This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/A2i3CZqHaJvWHE1-oi0jzixLoJI.roa
File:                     A2i3CZqHaJvWHE1-oi0jzixLoJI.roa (raw, json)
Hash identifier:          6drEoJyxZWw8TVLle5b1hZrEavi1mUrGeOxrjUxVKiE=
Subject key identifier:   03:68:B7:09:9A:87:68:9B:D6:1C:4D:7E:A2:2D:23:CE:2C:4B:A0:92
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B897DBE9AD2B67AC8C6377CA19D7C19FD
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/A2i3CZqHaJvWHE1-oi0jzixLoJI.roa
Signing time:             Sun 04 Jan 2026 14:51:17 +0000
ROA not before:           Sun 04 Jan 2026 14:51:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213344
IP address blocks:        188.255.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:89:7d:be:9a:d2:b6:7a:c8:c6:37:7c:a1:9d:7c:19:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  4 14:51:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0368b7099a87689bd61c4d7ea22d23ce2c4ba092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:24:ec:35:a8:3b:cf:9e:cc:c6:25:e8:43:b9:
                    9e:b0:09:c6:38:19:f8:61:8f:10:2b:22:51:a3:b9:
                    bc:90:ea:07:5f:04:9e:21:71:21:04:ed:cc:04:77:
                    3d:46:7b:22:c1:cd:4c:e5:7b:0b:65:99:58:ba:6f:
                    b8:a0:ff:63:55:f5:40:3a:62:42:e4:8b:bd:62:0d:
                    26:7b:81:ca:39:9d:88:ca:e9:66:fd:43:9d:9e:b5:
                    1e:0a:85:1e:77:e9:b4:0a:6f:1b:fe:b8:fb:df:60:
                    86:f6:d0:e5:ee:ff:ed:f1:8a:e0:ea:f5:97:ac:c7:
                    27:00:77:8e:5d:64:76:3f:36:46:87:c9:54:d8:1b:
                    9d:a6:da:44:23:b0:ed:9f:87:8b:ea:0f:9a:a1:8c:
                    95:98:24:9c:ca:6a:87:ee:9c:c1:3d:9d:c1:4f:d9:
                    0c:16:1e:ee:fc:7b:55:ce:b5:b5:a9:db:da:a5:56:
                    ac:5e:73:fc:30:e5:5b:63:2d:77:b4:87:45:d8:52:
                    f7:fe:ac:97:57:d3:c0:27:22:55:e5:41:c3:a2:a7:
                    65:ce:dd:dd:24:32:4e:ff:5a:0a:50:50:e7:cf:0e:
                    c8:45:5c:0d:74:5e:39:b3:b6:b7:5c:d5:6e:53:f5:
                    a3:0a:13:e3:34:e8:18:6f:0d:71:8b:27:31:b6:76:
                    01:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:68:B7:09:9A:87:68:9B:D6:1C:4D:7E:A2:2D:23:CE:2C:4B:A0:92
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/A2i3CZqHaJvWHE1-oi0jzixLoJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c2:c9:1c:08:be:1b:2c:48:4b:53:98:d3:55:d0:50:9f:3b:
         e1:b8:e8:ba:60:f0:8e:12:22:6d:8f:ec:91:6d:37:42:4c:17:
         72:97:13:0d:e4:46:1d:44:38:c6:b3:f8:42:fe:d2:dd:ac:48:
         22:60:aa:6e:d5:0a:0a:12:b7:79:9c:d0:46:d7:5b:61:25:43:
         04:9e:8e:b0:ce:11:a1:ac:3b:43:59:a8:51:c3:ed:36:16:9c:
         42:28:c1:d2:14:0b:7c:50:0e:d3:ce:1a:2c:f3:a7:98:42:a1:
         3d:42:f0:0d:d6:88:b6:fb:40:91:a7:27:de:43:9c:f3:27:4c:
         d5:a7:84:e8:fc:7a:4b:ab:b2:37:ed:a7:69:fa:27:21:26:2e:
         91:ed:b6:b3:68:39:89:24:de:7a:58:b6:bf:39:8a:af:61:79:
         d7:17:0b:a6:b6:a4:19:67:43:d4:94:3f:6b:47:23:92:8b:05:
         8a:0e:15:f5:c8:22:be:59:d5:49:a6:80:d6:db:ac:4a:a1:35:
         e2:3e:85:31:41:de:94:bb:d8:73:67:71:87:ed:99:96:2d:9b:
         df:a2:51:59:88:99:d9:17:97:ec:8f:88:9b:e0:02:6e:c1:72:
         24:c3:40:9c:bb:30:46:24:c4:fe:ca:be:40:83:04:dc:74:eb:
         ac:38:42:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuJfb6a0rZ6yMY3fKGdfBn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTA0MTQ1MTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY4YjcwOTlhODc2ODliZDYxYzRkN2VhMjJkMjNjZTJjNGJhMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iTsNag7z57MxiXoQ7mesAnGOBn4
YY8QKyJRo7m8kOoHXwSeIXEhBO3MBHc9Rnsiwc1M5XsLZZlYum+4oP9jVfVAOmJC
5Iu9Yg0me4HKOZ2Iyulm/UOdnrUeCoUed+m0Cm8b/rj732CG9tDl7v/t8Yrg6vWX
rMcnAHeOXWR2PzZGh8lU2BudptpEI7Dtn4eL6g+aoYyVmCScymqH7pzBPZ3BT9kM
Fh7u/HtVzrW1qdvapVasXnP8MOVbYy13tIdF2FL3/qyXV9PAJyJV5UHDoqdlzt3d
JDJO/1oKUFDnzw7IRVwNdF45s7a3XNVuU/WjChPjNOgYbw1xiycxtnYBPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANotwmah2ib1hxNfqItI84sS6CSMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQTJpM0NacUhhSnZXSEUxLW9pMGp6aXhMb0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+rMA0G
CSqGSIb3DQEBCwUAA4IBAQBnwskcCL4bLEhLU5jTVdBQnzvhuOi6YPCOEiJtj+yR
bTdCTBdylxMN5EYdRDjGs/hC/tLdrEgiYKpu1QoKErd5nNBG11thJUMEno6wzhGh
rDtDWahRw+02FpxCKMHSFAt8UA7Tzhos86eYQqE9QvAN1oi2+0CRpyfeQ5zzJ0zV
p4To/HpLq7I37adp+ichJi6R7bazaDmJJN56WLa/OYqvYXnXFwumtqQZZ0PUlD9r
RyOSiwWKDhX1yCK+WdVJpoDW26xKoTXiPoUxQd6Uu9hzZ3GH7ZmWLZvfolFZiJnZ
F5fsj4ib4AJuwXIkw0CcuzBGJMT+yr5AgwTcdOusOEKu
-----END CERTIFICATE-----