This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/DhnVxA5epBkWnt3PDulS5ypiRRE.roa
File:                     DhnVxA5epBkWnt3PDulS5ypiRRE.roa (raw, json)
Hash identifier:          cV+0Z4XARQ4usZE3nfMuQg0VGiGEUn16U9an0D+YjNU=
Subject key identifier:   0E:19:D5:C4:0E:5E:A4:19:16:9E:DD:CF:0E:E9:52:E7:2A:62:45:11
Certificate issuer:       /CN=440e88c3137f8a915f7da1b5c0341ca18c2c234c
Certificate serial:       019B7C8023091A1E8F645E2DF7E30FB5A6A6
Authority key identifier: 44:0E:88:C3:13:7F:8A:91:5F:7D:A1:B5:C0:34:1C:A1:8C:2C:23:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RA6IwxN_ipFffaG1wDQcoYwsI0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/DhnVxA5epBkWnt3PDulS5ypiRRE.roa
Signing time:             Fri 02 Jan 2026 02:18:50 +0000
ROA not before:           Fri 02 Jan 2026 02:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        213.5.173.0/24 maxlen: 24
                          213.5.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/RA6IwxN_ipFffaG1wDQcoYwsI0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/RA6IwxN_ipFffaG1wDQcoYwsI0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RA6IwxN_ipFffaG1wDQcoYwsI0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:23:09:1a:1e:8f:64:5e:2d:f7:e3:0f:b5:a6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=440e88c3137f8a915f7da1b5c0341ca18c2c234c
        Validity
            Not Before: Jan  2 02:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e19d5c40e5ea419169eddcf0ee952e72a624511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:39:1b:06:dd:9e:b7:e5:25:30:e2:f2:b3:16:
                    77:22:3b:e5:e6:97:aa:d6:24:cb:37:4f:51:4e:7e:
                    17:73:d9:b6:bb:43:75:c8:80:41:83:8e:ab:b1:a6:
                    3e:4e:34:b9:f8:47:a8:8b:2d:01:8c:78:f2:85:13:
                    55:a3:22:13:39:81:15:4e:a8:df:e0:99:7c:b5:08:
                    b0:83:30:57:d1:c3:cd:ac:06:78:99:58:f6:e7:cb:
                    8d:af:6b:f1:ec:fa:2e:4c:74:a0:74:70:13:17:ca:
                    3f:8b:3b:2f:c7:35:22:36:07:cd:c2:9e:54:09:90:
                    ea:b1:01:08:e5:78:c3:f6:14:56:69:14:66:e7:44:
                    8b:85:be:92:61:bf:57:81:24:0f:14:f6:4d:46:30:
                    bc:e8:99:6b:17:04:6a:29:46:07:be:8c:d4:21:21:
                    d2:07:99:44:fc:7b:2c:d8:61:59:f2:44:2e:c6:fb:
                    05:43:4d:88:0b:aa:65:5e:b1:09:78:e0:36:3e:1b:
                    ea:b1:9a:8b:a5:0b:02:98:88:b2:f4:99:12:a9:06:
                    73:ad:70:52:16:dc:a2:5e:6c:23:32:11:ba:fa:3c:
                    14:d4:dc:30:06:53:ef:65:1a:ed:06:78:c7:06:0b:
                    33:24:6e:7b:39:a3:97:95:d7:73:2f:8c:01:e4:2d:
                    27:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:19:D5:C4:0E:5E:A4:19:16:9E:DD:CF:0E:E9:52:E7:2A:62:45:11
            X509v3 Authority Key Identifier:
                keyid:44:0E:88:C3:13:7F:8A:91:5F:7D:A1:B5:C0:34:1C:A1:8C:2C:23:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RA6IwxN_ipFffaG1wDQcoYwsI0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/DhnVxA5epBkWnt3PDulS5ypiRRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/0789aa-9e73-45ee-91b6-143ff60d9991/1/RA6IwxN_ipFffaG1wDQcoYwsI0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.173.0-213.5.174.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:d5:e0:9d:48:4e:a4:e3:4e:9a:67:d1:76:81:4f:72:16:12:
         e1:a0:a7:c8:62:79:d6:26:7a:ab:7f:70:3d:03:2b:bf:24:28:
         01:69:67:31:2d:a3:d6:7a:79:30:af:33:cf:94:60:d0:78:a2:
         45:c2:24:a3:81:ab:22:d5:15:95:9f:96:76:2b:a5:d9:1e:f2:
         f1:f1:68:76:4b:0d:4f:f0:52:0e:ba:cb:69:6a:50:d7:a6:56:
         46:75:de:19:17:d5:19:4e:c1:f8:b5:3f:fe:3b:44:50:f3:68:
         d0:7a:ee:97:1b:27:49:d7:b4:f2:66:d0:28:cc:97:6b:bb:09:
         8f:7f:79:12:90:19:b7:a0:eb:a9:20:53:c7:90:ed:cf:b3:65:
         7c:2f:a2:37:ba:42:fd:b5:aa:9d:9b:00:22:d2:a2:70:52:a8:
         85:97:33:59:15:05:85:93:88:2d:a8:13:1d:e2:75:18:b5:5e:
         15:3a:78:82:92:d0:44:63:65:bf:05:a9:ed:63:51:79:2a:43:
         34:d3:05:78:92:1d:5e:7c:44:82:c8:d4:cd:67:2b:ae:fb:32:
         94:51:57:a3:49:8f:0c:d9:da:e6:8a:eb:69:fc:f6:19:d7:74:
         76:70:47:ea:0b:b9:5b:b8:d4:59:fb:5f:7d:6b:da:dd:e1:4a:
         82:66:89:a5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt8gCMJGh6PZF4t9+MPtaamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MGU4OGMzMTM3ZjhhOTE1ZjdkYTFiNWMwMzQxY2ExOGMy
YzIzNGMwHhcNMjYwMTAyMDIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE5ZDVjNDBlNWVhNDE5MTY5ZWRkY2YwZWU5NTJlNzJhNjI0NTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDkbBt2et+UlMOLysxZ3Ijvl5peq
1iTLN09RTn4Xc9m2u0N1yIBBg46rsaY+TjS5+Eeoiy0BjHjyhRNVoyITOYEVTqjf
4Jl8tQiwgzBX0cPNrAZ4mVj258uNr2vx7PouTHSgdHATF8o/izsvxzUiNgfNwp5U
CZDqsQEI5XjD9hRWaRRm50SLhb6SYb9XgSQPFPZNRjC86JlrFwRqKUYHvozUISHS
B5lE/Hss2GFZ8kQuxvsFQ02IC6plXrEJeOA2PhvqsZqLpQsCmIiy9JkSqQZzrXBS
FtyiXmwjMhG6+jwU1NwwBlPvZRrtBnjHBgszJG57OaOXlddzL4wB5C0nMQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA4Z1cQOXqQZFp7dzw7pUucqYkURMB8GA1UdIwQY
MBaAFEQOiMMTf4qRX32htcA0HKGMLCNMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkE2SXd4Tl9pcEZmZmFHMXdEUWNvWXdzSTB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wNzg5YWEtOWU3My00NWVlLTkxYjYt
MTQzZmY2MGQ5OTkxLzEvRGhuVnhBNWVwQmtXbnQzUER1bFM1eXBpUlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wNzg5YWEtOWU3My00NWVlLTkxYjYtMTQzZmY2MGQ5OTkx
LzEvUkE2SXd4Tl9pcEZmZmFHMXdEUWNvWXdzSTB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVBa0D
BADVBa4wDQYJKoZIhvcNAQELBQADggEBAFrV4J1ITqTjTppn0XaBT3IWEuGgp8hi
edYmeqt/cD0DK78kKAFpZzEto9Z6eTCvM8+UYNB4okXCJKOBqyLVFZWflnYrpdke
8vHxaHZLDU/wUg66y2lqUNemVkZ13hkX1RlOwfi1P/47RFDzaNB67pcbJ0nXtPJm
0CjMl2u7CY9/eRKQGbeg66kgU8eQ7c+zZXwvoje6Qv21qp2bACLSonBSqIWXM1kV
BYWTiC2oEx3idRi1XhU6eIKS0ERjZb8Fqe1jUXkqQzTTBXiSHV58RILI1M1nK677
MpRRV6NJjwzZ2uaK62n89hnXdHZwR+oLuVu41Fn7X31r2t3hSoJmiaU=
-----END CERTIFICATE-----