This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/A21reqgYNyBlXB8slRp24bh0MOA.roa
File:                     A21reqgYNyBlXB8slRp24bh0MOA.roa (raw, json)
Hash identifier:          Xafwn7SPxi94B2kBwDoPWUvPTCgb232mRLoEMnbvhJA=
Subject key identifier:   03:6D:6B:7A:A8:18:37:20:65:5C:1F:2C:95:1A:76:E1:B8:74:30:E0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C809AEB1FC2BC2A1916F8AAFF2EC571
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/A21reqgYNyBlXB8slRp24bh0MOA.roa
Signing time:             Fri 02 Jan 2026 02:19:21 +0000
ROA not before:           Fri 02 Jan 2026 02:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        88.216.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:9a:eb:1f:c2:bc:2a:19:16:f8:aa:ff:2e:c5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=036d6b7aa8183720655c1f2c951a76e1b87430e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:0d:15:64:02:09:2a:7a:2e:d0:23:d0:b8:
                    8d:5b:0f:a6:b1:3e:7a:f3:7a:ec:9a:f2:bd:5f:4f:
                    95:53:c6:01:38:af:94:bd:94:f6:91:36:86:ce:5a:
                    18:3a:6a:48:ee:e7:52:16:b0:a9:a5:9e:95:fd:8e:
                    78:56:3b:7d:29:09:35:61:70:b2:9b:44:57:f9:93:
                    39:a6:ab:3a:10:a3:be:9a:46:0f:d9:f7:e4:11:fe:
                    57:4a:e5:6b:9a:99:af:65:5f:de:94:82:c5:85:af:
                    a3:f9:58:d1:ef:e5:bb:29:54:36:f4:97:38:bc:a4:
                    7b:7a:d1:d1:d6:d6:87:de:5e:dc:d7:b3:76:40:c0:
                    7e:ae:11:8d:4c:b3:98:81:21:c9:e2:1f:1f:ee:78:
                    cb:ec:b8:0c:44:fe:ef:1d:6b:19:22:64:5f:b3:0f:
                    9b:2e:61:69:73:25:26:41:8b:33:3f:75:0f:d2:58:
                    a6:cd:c5:63:a1:96:17:9a:bb:0f:08:b3:8c:aa:b2:
                    5a:69:ba:b0:4f:2b:bd:e8:08:32:75:eb:01:fa:a5:
                    a3:82:db:93:af:4c:ca:a5:24:4e:94:d5:e5:32:48:
                    37:69:b1:27:59:05:ef:8b:c7:28:5d:60:78:2c:28:
                    28:ac:af:dc:87:55:45:d3:57:67:52:6c:2f:7c:e5:
                    98:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6D:6B:7A:A8:18:37:20:65:5C:1F:2C:95:1A:76:E1:B8:74:30:E0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/A21reqgYNyBlXB8slRp24bh0MOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:55:02:42:e7:a9:8c:9a:da:cb:52:2c:93:fc:eb:ee:e5:00:
         30:54:9c:51:85:99:d2:7e:ff:f3:a8:ac:14:b2:7a:56:18:75:
         9b:fa:8d:1c:ff:bf:59:31:b3:a5:0b:94:d9:30:f4:6f:8c:f2:
         e9:d6:06:1e:a2:0d:30:8f:cb:97:d0:ac:ff:ac:37:00:50:a9:
         93:59:61:7e:61:bb:82:fd:4e:d9:3c:de:af:7c:2c:95:31:00:
         ea:93:68:27:32:95:6d:c5:0a:86:39:a7:02:cd:b3:50:05:1a:
         12:18:24:90:46:0a:ff:35:62:b6:2f:24:a7:5d:b7:85:96:72:
         41:01:17:88:dd:fe:7c:ff:a1:a8:7d:fb:6b:ba:5a:8d:7b:10:
         65:62:ae:45:bf:11:79:04:85:90:66:73:d7:bc:d5:cf:72:ff:
         7e:f7:42:98:7e:f5:e8:98:b5:8d:98:42:3b:e9:4e:91:4b:2f:
         ee:07:b5:0f:c4:b6:c0:dd:80:c2:22:15:30:8e:73:f1:b6:e3:
         1e:19:34:bd:45:ed:28:b7:d8:6f:08:ed:8a:dc:58:5a:88:39:
         c9:04:e6:e6:5e:2a:f5:1c:55:1c:d8:f3:63:aa:41:b3:22:51:
         8c:f6:29:a1:8d:50:80:2c:2c:30:a3:dd:34:ef:ce:52:2c:96:
         72:ae:be:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gJrrH8K8KhkW+Kr/LsVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZkNmI3YWE4MTgzNzIwNjU1YzFmMmM5NTFhNzZlMWI4NzQzMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6cNFWQCCSp6LtAj0LiNWw+msT56
83rsmvK9X0+VU8YBOK+UvZT2kTaGzloYOmpI7udSFrCppZ6V/Y54Vjt9KQk1YXCy
m0RX+ZM5pqs6EKO+mkYP2ffkEf5XSuVrmpmvZV/elILFha+j+VjR7+W7KVQ29Jc4
vKR7etHR1taH3l7c17N2QMB+rhGNTLOYgSHJ4h8f7njL7LgMRP7vHWsZImRfsw+b
LmFpcyUmQYszP3UP0limzcVjoZYXmrsPCLOMqrJaabqwTyu96AgydesB+qWjgtuT
r0zKpSROlNXlMkg3abEnWQXvi8coXWB4LCgorK/ch1VF01dnUmwvfOWYfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANta3qoGDcgZVwfLJUaduG4dDDgMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvQTIxcmVxZ1lOeUJsWEI4c2xScDI0YmgwTU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNhFMA0G
CSqGSIb3DQEBCwUAA4IBAQB2VQJC56mMmtrLUiyT/Ovu5QAwVJxRhZnSfv/zqKwU
snpWGHWb+o0c/79ZMbOlC5TZMPRvjPLp1gYeog0wj8uX0Kz/rDcAUKmTWWF+YbuC
/U7ZPN6vfCyVMQDqk2gnMpVtxQqGOacCzbNQBRoSGCSQRgr/NWK2LySnXbeFlnJB
AReI3f58/6GofftrulqNexBlYq5FvxF5BIWQZnPXvNXPcv9+90KYfvXomLWNmEI7
6U6RSy/uB7UPxLbA3YDCIhUwjnPxtuMeGTS9Re0ot9hvCO2K3FhaiDnJBObmXir1
HFUc2PNjqkGzIlGM9imhjVCALCwwo900785SLJZyrr4h
-----END CERTIFICATE-----