7c:47:e5:7a:3f:31:
         55:c6:9a:8c:62:62:ab:a5:ae:3b:13:2e:07:17:77:da:99:ee:
         c4:45:3b:1f:c7:46:47:39:0c:fc:a2:f0:1f:cf:96:4f:2a:e7:
         23:8f:b6:8f:6c:45:9c:e4:e6:85:8d:9d:6e:17:b1:6e:06:52:
         70:57:f5:18:a7:0c:31:0d:96:d4:5c:e2:e7:93:74:5c:92:0d:
         b7:75:26:c5:f1:d0:b7:d9:33:bc:5c:d7:ac:96:fe:00:59:e1:
         5c:52:05:c5:24:40:3a:3d:75:93:2a:e0:4f:e0:57:c4:69:1d:
         db:f0:1b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvCHU6822NbAmYsfIUHy/fRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTE1MTQ0NDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTNiYTk3NzE5NGQ0YmI5NTE2ZDVlMzlkZDRkMWQ2Mzg0MzYyMzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFycjOAsTEXlZL5Wl92Y1D7jmvJc
XNbmgDh/s99rVPfoAqReJtFJps2qTQCZJxZ8U2gpmBBmAXnE1gsMZKraR9+HhpwA
Xn6pMLz90oGghAx/FRnYKbNwxnSZfcs1+OMxgDWcgTkgoj6loFvpnOlFjFwFeddE
H9iqC8e46xmFfoSkrPF8ZnRT5V8C/X7d8IN6wp4IUAsXofReFMHxj46bZ757Xl5/
xhEoYD9er2bmdmCuaaPjNfRk1nYVZTh2jCKaUqAuQxtX47VCAsy1Y5kxIFQ3UW+K
Lfvxty+gQektfyLv7FdQZ982xPev1vjHgoeGw9U0TqlPQXLRzNNM8TLXeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk7qXcZTUu5UW1eOd1NHWOENiOPMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvaVR1cGR4bE5TN2xSYlY0NTNVMGRZNFEySTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj0IMA0G
CSqGSIb3DQEBCwUAA4IBAQAsig4TeAfjMyy0JMZx6fs5X7RMmsJzaDscmvFyT6iS
kbV5nhlqfwQETOqOIRYeWWRi4DA+vDEB4qhuZL/D7YzqU9u6UQIhl7RcYf1Bpnpe
8Xvnyrgi3v1PPa3hoP/w4kzbkVD+5ZI/wtYbAnUPQRMt7eaJNjnhbnIu7ScCWapo
aMJJdCRYWsHUypB8R+V6PzFVxpqMYmKrpa47Ey4HF3fame7ERTsfx0ZHOQz8ovAf
z5ZPKucjj7aPbEWc5OaFjZ1uF7FuBlJwV/UYpwwxDZbUXOLnk3Rckg23dSbF8dC3
2TO8XNeslv4AWeFcUgXFJEA6PXWTKuBP4FfEaR3b8BvX
-----END CERTIFICATE-----