This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dDC223HraVUQsk1CeJoj27W4Uvc.roa
File:                     dDC223HraVUQsk1CeJoj27W4Uvc.roa (raw, json)
Hash identifier:          Vsc4IjyOWsb+SwqL0wPv/IuHW9UXCbtV/vUa3zoy4vY=
Subject key identifier:   74:30:B6:DB:71:EB:69:55:10:B2:4D:42:78:9A:23:DB:B5:B8:52:F7
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       019B7C80B72BF8087CD2502973A383E7E856
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dDC223HraVUQsk1CeJoj27W4Uvc.roa
Signing time:             Fri 02 Jan 2026 02:19:28 +0000
ROA not before:           Fri 02 Jan 2026 02:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212504
IP address blocks:        84.32.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:b7:2b:f8:08:7c:d2:50:29:73:a3:83:e7:e8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 02:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7430b6db71eb695510b24d42789a23dbb5b852f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:91:ac:6c:c4:f3:5a:4c:fb:b3:ce:c9:35:97:
                    a1:09:65:bf:64:02:31:c4:a6:31:71:4e:6e:7c:98:
                    66:70:cd:9c:90:3f:d4:6d:50:d0:8a:2d:ac:71:93:
                    77:27:5a:d7:08:01:79:42:cd:89:b6:ae:4f:d4:91:
                    90:24:92:d4:a0:8f:a5:06:54:a7:0f:06:7d:6b:9b:
                    2c:0e:35:6b:bc:4f:10:d6:e1:da:95:21:b8:16:c2:
                    31:6d:b0:06:df:fe:ec:0a:fa:d7:24:de:6f:f8:26:
                    2d:52:08:25:a6:98:22:2a:d9:ba:61:b6:24:89:c4:
                    ca:b5:ae:57:cb:b9:9a:c8:6b:d5:36:67:a5:c5:74:
                    d5:ae:27:94:14:21:36:26:72:84:9c:fe:dc:0d:40:
                    8e:4d:67:04:46:38:80:8f:a9:70:e4:f5:c3:7c:bf:
                    09:cb:68:2b:f0:da:6b:b1:62:c6:9c:de:48:58:6e:
                    4f:3b:ae:4a:d6:35:a1:9c:11:8c:1c:ad:cb:84:49:
                    5f:0d:07:27:e3:20:eb:06:25:fb:2a:00:d7:66:52:
                    02:73:1e:1c:1b:92:9b:c0:eb:3c:2d:f2:94:b0:fc:
                    00:68:f5:09:51:1b:38:38:26:a3:a6:d9:b9:b9:ef:
                    94:2b:8e:0f:dc:ef:0c:7e:57:45:84:2e:a7:01:ac:
                    03:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:30:B6:DB:71:EB:69:55:10:B2:4D:42:78:9A:23:DB:B5:B8:52:F7
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/dDC223HraVUQsk1CeJoj27W4Uvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:92:6e:7f:23:8e:17:4c:f9:73:7f:32:34:eb:94:0b:b6:b5:
         35:b6:88:6f:8e:29:7c:77:c9:32:c2:b3:79:52:49:f1:05:13:
         94:75:e2:ae:1e:63:d3:1a:9b:2a:9f:24:60:9c:d3:bb:6b:95:
         ee:d7:aa:36:43:2e:1f:1f:17:00:1b:d5:cd:90:16:cd:a6:f7:
         14:3e:5f:0f:d1:3a:23:3c:53:01:8b:ca:3d:24:76:ce:50:bf:
         2b:64:7c:87:8c:8c:fd:42:e7:98:cf:45:43:7d:6e:27:4f:fd:
         57:91:3d:9d:d9:1b:63:22:70:31:6d:b7:ec:17:63:5b:06:44:
         cc:c4:ef:42:cf:51:1a:ff:bb:ac:b9:c5:3e:58:32:6f:71:e6:
         2a:00:e5:3d:fd:6f:93:84:04:b1:2d:78:d5:37:f0:29:4a:94:
         53:dc:37:77:ed:ca:73:17:10:02:a2:e8:8d:f1:84:a1:6d:93:
         c5:fb:9d:d5:b5:04:3a:42:01:50:d0:ff:2b:36:b9:05:d7:00:
         84:1f:d7:20:28:d1:a0:50:a8:20:30:2c:c9:79:a7:93:1f:3d:
         f5:7c:30:84:8c:79:b6:24:4a:3f:48:52:ca:56:5c:98:81:e6:
         02:ff:fe:74:1a:0f:b0:62:4a:f8:0e:f4:65:60:e7:fb:cc:c5:
         42:35:2a:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gLcr+Ah80lApc6OD5+hWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjYwMTAyMDIxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDMwYjZkYjcxZWI2OTU1MTBiMjRkNDI3ODlhMjNkYmI1Yjg1MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45GsbMTzWkz7s87JNZehCWW/ZAIx
xKYxcU5ufJhmcM2ckD/UbVDQii2scZN3J1rXCAF5Qs2Jtq5P1JGQJJLUoI+lBlSn
DwZ9a5ssDjVrvE8Q1uHalSG4FsIxbbAG3/7sCvrXJN5v+CYtUgglppgiKtm6YbYk
icTKta5Xy7mayGvVNmelxXTVrieUFCE2JnKEnP7cDUCOTWcERjiAj6lw5PXDfL8J
y2gr8NprsWLGnN5IWG5PO65K1jWhnBGMHK3LhElfDQcn4yDrBiX7KgDXZlICcx4c
G5KbwOs8LfKUsPwAaPUJURs4OCajptm5ue+UK44P3O8MfldFhC6nAawDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQwtttx62lVELJNQniaI9u1uFL3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZERDMjIzSHJhVlVRc2sxQ2VKb2oyN1c0VXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCAaMA0G
CSqGSIb3DQEBCwUAA4IBAQBnkm5/I44XTPlzfzI065QLtrU1tohvjil8d8kywrN5
UknxBROUdeKuHmPTGpsqnyRgnNO7a5Xu16o2Qy4fHxcAG9XNkBbNpvcUPl8P0Toj
PFMBi8o9JHbOUL8rZHyHjIz9QueYz0VDfW4nT/1XkT2d2RtjInAxbbfsF2NbBkTM
xO9Cz1Ea/7usucU+WDJvceYqAOU9/W+ThASxLXjVN/ApSpRT3Dd37cpzFxACouiN
8YShbZPF+53VtQQ6QgFQ0P8rNrkF1wCEH9cgKNGgUKggMCzJeaeTHz31fDCEjHm2
JEo/SFLKVlyYgeYC//50Gg+wYkr4DvRlYOf7zMVCNSo5
-----END CERTIFICATE-----