This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/16NNRYKcMtPO3l4tyItIrY8h2j0.roa
File:                     16NNRYKcMtPO3l4tyItIrY8h2j0.roa (raw, json)
Hash identifier:          n/D4QX4whPLnDcZV4Beurl7vINkWm+9qF/HLT546rMY=
Subject key identifier:   D7:A3:4D:45:82:9C:32:D3:CE:DE:5E:2D:C8:8B:48:AD:8F:21:DA:3D
Certificate issuer:       /CN=db30f2fff4fe10b1a79c127a6a4ad82ca5326064
Certificate serial:       019B7BA531B439A950A84EB1CB30AAB74992
Authority key identifier: DB:30:F2:FF:F4:FE:10:B1:A7:9C:12:7A:6A:4A:D8:2C:A5:32:60:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/16NNRYKcMtPO3l4tyItIrY8h2j0.roa
Signing time:             Thu 01 Jan 2026 22:19:42 +0000
ROA not before:           Thu 01 Jan 2026 22:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        193.53.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:31:b4:39:a9:50:a8:4e:b1:cb:30:aa:b7:49:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db30f2fff4fe10b1a79c127a6a4ad82ca5326064
        Validity
            Not Before: Jan  1 22:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7a34d45829c32d3cede5e2dc88b48ad8f21da3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3b:00:9e:26:0d:4d:72:45:cb:98:f5:ab:68:
                    12:b6:b8:2b:05:30:9e:cb:65:87:3d:83:f9:63:53:
                    a8:95:c2:79:e7:0e:6e:97:5c:54:d5:73:ac:27:70:
                    e8:a4:02:0e:48:4f:d6:31:5b:2b:a0:ce:aa:c0:63:
                    3f:e7:9c:18:10:42:d2:95:88:bd:2f:81:6b:b7:f6:
                    59:d7:87:76:5c:18:29:22:cb:28:69:33:17:fa:3f:
                    42:7c:f3:a4:11:0f:1a:a6:48:46:48:a5:2e:60:7e:
                    71:ac:74:7d:3e:c6:97:25:3d:bb:fe:b0:f3:8f:53:
                    8e:ec:e0:9e:b3:c2:a1:3c:65:ef:99:cb:8d:c5:ce:
                    16:d9:91:65:32:1d:03:15:f4:6c:cb:7f:fa:84:c6:
                    f0:84:8d:6c:ed:75:53:2d:c7:ca:2f:0a:07:85:86:
                    67:2b:2b:8b:f5:47:5e:ba:95:55:a8:a5:6a:13:bf:
                    c9:54:fc:48:f6:39:a6:c6:f6:c3:05:14:a3:ac:9b:
                    50:f2:9f:8b:af:bc:d2:79:05:77:a5:79:d4:a5:06:
                    8f:b1:81:c0:09:42:28:4a:e6:f0:6a:b1:48:d6:28:
                    6d:cf:e0:55:94:6b:ed:3c:02:1f:76:7f:a8:4a:27:
                    b5:d5:98:48:da:e2:72:ec:4d:ac:02:a2:73:01:0d:
                    2e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:A3:4D:45:82:9C:32:D3:CE:DE:5E:2D:C8:8B:48:AD:8F:21:DA:3D
            X509v3 Authority Key Identifier:
                keyid:DB:30:F2:FF:F4:FE:10:B1:A7:9C:12:7A:6A:4A:D8:2C:A5:32:60:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/16NNRYKcMtPO3l4tyItIrY8h2j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a5:33:43:cf:7c:6c:ea:f6:6f:7b:3e:38:bd:c9:bc:a3:ed:
         dd:7f:b5:a3:94:f4:6f:13:01:c8:6a:8b:16:3f:bd:c9:bb:88:
         e3:77:72:05:87:1e:31:3c:f5:5a:b3:39:16:54:62:62:cf:f3:
         95:ed:92:72:02:6b:d7:75:12:b7:d2:8c:80:40:2d:8d:b4:ba:
         dc:ce:cd:9f:20:e5:25:ec:1e:10:23:29:89:ae:1c:ae:b7:d0:
         75:e0:01:22:44:5f:2c:c5:d7:6d:a0:d0:d0:e4:34:93:06:a3:
         f9:d1:74:7e:df:2b:f8:5e:43:48:3e:95:98:fd:c1:70:ef:01:
         27:0c:3e:4d:8d:ee:a9:47:01:a9:18:51:46:c4:19:26:2c:6d:
         08:21:b7:b3:3b:93:09:fd:fb:7d:8b:fc:f4:d9:ed:db:e5:2b:
         57:64:3d:27:f0:97:d1:c2:72:cf:42:08:b7:cc:d1:5d:dd:1d:
         99:79:18:4a:94:16:dc:b3:97:02:0f:c5:31:1f:24:31:cb:46:
         59:73:dc:35:37:c0:64:42:d0:0d:6b:b6:30:09:3b:e1:cb:8e:
         ee:78:cc:75:20:bb:2f:24:78:ea:83:c3:19:87:4e:16:6d:02:
         63:16:db:80:12:19:cd:b7:8f:71:27:93:d8:8a:f7:e1:51:58:
         a6:00:d4:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTG0OalQqE6xyzCqt0mSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMzBmMmZmZjRmZTEwYjFhNzljMTI3YTZhNGFkODJjYTUz
MjYwNjQwHhcNMjYwMTAxMjIxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2EzNGQ0NTgyOWMzMmQzY2VkZTVlMmRjODhiNDhhZDhmMjFkYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjsAniYNTXJFy5j1q2gStrgrBTCe
y2WHPYP5Y1OolcJ55w5ul1xU1XOsJ3DopAIOSE/WMVsroM6qwGM/55wYEELSlYi9
L4Frt/ZZ14d2XBgpIssoaTMX+j9CfPOkEQ8apkhGSKUuYH5xrHR9PsaXJT27/rDz
j1OO7OCes8KhPGXvmcuNxc4W2ZFlMh0DFfRsy3/6hMbwhI1s7XVTLcfKLwoHhYZn
KyuL9UdeupVVqKVqE7/JVPxI9jmmxvbDBRSjrJtQ8p+Lr7zSeQV3pXnUpQaPsYHA
CUIoSubwarFI1ihtz+BVlGvtPAIfdn+oSie11ZhI2uJy7E2sAqJzAQ0uHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNejTUWCnDLTzt5eLciLSK2PIdo9MB8GA1UdIwQY
MBaAFNsw8v/0/hCxp5wSempK2CylMmBkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnpEeV9fVC1FTEdubkJKNmFrcllMS1V5WUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMGMwYWYtNjE5Yi00YWQ1LWI5NWYt
OTM3ZTI1MjNkNmY3LzEvMTZOTlJZS2NNdFBPM2w0dHlJdElyWThoMmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMGMwYWYtNjE5Yi00YWQ1LWI5NWYtOTM3ZTI1MjNkNmY3
LzEvMnpEeV9fVC1FTEdubkJKNmFrcllMS1V5WUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTWbMA0G
CSqGSIb3DQEBCwUAA4IBAQBipTNDz3xs6vZvez44vcm8o+3df7WjlPRvEwHIaosW
P73Ju4jjd3IFhx4xPPVaszkWVGJiz/OV7ZJyAmvXdRK30oyAQC2NtLrczs2fIOUl
7B4QIymJrhyut9B14AEiRF8sxddtoNDQ5DSTBqP50XR+3yv4XkNIPpWY/cFw7wEn
DD5Nje6pRwGpGFFGxBkmLG0IIbezO5MJ/ft9i/z02e3b5StXZD0n8JfRwnLPQgi3
zNFd3R2ZeRhKlBbcs5cCD8UxHyQxy0ZZc9w1N8BkQtANa7YwCTvhy47ueMx1ILsv
JHjqg8MZh04WbQJjFtuAEhnNt49xJ5PYivfhUVimANQI
-----END CERTIFICATE-----