This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/40KDSASfGPMwpHeS37slp-j0rQc.roa
File:                     40KDSASfGPMwpHeS37slp-j0rQc.roa (raw, json)
Hash identifier:          rAJmytBiFPMUg2cngxXF4lphujTgkfGyEYnCOSO+hfI=
Subject key identifier:   E3:42:83:48:04:9F:18:F3:30:A4:77:92:DF:BB:25:A7:E8:F4:AD:07
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C809CA9A94C75AF471014290DB6AD3E
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/40KDSASfGPMwpHeS37slp-j0rQc.roa
Signing time:             Fri 02 Jan 2026 02:19:22 +0000
ROA not before:           Fri 02 Jan 2026 02:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        88.216.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:9c:a9:a9:4c:75:af:47:10:14:29:0d:b6:ad:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3428348049f18f330a47792dfbb25a7e8f4ad07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:06:a5:e4:b5:91:e9:dd:6c:84:8c:5b:ed:40:
                    91:35:6f:bf:88:62:25:d3:68:c0:f4:26:97:09:02:
                    a1:85:02:e1:a7:e5:01:fc:5e:9d:96:71:d9:0e:66:
                    fc:b8:8a:8a:8c:d9:8e:4b:e1:92:cb:07:41:17:53:
                    81:40:da:ca:d4:02:1a:ea:7f:4d:cc:99:fb:fc:2a:
                    6e:1f:21:50:28:88:31:ad:11:7f:c1:04:fb:a7:01:
                    59:ef:96:ff:37:16:27:ac:97:eb:15:dc:2f:ce:c5:
                    69:78:51:cd:61:d7:36:b9:6d:4f:a1:38:c5:e6:9e:
                    6c:89:c3:f7:f9:27:6f:4b:13:79:ee:de:a6:f4:ce:
                    f2:5f:9d:39:97:b3:23:de:05:52:ed:d3:ee:55:18:
                    ae:49:01:a4:51:e5:f0:f5:66:2f:0d:00:f1:0c:8b:
                    1b:0d:d7:ff:3c:b0:7e:e2:6f:8f:af:c6:48:7b:49:
                    5e:63:c4:0a:78:18:63:3b:90:7e:20:07:70:51:64:
                    96:ce:d8:f6:99:d8:87:e0:bd:54:47:ca:a6:c3:1c:
                    ce:b1:fb:8b:8f:e8:07:20:44:b0:cb:f4:3a:cd:5c:
                    76:7c:96:5e:4f:32:aa:4b:2c:25:fc:c6:76:8d:69:
                    07:35:91:99:08:b2:3a:f1:a4:37:4f:8b:e6:9b:13:
                    9c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:42:83:48:04:9F:18:F3:30:A4:77:92:DF:BB:25:A7:E8:F4:AD:07
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/40KDSASfGPMwpHeS37slp-j0rQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f9:9f:7b:56:47:b5:fc:d0:5b:62:25:c4:0b:3d:84:c5:db:
         2f:f9:24:b3:88:9d:19:0d:61:9b:b3:52:c2:51:dd:2f:f2:6d:
         ee:da:9b:f7:34:71:d3:89:d7:59:15:b3:90:ee:b7:f5:da:d8:
         6c:ec:46:dc:52:2e:c7:44:d5:b3:7d:bd:da:17:53:33:b7:36:
         57:07:11:f9:1b:75:5e:17:72:aa:fe:59:95:33:90:5c:17:eb:
         f3:0d:67:cd:52:01:3e:4f:c1:df:f7:35:26:90:cb:1f:ab:40:
         29:8b:8d:9a:7f:3d:a3:7c:fc:cf:8d:d3:18:ce:08:af:b0:fd:
         fb:43:9e:24:f0:98:6c:90:53:3c:36:01:ea:0e:82:c1:b2:2f:
         7b:72:7f:da:b1:96:fb:fe:2d:cb:a4:b4:75:0c:ff:55:e6:88:
         ed:20:43:b9:da:8f:ba:d6:36:68:1e:a6:72:84:c7:90:0e:15:
         54:0a:12:b6:e9:45:0f:b9:7e:81:d0:07:14:47:c2:79:4c:db:
         32:98:8e:a3:0a:29:6e:f5:c8:7a:8c:3e:b5:e9:9c:7c:1a:0e:
         36:39:80:18:43:02:27:9a:69:a1:d9:60:23:ac:3a:a3:78:bf:
         f9:df:2e:a2:4b:ac:00:05:0f:27:8e:1c:80:c9:bc:e9:67:19:
         6f:46:12:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gJypqUx1r0cQFCkNtq0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQyODM0ODA0OWYxOGYzMzBhNDc3OTJkZmJiMjVhN2U4ZjRhZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQal5LWR6d1shIxb7UCRNW+/iGIl
02jA9CaXCQKhhQLhp+UB/F6dlnHZDmb8uIqKjNmOS+GSywdBF1OBQNrK1AIa6n9N
zJn7/CpuHyFQKIgxrRF/wQT7pwFZ75b/NxYnrJfrFdwvzsVpeFHNYdc2uW1PoTjF
5p5sicP3+SdvSxN57t6m9M7yX505l7Mj3gVS7dPuVRiuSQGkUeXw9WYvDQDxDIsb
Ddf/PLB+4m+Pr8ZIe0leY8QKeBhjO5B+IAdwUWSWztj2mdiH4L1UR8qmwxzOsfuL
j+gHIESwy/Q6zVx2fJZeTzKqSywl/MZ2jWkHNZGZCLI68aQ3T4vmmxOcXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONCg0gEnxjzMKR3kt+7Jafo9K0HMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvNDBLRFNBU2ZHUE13cEhlUzM3c2xwLWowclFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjdMA0G
CSqGSIb3DQEBCwUAA4IBAQAE+Z97Vke1/NBbYiXECz2Exdsv+SSziJ0ZDWGbs1LC
Ud0v8m3u2pv3NHHTiddZFbOQ7rf12ths7EbcUi7HRNWzfb3aF1MztzZXBxH5G3Ve
F3Kq/lmVM5BcF+vzDWfNUgE+T8Hf9zUmkMsfq0Api42afz2jfPzPjdMYzgivsP37
Q54k8JhskFM8NgHqDoLBsi97cn/asZb7/i3LpLR1DP9V5ojtIEO52o+61jZoHqZy
hMeQDhVUChK26UUPuX6B0AcUR8J5TNsymI6jCilu9ch6jD616Zx8Gg42OYAYQwIn
mmmh2WAjrDqjeL/53y6iS6wABQ8njhyAybzpZxlvRhLD
-----END CERTIFICATE-----