This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/fDPuMYjL7iwuQzRHQw3ok372mfU.roa
File:                     fDPuMYjL7iwuQzRHQw3ok372mfU.roa (raw, json)
Hash identifier:          zWt5a5APl7Cb8l+lYNIvqdjQJV2PNl8C2Gw5qS4KES8=
Subject key identifier:   7C:33:EE:31:88:CB:EE:2C:2E:43:34:47:43:0D:E8:93:7E:F6:99:F5
Certificate issuer:       /CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
Certificate serial:       019B79EC2BA8AE589DC34DE035EE7C18C352
Authority key identifier: A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/fDPuMYjL7iwuQzRHQw3ok372mfU.roa
Signing time:             Thu 01 Jan 2026 14:17:59 +0000
ROA not before:           Thu 01 Jan 2026 14:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201425
IP address blocks:        188.214.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:2b:a8:ae:58:9d:c3:4d:e0:35:ee:7c:18:c3:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
        Validity
            Not Before: Jan  1 14:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c33ee3188cbee2c2e433447430de8937ef699f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:09:18:f1:76:45:58:dd:1b:ea:de:3b:4f:4c:
                    bd:bb:3a:8b:3f:2a:13:7a:c5:04:12:e6:9f:71:45:
                    a9:9e:19:f8:4e:c7:07:86:cf:77:9f:69:b3:0b:30:
                    6c:50:16:b4:c2:6e:15:2a:eb:ee:32:5f:24:72:08:
                    3e:5e:cf:4c:0d:71:e5:34:53:1e:f9:cb:65:90:01:
                    f4:ad:72:dd:c6:48:7a:46:2f:1f:40:7f:e2:3f:26:
                    bd:2a:d4:a4:35:96:f1:85:e4:57:34:a5:6e:ee:ab:
                    c7:f7:23:a6:a8:9d:56:0a:24:bb:4c:ce:6b:50:f3:
                    e7:b6:a1:ea:b7:55:5e:31:97:42:60:cc:e2:c2:54:
                    40:ca:97:23:62:a8:c8:1f:b5:21:38:f3:c5:ac:6f:
                    97:81:42:37:a9:15:73:ee:54:23:fb:b3:35:1f:64:
                    cd:a9:85:59:bb:fb:ad:6c:24:4b:db:1e:68:34:f4:
                    2c:26:ab:28:ba:49:9a:3c:86:f1:db:bb:c0:a7:7b:
                    db:bf:2c:bd:45:cc:b5:75:b6:a9:b8:86:38:6a:ca:
                    cf:2f:a4:2c:9e:f3:e6:fb:c2:7f:b2:44:26:dd:a0:
                    e6:7c:56:ea:ed:71:25:ee:63:28:b3:6f:2d:0e:08:
                    24:37:40:18:02:81:cb:b4:ec:01:d4:08:eb:e2:9a:
                    54:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:33:EE:31:88:CB:EE:2C:2E:43:34:47:43:0D:E8:93:7E:F6:99:F5
            X509v3 Authority Key Identifier:
                keyid:A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/fDPuMYjL7iwuQzRHQw3ok372mfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:fb:c0:9c:76:bd:44:df:43:b8:d0:ac:ad:04:0a:fc:85:e3:
         e8:7a:34:43:bc:a8:0e:d3:b5:b5:84:59:0a:29:3e:3c:25:71:
         98:99:a5:5f:83:a6:b7:19:76:c0:ea:25:d4:7a:ab:05:c9:16:
         36:ec:37:98:e2:24:fa:c2:b0:ec:41:0e:90:4b:36:11:ff:4f:
         d9:14:e2:11:fa:3d:0f:07:c2:b0:31:65:dc:d2:0c:46:af:93:
         98:d3:0f:ea:3b:9a:d2:a2:aa:8d:6c:87:47:4d:b7:c6:d9:b3:
         2e:9f:10:83:11:63:00:55:41:31:2e:0e:21:02:16:63:ac:bf:
         1c:f5:5b:a1:a7:4b:1c:de:d8:ec:a6:27:3a:a9:c6:fa:be:b4:
         2f:4c:61:1c:bf:ae:66:c2:6f:4f:60:25:1d:c4:07:b2:c1:bd:
         1f:e0:87:41:21:b6:ac:bd:20:05:75:fd:f7:c9:fd:aa:ee:74:
         86:e4:f1:c7:d1:ec:6e:52:24:10:f5:17:4f:65:dd:a7:3c:52:
         71:bf:bc:07:e4:89:00:c3:b4:5a:1b:03:db:d7:25:78:a0:48:
         1b:86:54:51:57:8e:49:72:be:57:48:82:af:b7:97:2d:dd:2a:
         80:f7:3b:e3:2b:1f:d1:1f:2d:c1:a4:49:6b:cc:9d:fd:c3:d0:
         40:e3:59:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Cuorlidw03gNe58GMNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYWZlMWZlZDFmMmI3ZGIyNGEwYzJkMWY2MTAxMDY4NGU5
M2NiZDUwHhcNMjYwMTAxMTQxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMzZWUzMTg4Y2JlZTJjMmU0MzM0NDc0MzBkZTg5MzdlZjY5OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAkY8XZFWN0b6t47T0y9uzqLPyoT
esUEEuafcUWpnhn4TscHhs93n2mzCzBsUBa0wm4VKuvuMl8kcgg+Xs9MDXHlNFMe
+ctlkAH0rXLdxkh6Ri8fQH/iPya9KtSkNZbxheRXNKVu7qvH9yOmqJ1WCiS7TM5r
UPPntqHqt1VeMZdCYMziwlRAypcjYqjIH7UhOPPFrG+XgUI3qRVz7lQj+7M1H2TN
qYVZu/utbCRL2x5oNPQsJqsoukmaPIbx27vAp3vbvyy9Rcy1dbapuIY4asrPL6Qs
nvPm+8J/skQm3aDmfFbq7XEl7mMos28tDggkN0AYAoHLtOwB1Ajr4ppU9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwz7jGIy+4sLkM0R0MN6JN+9pn1MB8GA1UdIwQY
MBaAFKCv4f7R8rfbJKDC0fYQEGhOk8vVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDIt
ZWNhNTNhN2Y3NzYyLzEvZkRQdU1Zakw3aXd1UXpSSFF3M29rMzcybWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDItZWNhNTNhN2Y3NzYy
LzEvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNZkMA0G
CSqGSIb3DQEBCwUAA4IBAQBA+8Ccdr1E30O40KytBAr8hePoejRDvKgO07W1hFkK
KT48JXGYmaVfg6a3GXbA6iXUeqsFyRY27DeY4iT6wrDsQQ6QSzYR/0/ZFOIR+j0P
B8KwMWXc0gxGr5OY0w/qO5rSoqqNbIdHTbfG2bMunxCDEWMAVUExLg4hAhZjrL8c
9Vuhp0sc3tjspic6qcb6vrQvTGEcv65mwm9PYCUdxAeywb0f4IdBIbasvSAFdf33
yf2q7nSG5PHH0exuUiQQ9RdPZd2nPFJxv7wH5IkAw7RaGwPb1yV4oEgbhlRRV45J
cr5XSIKvt5ct3SqA9zvjKx/RHy3BpElrzJ39w9BA41kA
-----END CERTIFICATE-----